Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report dxEOMYaOtV.exe

Overview

General Information

Sample Name:dxEOMYaOtV.exe
Analysis ID:534013
MD5:a20a44e2add8f2ee2434258a20ac815e
SHA1:bf2886c5bda80c2cc1a1a8d3d270f3e82f3f39b9
SHA256:87b9a82fa05019692e89dc944a4fe1ab669d1c844abfd509c7e3648a024d4a73
Tags:exenjratRAT
Infos:

Most interesting Screenshot:

Errors
  • Sigma runtime error: Invalid condition: all of selection* Rule: Conti Backup Database
  • Sigma runtime error: Invalid condition: all of selection* Rule: Stop Or Remove Antivirus Service
  • Sigma runtime error: Invalid condition: all of selection* Rule: Conti Volume Shadow Listing
  • Sigma runtime error: Invalid condition: all of selection* Rule: Compress Data and Lock With Password for Exfiltration With 7-ZIP
  • Sigma runtime error: Invalid condition: all of selection* Rule: Disable or Delete Windows Eventlog
  • Sigma runtime error: Invalid condition: all of selection* Rule: PowerShell SAM Copy
  • Sigma runtime error: Invalid condition: all of selection* Rule: Compress Data and Lock With Password for Exfiltration With WINZIP

Detection

Njrat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Njrat
Antivirus / Scanner detection for submitted sample
Uses netsh to modify the Windows network and firewall settings
Machine Learning detection for sample
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Modifies the windows firewall
Contains functionality to spread to USB devices (.Net source)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
May infect USB drives
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Abnormal high CPU Usage
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Creates a window with clipboard capturing capabilities
Sigma detected: Netsh Port or Application Allowed

Classification

Process Tree

  • System is w10x64
  • dxEOMYaOtV.exe (PID: 7008 cmdline: "C:\Users\user\Desktop\dxEOMYaOtV.exe" MD5: A20A44E2ADD8F2EE2434258A20AC815E)
    • netsh.exe (PID: 7096 cmdline: netsh firewall add allowedprogram "C:\Users\user\Desktop\dxEOMYaOtV.exe" "dxEOMYaOtV.exe" ENABLE MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)
      • conhost.exe (PID: 7108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: Njrat

{"Campaign ID": "HacKed", "Version": "0.7d", "Install Name": "3f0e7e396c4b65a76b6471f1f9d6d90a", "Install Dir": "Adobe Update", "Registry Value": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Host": "SoftwareMicrosoftWindowsCurrentVersionRun", "Port": "NDQz", "Network Seprator": "|'|'|"}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
dxEOMYaOtV.exeMAL_Winnti_Sample_May18_1Detects malware sample from Burning Umbrella report - Generic Winnti RuleFlorian Roth
  • 0x13292:$s1: wireshark
  • 0x1325c:$s2: procexp
dxEOMYaOtV.exeCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
  • 0x15ca9:$x1: cmd.exe /c ping 0 -n 2 & del "
  • 0x137c2:$s1: winmgmts:\\.\root\SecurityCenter2
  • 0x15717:$s3: Executed As
  • 0x124f0:$s5: Stub.exe
  • 0x156f9:$s6: Download ERROR
  • 0x13784:$s8: Select * From AntiVirusProduct
dxEOMYaOtV.exeJoeSecurity_NjratYara detected NjratJoe Security
    dxEOMYaOtV.exeNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
    • 0x15a57:$reg: SEE_MASK_NOZONECHECKS
    • 0x156dd:$msg: Execute ERROR
    • 0x15731:$msg: Execute ERROR
    • 0x15ca9:$ping: cmd.exe /c ping 0 -n 2 & del

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1182843286.00000000003B2000.00000002.00020000.sdmpJoeSecurity_NjratYara detected NjratJoe Security
      00000000.00000002.1182843286.00000000003B2000.00000002.00020000.sdmpNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
      • 0x15857:$reg: SEE_MASK_NOZONECHECKS
      • 0x154dd:$msg: Execute ERROR
      • 0x15531:$msg: Execute ERROR
      • 0x15aa9:$ping: cmd.exe /c ping 0 -n 2 & del
      00000000.00000000.656185698.00000000003B2000.00000002.00020000.sdmpJoeSecurity_NjratYara detected NjratJoe Security
        00000000.00000000.656185698.00000000003B2000.00000002.00020000.sdmpNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
        • 0x15857:$reg: SEE_MASK_NOZONECHECKS
        • 0x154dd:$msg: Execute ERROR
        • 0x15531:$msg: Execute ERROR
        • 0x15aa9:$ping: cmd.exe /c ping 0 -n 2 & del
        00000000.00000002.1183435675.00000000029B1000.00000004.00000001.sdmpJoeSecurity_NjratYara detected NjratJoe Security
          Click to see the 1 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.0.dxEOMYaOtV.exe.3b0000.0.unpackMAL_Winnti_Sample_May18_1Detects malware sample from Burning Umbrella report - Generic Winnti RuleFlorian Roth
          • 0x13292:$s1: wireshark
          • 0x1325c:$s2: procexp
          0.0.dxEOMYaOtV.exe.3b0000.0.unpackCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
          • 0x15ca9:$x1: cmd.exe /c ping 0 -n 2 & del "
          • 0x137c2:$s1: winmgmts:\\.\root\SecurityCenter2
          • 0x15717:$s3: Executed As
          • 0x124f0:$s5: Stub.exe
          • 0x156f9:$s6: Download ERROR
          • 0x13784:$s8: Select * From AntiVirusProduct
          0.0.dxEOMYaOtV.exe.3b0000.0.unpackJoeSecurity_NjratYara detected NjratJoe Security
            0.0.dxEOMYaOtV.exe.3b0000.0.unpackNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
            • 0x15a57:$reg: SEE_MASK_NOZONECHECKS
            • 0x156dd:$msg: Execute ERROR
            • 0x15731:$msg: Execute ERROR
            • 0x15ca9:$ping: cmd.exe /c ping 0 -n 2 & del
            0.2.dxEOMYaOtV.exe.3b0000.0.unpackMAL_Winnti_Sample_May18_1Detects malware sample from Burning Umbrella report - Generic Winnti RuleFlorian Roth
            • 0x13292:$s1: wireshark
            • 0x1325c:$s2: procexp
            Click to see the 3 entries

            Sigma Overview

            System Summary:

            barindex
            Sigma detected: Netsh Port or Application AllowedShow sources
            Source: Process startedAuthor: Markus Neis, Sander Wiebing: Data: Command: netsh firewall add allowedprogram "C:\Users\user\Desktop\dxEOMYaOtV.exe" "dxEOMYaOtV.exe" ENABLE, CommandLine: netsh firewall add allowedprogram "C:\Users\user\Desktop\dxEOMYaOtV.exe" "dxEOMYaOtV.exe" ENABLE, CommandLine|base64offset|contains: l, Image: C:\Windows\SysWOW64\netsh.exe, NewProcessName: C:\Windows\SysWOW64\netsh.exe, OriginalFileName: C:\Windows\SysWOW64\netsh.exe, ParentCommandLine: "C:\Users\user\Desktop\dxEOMYaOtV.exe" , ParentImage: C:\Users\user\Desktop\dxEOMYaOtV.exe, ParentProcessId: 7008, ProcessCommandLine: netsh firewall add allowedprogram "C:\Users\user\Desktop\dxEOMYaOtV.exe" "dxEOMYaOtV.exe" ENABLE, ProcessId: 7096

            Jbx Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Found malware configurationShow sources
            Source: 0.2.dxEOMYaOtV.exe.3b0000.0.unpackMalware Configuration Extractor: Njrat {"Campaign ID": "HacKed", "Version": "0.7d", "Install Name": "3f0e7e396c4b65a76b6471f1f9d6d90a", "Install Dir": "Adobe Update", "Registry Value": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Host": "SoftwareMicrosoftWindowsCurrentVersionRun", "Port": "NDQz", "Network Seprator": "|'|'|"}
            Multi AV Scanner detection for submitted fileShow sources
            Source: dxEOMYaOtV.exeVirustotal: Detection: 66%Perma Link
            Source: dxEOMYaOtV.exeReversingLabs: Detection: 92%
            Yara detected NjratShow sources
            Source: Yara matchFile source: dxEOMYaOtV.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.1182843286.00000000003B2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000000.656185698.00000000003B2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1183435675.00000000029B1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: dxEOMYaOtV.exe PID: 7008, type: MEMORYSTR
            Antivirus / Scanner detection for submitted sampleShow sources
            Source: dxEOMYaOtV.exeAvira: detected
            Machine Learning detection for sampleShow sources
            Source: dxEOMYaOtV.exeJoe Sandbox ML: detected
            Source: 0.2.dxEOMYaOtV.exe.3b0000.0.unpackAvira: Label: TR/Dropper.Gen
            Source: 0.0.dxEOMYaOtV.exe.3b0000.0.unpackAvira: Label: TR/Dropper.Gen
            Source: dxEOMYaOtV.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
            Source: dxEOMYaOtV.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

            Spreading:

            barindex
            Contains functionality to spread to USB devices (.Net source)Show sources
            Source: 0.2.dxEOMYaOtV.exe.3b0000.0.unpack, Usb1.cs.Net Code: infect
            Source: 0.0.dxEOMYaOtV.exe.3b0000.0.unpack, Usb1.cs.Net Code: infect
            Source: dxEOMYaOtV.exeBinary or memory string: [autorun]
            Source: dxEOMYaOtV.exeBinary or memory string: \autorun.inf
            Source: dxEOMYaOtV.exeBinary or memory string: autorun.inf
            Source: dxEOMYaOtV.exe, 00000000.00000002.1182843286.00000000003B2000.00000002.00020000.sdmpBinary or memory string: \autorun.inf
            Source: dxEOMYaOtV.exe, 00000000.00000002.1182843286.00000000003B2000.00000002.00020000.sdmpBinary or memory string: [autorun]
            Source: dxEOMYaOtV.exe, 00000000.00000002.1182843286.00000000003B2000.00000002.00020000.sdmpBinary or memory string: autorun.inf
            Source: dxEOMYaOtV.exeBinary or memory string: \autorun.inf
            Source: dxEOMYaOtV.exeBinary or memory string: [autorun]
            Source: dxEOMYaOtV.exeBinary or memory string: autorun.inf

            Networking:

            barindex
            C2 URLs / IPs found in malware configurationShow sources
            Source: Malware configuration extractorURLs: SoftwareMicrosoftWindowsCurrentVersionRun
            Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
            Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
            Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
            Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
            Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
            Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
            Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
            Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
            Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
            Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
            Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
            Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
            Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
            Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
            Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
            Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
            Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
            Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
            Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
            Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
            Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
            Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
            Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: unknownTCP traffic detected without corresponding DNS query: 109.123.118.63
            Source: dxEOMYaOtV.exe, 00000000.00000002.1183036542.00000000009AB000.00000004.00000020.sdmpString found in binary or memory: http://go.microsoft.
            Source: dxEOMYaOtV.exe, 00000000.00000002.1183036542.00000000009AB000.00000004.00000020.sdmpString found in binary or memory: http://go.microsoft.LinkId=42127
            Source: dxEOMYaOtV.exe, 00000000.00000002.1183015023.000000000097A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

            E-Banking Fraud:

            barindex
            Yara detected NjratShow sources
            Source: Yara matchFile source: dxEOMYaOtV.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.1182843286.00000000003B2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000000.656185698.00000000003B2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1183435675.00000000029B1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: dxEOMYaOtV.exe PID: 7008, type: MEMORYSTR

            System Summary:

            barindex
            Malicious sample detected (through community Yara rule)Show sources
            Source: dxEOMYaOtV.exe, type: SAMPLEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
            Source: dxEOMYaOtV.exe, type: SAMPLEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: 0.0.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
            Source: 0.0.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: 0.2.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
            Source: 0.2.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000002.1182843286.00000000003B2000.00000002.00020000.sdmp, type: MEMORYMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000000.656185698.00000000003B2000.00000002.00020000.sdmp, type: MEMORYMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: dxEOMYaOtV.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
            Source: dxEOMYaOtV.exe, type: SAMPLEMatched rule: MAL_Winnti_Sample_May18_1 date = 2018-05-04, hash1 = 528d9eaaac67716e6b37dd562770190318c8766fa1b2f33c0974f7d5f6725d41, author = Florian Roth, description = Detects malware sample from Burning Umbrella report - Generic Winnti Rule, reference = https://401trg.pw/burning-umbrella/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: dxEOMYaOtV.exe, type: SAMPLEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: dxEOMYaOtV.exe, type: SAMPLEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: 0.0.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Winnti_Sample_May18_1 date = 2018-05-04, hash1 = 528d9eaaac67716e6b37dd562770190318c8766fa1b2f33c0974f7d5f6725d41, author = Florian Roth, description = Detects malware sample from Burning Umbrella report - Generic Winnti Rule, reference = https://401trg.pw/burning-umbrella/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 0.0.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 0.0.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: 0.2.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Winnti_Sample_May18_1 date = 2018-05-04, hash1 = 528d9eaaac67716e6b37dd562770190318c8766fa1b2f33c0974f7d5f6725d41, author = Florian Roth, description = Detects malware sample from Burning Umbrella report - Generic Winnti Rule, reference = https://401trg.pw/burning-umbrella/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 0.2.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 0.2.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: 00000000.00000002.1182843286.00000000003B2000.00000002.00020000.sdmp, type: MEMORYMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: 00000000.00000000.656185698.00000000003B2000.00000002.00020000.sdmp, type: MEMORYMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeCode function: 0_2_00B724780_2_00B72478
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeCode function: 0_2_04B642980_2_04B64298
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeCode function: 0_2_04B6428F0_2_04B6428F
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess Stats: CPU usage > 98%
            Source: dxEOMYaOtV.exe, 00000000.00000002.1183015023.000000000097A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs dxEOMYaOtV.exe
            Source: dxEOMYaOtV.exeVirustotal: Detection: 66%
            Source: dxEOMYaOtV.exeReversingLabs: Detection: 92%
            Source: dxEOMYaOtV.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\dxEOMYaOtV.exe "C:\Users\user\Desktop\dxEOMYaOtV.exe"
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\dxEOMYaOtV.exe" "dxEOMYaOtV.exe" ENABLE
            Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\dxEOMYaOtV.exe" "dxEOMYaOtV.exe" ENABLEJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeCode function: 0_2_052B23DE AdjustTokenPrivileges,0_2_052B23DE
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeCode function: 0_2_052B23A7 AdjustTokenPrivileges,0_2_052B23A7
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeFile created: C:\Users\user\AppData\Roaming\appJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeFile created: C:\Users\user\AppData\Local\Temp\FransescoPast.txtJump to behavior
            Source: classification engineClassification label: mal100.spre.troj.evad.winEXE@4/2@0/1
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeMutant created: \Sessions\1\BaseNamedObjects\3f0e7e396c4b65a76b6471f1f9d6d90a
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7108:120:WilError_01
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
            Source: dxEOMYaOtV.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: dxEOMYaOtV.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

            Data Obfuscation:

            barindex
            .NET source code contains potential unpackerShow sources
            Source: dxEOMYaOtV.exe, Stub/Fransesco.cs.Net Code: Plugin System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: 0.2.dxEOMYaOtV.exe.3b0000.0.unpack, Stub/Fransesco.cs.Net Code: Plugin System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: 0.0.dxEOMYaOtV.exe.3b0000.0.unpack, Stub/Fransesco.cs.Net Code: Plugin System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exe TID: 7060Thread sleep count: 1811 > 30Jump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exe TID: 7060Thread sleep time: -181100s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeWindow / User API: threadDelayed 1811Jump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeWindow / User API: foregroundWindowGot 997Jump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeWindow / User API: foregroundWindowGot 500Jump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeWindow / User API: foregroundWindowGot 498Jump to behavior
            Source: dxEOMYaOtV.exe, 00000000.00000002.1183036542.00000000009AB000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineOnly"/>
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeMemory allocated: page read and write | page guardJump to behavior
            Source: dxEOMYaOtV.exeBinary or memory string: Shell_traywnd+MostrarBarraDeTarefas
            Source: dxEOMYaOtV.exe, 00000000.00000002.1183552920.0000000002A93000.00000004.00000001.sdmp, dxEOMYaOtV.exe, 00000000.00000002.1184101682.0000000004D0B000.00000004.00000010.sdmp, dxEOMYaOtV.exe, 00000000.00000002.1183969540.0000000002EA0000.00000004.00000001.sdmp, dxEOMYaOtV.exe, 00000000.00000002.1183435675.00000000029B1000.00000004.00000001.sdmp, dxEOMYaOtV.exe, 00000000.00000002.1183302082.0000000001080000.00000002.00020000.sdmpBinary or memory string: Program Manager
            Source: dxEOMYaOtV.exe, 00000000.00000002.1184101682.0000000004D0B000.00000004.00000010.sdmpBinary or memory string: C rdProgram Manager
            Source: dxEOMYaOtV.exeBinary or memory string: Shell_TrayWnd
            Source: dxEOMYaOtV.exeBinary or memory string: ProgMan
            Source: dxEOMYaOtV.exe, 00000000.00000002.1183302082.0000000001080000.00000002.00020000.sdmpBinary or memory string: Progman
            Source: dxEOMYaOtV.exe, 00000000.00000002.1183302082.0000000001080000.00000002.00020000.sdmpBinary or memory string: Progmanlock
            Source: dxEOMYaOtV.exe, 00000000.00000002.1183552920.0000000002A93000.00000004.00000001.sdmp, dxEOMYaOtV.exe, 00000000.00000002.1183969540.0000000002EA0000.00000004.00000001.sdmp, dxEOMYaOtV.exe, 00000000.00000002.1183435675.00000000029B1000.00000004.00000001.sdmpBinary or memory string: qedProgram Manager
            Source: dxEOMYaOtV.exeBinary or memory string: Shell_traywnd
            Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeCode function: 0_2_00B7A72E GetUserNameW,0_2_00B7A72E

            Lowering of HIPS / PFW / Operating System Security Settings:

            barindex
            Uses netsh to modify the Windows network and firewall settingsShow sources
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\dxEOMYaOtV.exe" "dxEOMYaOtV.exe" ENABLE
            Modifies the windows firewallShow sources
            Source: C:\Users\user\Desktop\dxEOMYaOtV.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\dxEOMYaOtV.exe" "dxEOMYaOtV.exe" ENABLE

            Stealing of Sensitive Information:

            barindex
            Yara detected NjratShow sources
            Source: Yara matchFile source: dxEOMYaOtV.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.1182843286.00000000003B2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000000.656185698.00000000003B2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1183435675.00000000029B1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: dxEOMYaOtV.exe PID: 7008, type: MEMORYSTR

            Remote Access Functionality:

            barindex
            Yara detected NjratShow sources
            Source: Yara matchFile source: dxEOMYaOtV.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.dxEOMYaOtV.exe.3b0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.1182843286.00000000003B2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000000.656185698.00000000003B2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1183435675.00000000029B1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: dxEOMYaOtV.exe PID: 7008, type: MEMORYSTR

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Replication Through Removable Media11Windows Management InstrumentationPath InterceptionAccess Token Manipulation1Masquerading1Input Capture1Security Software Discovery1Replication Through Removable Media11Input Capture1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection2Virtualization/Sandbox Evasion1LSASS MemoryVirtualization/Sandbox Evasion1Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothApplication Layer Protocol11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools21Security Account ManagerProcess Discovery1SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Access Token Manipulation1NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection2LSA SecretsPeripheral Device Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing11Cached Domain CredentialsAccount Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Owner/User Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery12Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            dxEOMYaOtV.exe66%VirustotalBrowse
            dxEOMYaOtV.exe93%ReversingLabsByteCode-MSIL.Backdoor.Bladabhindi
            dxEOMYaOtV.exe100%AviraTR/Dropper.Gen
            dxEOMYaOtV.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            0.2.dxEOMYaOtV.exe.3b0000.0.unpack100%AviraTR/Dropper.GenDownload File
            0.0.dxEOMYaOtV.exe.3b0000.0.unpack100%AviraTR/Dropper.GenDownload File

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://go.microsoft.0%URL Reputationsafe
            http://go.microsoft.LinkId=421270%Avira URL Cloudsafe
            SoftwareMicrosoftWindowsCurrentVersionRun0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            SoftwareMicrosoftWindowsCurrentVersionRuntrue
            • Avira URL Cloud: safe
            		low

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://go.microsoft.dxEOMYaOtV.exe, 00000000.00000002.1183036542.00000000009AB000.00000004.00000020.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://go.microsoft.LinkId=42127dxEOMYaOtV.exe, 00000000.00000002.1183036542.00000000009AB000.00000004.00000020.sdmpfalse
            • Avira URL Cloud: safe
            		low

            Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public

            IPDomainCountryFlagASNASN NameMalicious
            109.123.118.63
            		unknownUnited Kingdom
            		13213UK2NET-ASGBfalse

            General Information

            Joe Sandbox Version:34.0.0 Boulder Opal
            Analysis ID:534013
            Start date:05.12.2021
            Start time:00:29:26
            Joe Sandbox Product:CloudBasic
            Overall analysis duration:0h 7m 25s
            Hypervisor based Inspection enabled:false
            Report type:full
            Sample file name:dxEOMYaOtV.exe
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
            Number of analysed new started processes analysed:17
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • HDC enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal100.spre.troj.evad.winEXE@4/2@0/1
            EGA Information:Failed
            HDC Information:
            • Successful, ratio: 2.3% (good quality ratio 1.2%)
            • Quality average: 36.6%
            • Quality standard deviation: 35.4%
            HCA Information:
            • Successful, ratio: 98%
            • Number of executed functions: 119
            • Number of non-executed functions: 0
            Cookbook Comments:
            • Adjust boot time
            • Enable AMSI
            • Found application associated with file extension: .exe
            • Override analysis time to 240s for sample files taking high CPU consumption
            Warnings:
            Show All
            • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
            • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, store-images.s-microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
            • Not all processes where analyzed, report is missing behavior information
            Errors:
            • Sigma runtime error: Invalid condition: all of selection* Rule: Conti Backup Database
            • Sigma runtime error: Invalid condition: all of selection* Rule: Stop Or Remove Antivirus Service
            • Sigma runtime error: Invalid condition: all of selection* Rule: Conti Volume Shadow Listing
            • Sigma runtime error: Invalid condition: all of selection* Rule: Compress Data and Lock With Password for Exfiltration With 7-ZIP
            • Sigma runtime error: Invalid condition: all of selection* Rule: Disable or Delete Windows Eventlog
            • Sigma runtime error: Invalid condition: all of selection* Rule: PowerShell SAM Copy
            • Sigma runtime error: Invalid condition: all of selection* Rule: Compress Data and Lock With Password for Exfiltration With WINZIP

            Simulations

            Behavior and APIs

            No simulations

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASN

            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            UK2NET-ASGBiEChGuO0Wy.exeGet hashmaliciousBrowse
            • 37.123.118.150
            ZDSWrJbftX.exeGet hashmaliciousBrowse
            • 37.123.118.150
            Purchase Order.exeGet hashmaliciousBrowse
            • 37.123.118.150
            Invoice.exeGet hashmaliciousBrowse
            • 37.123.118.150
            Poh Tiong Trading - products list.exeGet hashmaliciousBrowse
            • 37.123.118.150
            yMznKPLZVR.exeGet hashmaliciousBrowse
            • 37.123.118.150
            REMITTANCE ADVICE.xlsxGet hashmaliciousBrowse
            • 37.123.118.150
            REMITTANCE ADVICE.xlsxGet hashmaliciousBrowse
            • 37.123.118.150
            ENQ 6205009033-6000003867.exeGet hashmaliciousBrowse
            • 37.123.118.150
            77isbA5bpi.exeGet hashmaliciousBrowse
            • 37.123.118.150
            RTfEx2KIxuGet hashmaliciousBrowse
            • 77.92.90.80
            OlHeE02x0N.exeGet hashmaliciousBrowse
            • 37.123.118.150
            TT COPY_02101011.exeGet hashmaliciousBrowse
            • 37.123.118.150
            XKLyPH8fil.exeGet hashmaliciousBrowse
            • 37.123.118.150
            Citation-HEQ211025001T-EXPP v4,pdf.exeGet hashmaliciousBrowse
            • 37.123.118.150
            VSL_MV SEA-BLUE SHIP OWNERS.exeGet hashmaliciousBrowse
            • 37.123.118.150
            Order.exeGet hashmaliciousBrowse
            • 37.123.118.150
            New Offer.exeGet hashmaliciousBrowse
            • 37.123.118.150
            202111161629639000582.exeGet hashmaliciousBrowse
            • 37.123.118.150
            vGULtWc6Jh.exeGet hashmaliciousBrowse
            • 37.123.118.150

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\Roaming\app
            Process:C:\Users\user\Desktop\dxEOMYaOtV.exe
            File Type:UTF-8 Unicode (with BOM) text, with no line terminators
            Category:dropped
            Size (bytes):4
            Entropy (8bit):2.0
            Encrypted:false
            SSDEEP:3:V:V
            MD5:C6BDBC9D86009CCF7E8DE878C9603213
            SHA1:2A4B8716F978F2D107BCD8294B486A5EE45AFE6E
            SHA-256:36A067FDFCEE95EB270F0B72E3B9E40D52C907D749FB9A8490D82F8EE56B29EB
            SHA-512:C42A52CD8837E2533B3D5EC97639F0C94287E3D7A6C73635C21DF50EBA8483B60DF15BF262A308836875CD9AFED504E7F98A2F6B254E4181FE548B1853D42256
            Malicious:false
            Reputation:low
            Preview: .5
            \Device\ConDrv
            Process:C:\Windows\SysWOW64\netsh.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):313
            Entropy (8bit):4.971939296804078
            Encrypted:false
            SSDEEP:6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha
            MD5:689E2126A85BF55121488295EE068FA1
            SHA1:09BAAA253A49D80C18326DFBCA106551EBF22DD6
            SHA-256:D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
            SHA-512:C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C
            Malicious:false
            Reputation:high, very likely benign file
            Preview: ..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .....Ok.....

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Entropy (8bit):5.567952442278428
            TrID:
            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            • Win32 Executable (generic) a (10002005/4) 49.75%
            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
            • Windows Screen Saver (13104/52) 0.07%
            • Generic Win/DOS Executable (2004/3) 0.01%
            File name:dxEOMYaOtV.exe
            File size:95232
            MD5:a20a44e2add8f2ee2434258a20ac815e
            SHA1:bf2886c5bda80c2cc1a1a8d3d270f3e82f3f39b9
            SHA256:87b9a82fa05019692e89dc944a4fe1ab669d1c844abfd509c7e3648a024d4a73
            SHA512:ebb8b81d74aaf9475f64a23116da3d62497a6c92f6a7ac33fdcb7895e0aab6419c86ab92e104dc66cfc13a5bd0faa104fb3a997ce7bcfd0044e2ad3d25273e36
            SSDEEP:1536:RUXTr1IDavlZhbSKa9YdjEwzGi1dDyD6gS:RUXSDavlZIXmqi1dk/
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....!.a.................p............... ........@.. ....................................@................................

            File Icon

            Icon Hash:00828e8e8686b000

            Static PE Info

            General

            Entrypoint:0x418f2e
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Time Stamp:0x61A921A0 [Thu Dec 2 19:42:24 2021 UTC]
            TLS Callbacks:
            CLR (.Net) Version:v2.0.50727
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

            Entrypoint Preview

            Instruction
            jmp dword ptr [00402000h]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x18ed80x53.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1a0000xc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000x16f340x17000False0.368089758832data5.59964154951IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            .reloc0x1a0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Imports

            DLLImport
            mscoree.dll_CorExeMain

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Dec 5, 2021 00:30:28.051211119 CET49764443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:28.051249027 CET44349764109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:28.051323891 CET49764443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:28.282568932 CET49764443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:28.282613993 CET44349764109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:28.282705069 CET44349764109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:30.290872097 CET49765443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:30.290950060 CET44349765109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:30.291079044 CET49765443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:30.292226076 CET49765443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:30.292262077 CET44349765109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:30.292335033 CET44349765109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:32.307003975 CET49766443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:32.307065010 CET44349766109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:32.307214022 CET49766443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:32.308785915 CET49766443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:32.308821917 CET44349766109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:32.308876991 CET44349766109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:34.354434013 CET49767443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:34.354479074 CET44349767109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:34.354573011 CET49767443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:34.355950117 CET49767443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:34.355978012 CET44349767109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:34.356045961 CET44349767109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:36.465723038 CET49768443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:36.465790033 CET44349768109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:36.465889931 CET49768443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:36.466759920 CET49768443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:36.466789007 CET44349768109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:36.466886044 CET44349768109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:38.479134083 CET49769443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:38.479182005 CET44349769109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:38.479335070 CET49769443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:38.481561899 CET49769443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:38.481578112 CET44349769109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:38.481667042 CET44349769109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:40.495225906 CET49770443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:40.495274067 CET44349770109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:40.495368958 CET49770443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:40.496953011 CET49770443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:40.496970892 CET44349770109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:40.497047901 CET44349770109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:42.510999918 CET49771443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:42.511065006 CET44349771109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:42.511161089 CET49771443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:42.512016058 CET49771443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:42.512041092 CET44349771109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:42.512113094 CET44349771109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:44.525800943 CET49772443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:44.525851011 CET44349772109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:44.525952101 CET49772443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:44.526917934 CET49772443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:44.526936054 CET44349772109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:44.526997089 CET44349772109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:46.553313971 CET49773443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:46.553364038 CET44349773109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:46.553448915 CET49773443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:46.554281950 CET49773443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:46.554296970 CET44349773109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:46.554372072 CET44349773109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:46.554568052 CET49773443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:46.554583073 CET44349773109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:48.570416927 CET49774443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:48.570487022 CET44349774109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:48.570611954 CET49774443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:48.572103977 CET49774443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:48.572127104 CET44349774109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:48.572212934 CET44349774109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:50.588819981 CET49777443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:50.588891983 CET44349777109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:50.588983059 CET49777443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:50.589863062 CET49777443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:50.589890003 CET44349777109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:50.589975119 CET44349777109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:52.604760885 CET49778443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:52.604837894 CET44349778109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:52.605140924 CET49778443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:52.606569052 CET49778443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:52.606606007 CET44349778109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:52.606647968 CET44349778109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:54.620657921 CET49779443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:54.620702028 CET44349779109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:54.620773077 CET49779443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:54.621716022 CET49779443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:54.621737003 CET44349779109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:54.621789932 CET44349779109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:56.636663914 CET49780443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:56.636735916 CET44349780109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:56.636835098 CET49780443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:56.638216019 CET49780443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:56.638240099 CET44349780109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:56.638307095 CET44349780109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:58.652590036 CET49781443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:58.652652025 CET44349781109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:58.652776003 CET49781443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:58.654016972 CET49781443192.168.2.4109.123.118.63
            Dec 5, 2021 00:30:58.654047012 CET44349781109.123.118.63192.168.2.4
            Dec 5, 2021 00:30:58.654145956 CET44349781109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:00.669383049 CET49782443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:00.669451952 CET44349782109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:00.669828892 CET49782443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:00.670806885 CET49782443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:00.670835972 CET44349782109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:00.670913935 CET44349782109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:02.684103012 CET49783443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:02.684155941 CET44349783109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:02.684228897 CET49783443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:02.685132980 CET49783443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:02.685149908 CET44349783109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:02.685410976 CET49783443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:02.685432911 CET44349783109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:02.685679913 CET44349783109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:04.700665951 CET49784443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:04.700702906 CET44349784109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:04.700795889 CET49784443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:04.702296972 CET49784443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:04.702317953 CET44349784109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:04.702394962 CET44349784109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:06.715805054 CET49785443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:06.715850115 CET44349785109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:06.717456102 CET49785443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:06.718487978 CET49785443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:06.718499899 CET44349785109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:06.718535900 CET44349785109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:08.783420086 CET49787443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:08.783483028 CET44349787109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:08.783562899 CET49787443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:08.784446955 CET49787443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:08.784471989 CET44349787109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:08.784550905 CET44349787109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:10.795939922 CET49788443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:10.795988083 CET44349788109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:10.796124935 CET49788443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:10.797024965 CET49788443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:10.797040939 CET44349788109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:10.797096014 CET44349788109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:12.810611010 CET49789443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:12.810672998 CET44349789109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:12.810760021 CET49789443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:12.813463926 CET49789443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:12.813498974 CET44349789109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:12.813601971 CET44349789109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:14.825187922 CET49790443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:14.825236082 CET44349790109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:14.825319052 CET49790443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:14.826169968 CET49790443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:14.826189041 CET44349790109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:14.826262951 CET44349790109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:16.841125965 CET49791443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:16.841167927 CET44349791109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:16.841265917 CET49791443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:16.842184067 CET49791443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:16.842196941 CET44349791109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:16.842288971 CET44349791109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:18.857060909 CET49792443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:18.857129097 CET44349792109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:18.857424021 CET49792443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:18.858299971 CET49792443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:18.858324051 CET44349792109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:18.858382940 CET44349792109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:20.876112938 CET49793443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:20.876153946 CET44349793109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:20.876234055 CET49793443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:20.877582073 CET49793443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:20.877595901 CET44349793109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:20.877633095 CET44349793109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:22.893292904 CET49794443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:22.893361092 CET44349794109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:22.893476009 CET49794443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:22.894396067 CET49794443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:22.894419909 CET44349794109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:22.894483089 CET44349794109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:24.944858074 CET49795443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:24.944920063 CET44349795109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:24.945050955 CET49795443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:24.945976019 CET49795443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:24.946000099 CET44349795109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:24.946073055 CET44349795109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:27.112006903 CET49796443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:27.112066984 CET44349796109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:27.112183094 CET49796443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:27.113245964 CET49796443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:27.113271952 CET44349796109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:27.113369942 CET44349796109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:29.123588085 CET49799443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:29.123657942 CET44349799109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:29.123898029 CET49799443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:29.125243902 CET49799443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:29.125272989 CET44349799109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:29.125372887 CET44349799109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:31.139194012 CET49800443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:31.139239073 CET44349800109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:31.139328957 CET49800443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:31.140291929 CET49800443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:31.140321016 CET44349800109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:31.140414953 CET44349800109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:31.140727997 CET49800443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:31.140750885 CET44349800109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:33.155282021 CET49801443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:33.155319929 CET44349801109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:33.155395985 CET49801443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:33.156402111 CET49801443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:33.156414986 CET44349801109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:33.156449080 CET44349801109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:35.171142101 CET49802443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:35.171202898 CET44349802109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:35.171614885 CET49802443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:35.172482014 CET49802443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:35.172516108 CET44349802109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:35.172615051 CET44349802109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:35.172732115 CET49802443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:35.172756910 CET44349802109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:37.186882973 CET49803443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:37.186938047 CET44349803109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:37.187025070 CET49803443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:37.188280106 CET49803443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:37.188333988 CET44349803109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:37.188420057 CET44349803109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:39.202564955 CET49804443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:39.202611923 CET44349804109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:39.202704906 CET49804443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:39.203588963 CET49804443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:39.203603029 CET44349804109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:39.203649998 CET44349804109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:41.218355894 CET49805443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:41.218400955 CET44349805109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:41.218564034 CET49805443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:41.219481945 CET49805443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:41.219501019 CET44349805109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:41.219554901 CET44349805109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:43.233968019 CET49811443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:43.234014034 CET44349811109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:43.234735012 CET49811443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:43.235611916 CET49811443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:43.235625029 CET44349811109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:43.235670090 CET44349811109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:45.267322063 CET49812443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:45.267362118 CET44349812109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:45.267441988 CET49812443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:45.269135952 CET49812443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:45.269153118 CET44349812109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:45.269218922 CET49812443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:45.269222975 CET44349812109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:45.269232988 CET44349812109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:47.282047033 CET49813443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:47.282108068 CET44349813109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:47.282207966 CET49813443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:47.283361912 CET49813443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:47.283386946 CET44349813109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:47.283451080 CET44349813109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:49.297791004 CET49814443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:49.297849894 CET44349814109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:49.298010111 CET49814443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:49.298947096 CET49814443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:49.298969030 CET44349814109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:49.299031019 CET44349814109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:51.313498020 CET49816443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:51.313549995 CET44349816109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:51.313628912 CET49816443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:51.314831972 CET49816443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:51.314853907 CET44349816109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:51.314940929 CET44349816109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:53.328844070 CET49817443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:53.328903913 CET44349817109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:53.328996897 CET49817443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:53.330305099 CET49817443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:53.330328941 CET44349817109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:53.330473900 CET44349817109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:55.344624043 CET49818443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:55.344677925 CET44349818109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:55.344763994 CET49818443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:55.345654964 CET49818443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:55.345683098 CET44349818109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:55.345762968 CET44349818109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:55.346015930 CET49818443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:55.346036911 CET44349818109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:57.360786915 CET49819443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:57.360826015 CET44349819109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:57.360888004 CET49819443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:57.361735106 CET49819443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:57.361748934 CET44349819109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:57.361782074 CET44349819109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:59.376375914 CET49820443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:59.376446009 CET44349820109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:59.376545906 CET49820443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:59.377567053 CET49820443192.168.2.4109.123.118.63
            Dec 5, 2021 00:31:59.377589941 CET44349820109.123.118.63192.168.2.4
            Dec 5, 2021 00:31:59.377660990 CET44349820109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:01.392580032 CET49821443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:01.392633915 CET44349821109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:01.393903971 CET49821443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:01.394270897 CET49821443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:01.394280910 CET44349821109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:01.394594908 CET49821443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:01.394606113 CET44349821109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:01.395936966 CET44349821109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:03.407865047 CET49822443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:03.407902002 CET44349822109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:03.408900023 CET49822443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:03.408924103 CET49822443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:03.408929110 CET44349822109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:03.409043074 CET44349822109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:05.423485994 CET49824443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:05.423553944 CET44349824109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:05.423681021 CET49824443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:05.424472094 CET49824443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:05.424499035 CET44349824109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:05.424578905 CET44349824109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:07.443351030 CET49829443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:07.443419933 CET44349829109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:07.443520069 CET49829443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:07.444384098 CET49829443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:07.444411993 CET44349829109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:07.444502115 CET44349829109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:09.456219912 CET49835443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:09.456283092 CET44349835109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:09.456686974 CET49835443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:09.458817959 CET49835443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:09.458847046 CET44349835109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:09.458930969 CET44349835109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:11.470731020 CET49838443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:11.470793009 CET44349838109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:11.470911980 CET49838443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:11.471889019 CET49838443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:11.471913099 CET44349838109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:11.471996069 CET44349838109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:13.784739017 CET49839443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:13.784794092 CET44349839109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:13.784876108 CET49839443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:13.785829067 CET49839443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:13.785856009 CET44349839109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:13.785953999 CET44349839109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:15.800561905 CET49840443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:15.800621033 CET44349840109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:15.800710917 CET49840443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:15.801593065 CET49840443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:15.801619053 CET44349840109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:15.801733017 CET44349840109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:17.815346003 CET49850443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:17.815408945 CET44349850109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:17.815536976 CET49850443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:17.816612959 CET49850443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:17.816643000 CET44349850109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:17.816735029 CET44349850109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:19.830909014 CET49858443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:19.830970049 CET44349858109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:19.831067085 CET49858443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:19.832338095 CET49858443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:19.832365036 CET44349858109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:19.832473993 CET44349858109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:21.846496105 CET49868443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:21.846532106 CET44349868109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:21.846607924 CET49868443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:21.847515106 CET49868443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:21.847531080 CET44349868109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:21.847635031 CET44349868109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:23.862647057 CET49871443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:23.862699032 CET44349871109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:23.862799883 CET49871443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:23.863895893 CET49871443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:23.863909960 CET44349871109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:23.863954067 CET44349871109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:25.878632069 CET49872443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:25.878681898 CET44349872109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:25.878793001 CET49872443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:25.879769087 CET49872443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:25.879786015 CET44349872109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:25.879884005 CET44349872109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:27.894362926 CET49873443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:27.894413948 CET44349873109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:27.894715071 CET49873443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:27.896445036 CET49873443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:27.896491051 CET44349873109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:27.896553040 CET44349873109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:27.896821022 CET49873443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:27.896877050 CET44349873109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:29.913086891 CET49874443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:29.913153887 CET44349874109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:29.913244009 CET49874443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:29.914170027 CET49874443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:29.914201021 CET44349874109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:29.914285898 CET44349874109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:31.935004950 CET49875443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:31.935086966 CET44349875109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:31.935270071 CET49875443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:31.936286926 CET49875443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:31.936319113 CET44349875109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:31.936434984 CET44349875109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:33.941831112 CET49876443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:33.941884995 CET44349876109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:33.942068100 CET49876443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:33.943053007 CET49876443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:33.943068027 CET44349876109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:33.943152905 CET44349876109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:35.957813025 CET49877443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:35.957848072 CET44349877109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:35.958000898 CET49877443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:35.959532976 CET49877443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:35.959563017 CET44349877109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:35.959651947 CET44349877109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:37.973151922 CET49878443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:37.973221064 CET44349878109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:37.973325968 CET49878443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:37.974144936 CET49878443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:37.974169970 CET44349878109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:37.974225998 CET44349878109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:39.990466118 CET49879443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:39.990526915 CET44349879109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:39.990772009 CET49879443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:39.993004084 CET49879443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:39.993021965 CET44349879109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:39.993074894 CET44349879109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:42.004662037 CET49880443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:42.004725933 CET44349880109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:42.004997969 CET49880443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:42.005863905 CET49880443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:42.005892992 CET44349880109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:42.005963087 CET44349880109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:44.021049976 CET49881443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:44.021116018 CET44349881109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:44.021262884 CET49881443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:44.022686005 CET49881443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:44.022711039 CET44349881109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:44.022769928 CET44349881109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:46.036983013 CET49882443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:46.037022114 CET44349882109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:46.037086964 CET49882443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:46.038050890 CET49882443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:46.038069010 CET44349882109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:46.038130999 CET44349882109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:48.052035093 CET49885443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:48.052098036 CET44349885109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:48.052194118 CET49885443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:48.053150892 CET49885443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:48.053189993 CET44349885109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:48.053255081 CET44349885109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:50.067909956 CET49893443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:50.067971945 CET44349893109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:50.068103075 CET49893443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:50.068989992 CET49893443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:50.069015026 CET44349893109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:50.069077969 CET44349893109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:52.084743023 CET49902443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:52.084794998 CET44349902109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:52.084947109 CET49902443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:52.086658001 CET49902443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:52.086694956 CET44349902109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:52.086741924 CET44349902109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:52.087034941 CET49902443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:52.087054014 CET44349902109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:54.108021975 CET49908443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:54.108068943 CET44349908109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:54.108228922 CET49908443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:54.110351086 CET49908443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:54.110373974 CET44349908109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:54.110435963 CET44349908109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:56.116920948 CET49909443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:56.116993904 CET44349909109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:56.117110968 CET49909443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:56.118120909 CET49909443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:56.118149996 CET44349909109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:56.118211031 CET44349909109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:58.131160021 CET49910443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:58.131231070 CET44349910109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:58.131541967 CET49910443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:58.132432938 CET49910443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:58.132463932 CET44349910109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:58.132517099 CET44349910109.123.118.63192.168.2.4
            Dec 5, 2021 00:32:58.132713079 CET49910443192.168.2.4109.123.118.63
            Dec 5, 2021 00:32:58.132736921 CET44349910109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:00.147167921 CET49911443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:00.147238970 CET44349911109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:00.147342920 CET49911443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:00.148704052 CET49911443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:00.148730040 CET44349911109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:00.148808002 CET44349911109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:02.210305929 CET49912443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:02.210390091 CET44349912109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:02.210520983 CET49912443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:02.212208986 CET49912443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:02.212233067 CET44349912109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:02.212305069 CET44349912109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:04.228041887 CET49913443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:04.228091955 CET44349913109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:04.228183985 CET49913443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:04.229384899 CET49913443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:04.229403973 CET44349913109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:04.229760885 CET49913443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:04.229775906 CET44349913109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:04.233042002 CET44349913109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:06.241915941 CET49914443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:06.241966963 CET44349914109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:06.242090940 CET49914443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:06.243627071 CET49914443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:06.243654966 CET44349914109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:06.243712902 CET44349914109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:08.257196903 CET49915443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:08.257260084 CET44349915109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:08.257340908 CET49915443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:08.258963108 CET49915443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:08.258984089 CET44349915109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:08.259040117 CET44349915109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:10.273472071 CET49916443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:10.273546934 CET44349916109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:10.273722887 CET49916443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:10.275069952 CET49916443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:10.275099993 CET44349916109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:10.275175095 CET44349916109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:12.288539886 CET49917443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:12.288609982 CET44349917109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:12.288937092 CET49917443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:12.289891005 CET49917443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:12.289927959 CET44349917109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:12.290024996 CET44349917109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:14.305866003 CET49918443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:14.305922031 CET44349918109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:14.306015968 CET49918443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:14.308005095 CET49918443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:14.308017015 CET44349918109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:14.308078051 CET44349918109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:16.321280003 CET49919443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:16.321322918 CET44349919109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:16.321402073 CET49919443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:16.323092937 CET49919443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:16.323120117 CET44349919109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:16.323200941 CET44349919109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:18.336422920 CET49920443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:18.336460114 CET44349920109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:18.336536884 CET49920443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:18.337460041 CET49920443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:18.337470055 CET44349920109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:18.337558985 CET44349920109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:20.352001905 CET49921443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:20.352066994 CET44349921109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:20.352534056 CET49921443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:20.353420019 CET49921443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:20.353450060 CET44349921109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:20.353585958 CET44349921109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:22.367923021 CET49922443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:22.367990017 CET44349922109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:22.368133068 CET49922443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:22.369323969 CET49922443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:22.369349957 CET44349922109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:22.369585037 CET44349922109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:24.383590937 CET49923443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:24.383670092 CET44349923109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:24.383776903 CET49923443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:24.385075092 CET49923443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:24.385107040 CET44349923109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:24.385173082 CET44349923109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:26.398988962 CET49924443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:26.399034023 CET44349924109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:26.399184942 CET49924443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:26.400093079 CET49924443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:26.400115013 CET44349924109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:26.400170088 CET44349924109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:28.415529013 CET49925443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:28.415566921 CET44349925109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:28.415713072 CET49925443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:28.418404102 CET49925443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:28.418415070 CET44349925109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:28.418448925 CET44349925109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:30.432336092 CET49926443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:30.432380915 CET44349926109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:30.432471991 CET49926443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:30.433964968 CET49926443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:30.433984041 CET44349926109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:30.434063911 CET44349926109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:32.446934938 CET49927443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:32.446986914 CET44349927109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:32.447968960 CET49927443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:32.448563099 CET49927443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:32.448585033 CET44349927109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:32.448651075 CET44349927109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:34.462277889 CET49928443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:34.462321043 CET44349928109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:34.462425947 CET49928443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:34.463465929 CET49928443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:34.463479996 CET44349928109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:34.463529110 CET44349928109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:36.478344917 CET49929443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:36.478445053 CET44349929109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:36.478760958 CET49929443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:36.479696989 CET49929443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:36.479737043 CET44349929109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:36.479831934 CET44349929109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:38.495465994 CET49930443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:38.495516062 CET44349930109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:38.495659113 CET49930443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:38.497358084 CET49930443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:38.497384071 CET44349930109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:38.497458935 CET44349930109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:40.510921001 CET49931443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:40.511003017 CET44349931109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:40.511231899 CET49931443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:40.512558937 CET49931443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:40.512578964 CET44349931109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:40.512698889 CET44349931109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:42.526050091 CET49932443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:42.526093006 CET44349932109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:42.526228905 CET49932443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:42.527934074 CET49932443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:42.527970076 CET44349932109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:42.528017044 CET44349932109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:44.541426897 CET49933443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:44.541487932 CET44349933109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:44.541831970 CET49933443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:44.542807102 CET49933443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:44.542838097 CET44349933109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:44.542910099 CET44349933109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:46.557220936 CET49934443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:46.557295084 CET44349934109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:46.557467937 CET49934443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:46.558504105 CET49934443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:46.558531046 CET44349934109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:46.558631897 CET44349934109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:48.572992086 CET49935443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:48.573039055 CET44349935109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:48.573136091 CET49935443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:48.575139046 CET49935443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:48.575159073 CET44349935109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:48.575212955 CET44349935109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:50.591183901 CET49936443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:50.591262102 CET44349936109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:50.591444969 CET49936443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:50.593717098 CET49936443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:50.593763113 CET44349936109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:50.593858004 CET44349936109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:52.604672909 CET49937443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:52.604734898 CET44349937109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:52.605021954 CET49937443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:52.605858088 CET49937443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:52.605884075 CET44349937109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:52.606000900 CET44349937109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:52.606107950 CET49937443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:52.606129885 CET44349937109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:54.620246887 CET49938443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:54.620292902 CET44349938109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:54.620383024 CET49938443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:54.621354103 CET49938443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:54.621371031 CET44349938109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:54.621426105 CET44349938109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:56.636866093 CET49939443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:56.636907101 CET44349939109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:56.636976004 CET49939443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:56.638590097 CET49939443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:56.638601065 CET44349939109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:56.638643026 CET44349939109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:58.651949883 CET49940443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:58.652007103 CET44349940109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:58.652116060 CET49940443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:58.653587103 CET49940443192.168.2.4109.123.118.63
            Dec 5, 2021 00:33:58.653604984 CET44349940109.123.118.63192.168.2.4
            Dec 5, 2021 00:33:58.653660059 CET44349940109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:00.668184042 CET49941443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:00.668237925 CET44349941109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:00.668363094 CET49941443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:00.669270992 CET49941443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:00.669294119 CET44349941109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:00.669358015 CET44349941109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:02.683476925 CET49942443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:02.683545113 CET44349942109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:02.683695078 CET49942443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:02.685832024 CET49942443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:02.685844898 CET44349942109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:02.685897112 CET44349942109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:04.701138973 CET49943443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:04.701209068 CET44349943109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:04.701356888 CET49943443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:04.702804089 CET49943443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:04.702835083 CET44349943109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:04.702888966 CET44349943109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:06.715698957 CET49944443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:06.715742111 CET44349944109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:06.715847015 CET49944443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:06.716756105 CET49944443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:06.716769934 CET44349944109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:06.716922045 CET44349944109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:08.731749058 CET49945443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:08.731806993 CET44349945109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:08.731897116 CET49945443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:08.732911110 CET49945443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:08.732939959 CET44349945109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:08.732984066 CET44349945109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:10.748423100 CET49946443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:10.748491049 CET44349946109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:10.748716116 CET49946443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:10.749726057 CET49946443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:10.749751091 CET44349946109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:10.749838114 CET44349946109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:10.749999046 CET49946443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:10.750021935 CET44349946109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:12.765350103 CET49947443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:12.765417099 CET44349947109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:12.765547037 CET49947443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:12.767621040 CET49947443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:12.767646074 CET44349947109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:12.767709970 CET44349947109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:14.778480053 CET49948443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:14.778553009 CET44349948109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:14.778644085 CET49948443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:14.779764891 CET49948443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:14.779797077 CET44349948109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:14.779850006 CET44349948109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:16.794022083 CET49949443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:16.794095039 CET44349949109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:16.794179916 CET49949443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:16.795041084 CET49949443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:16.795068979 CET44349949109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:16.795155048 CET44349949109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:18.810693026 CET49950443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:18.810734987 CET44349950109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:18.810873032 CET49950443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:18.812561035 CET49950443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:18.812573910 CET44349950109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:18.812628984 CET44349950109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:20.826872110 CET49951443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:20.826941967 CET44349951109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:20.827089071 CET49951443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:20.829041004 CET49951443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:20.829082966 CET44349951109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:20.829173088 CET44349951109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:22.862947941 CET49952443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:22.862992048 CET44349952109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:22.863070965 CET49952443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:22.864572048 CET49952443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:22.864588976 CET44349952109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:22.864639044 CET44349952109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:24.874408960 CET49953443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:24.874474049 CET44349953109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:24.874638081 CET49953443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:24.875632048 CET49953443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:24.875658989 CET44349953109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:24.875771046 CET44349953109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:26.891294956 CET49954443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:26.891345024 CET44349954109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:26.891417980 CET49954443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:26.891833067 CET49954443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:26.891849041 CET44349954109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:26.891895056 CET44349954109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:26.891932964 CET49954443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:26.891949892 CET44349954109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:28.903912067 CET49955443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:28.903968096 CET44349955109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:28.904808998 CET49955443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:28.905636072 CET49955443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:28.905657053 CET44349955109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:28.905747890 CET44349955109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:28.905780077 CET49955443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:28.905802011 CET44349955109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:30.919794083 CET49956443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:30.919862032 CET44349956109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:30.919971943 CET49956443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:30.920401096 CET49956443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:30.920427084 CET44349956109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:30.920492887 CET44349956109.123.118.63192.168.2.4
            Dec 5, 2021 00:34:30.920562983 CET49956443192.168.2.4109.123.118.63
            Dec 5, 2021 00:34:30.920587063 CET44349956109.123.118.63192.168.2.4

            Code Manipulations

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            Analysis Process: dxEOMYaOtV.exe PID: 7008 Parent PID: 5528

            General

            Start time:00:30:18
            Start date:05/12/2021
            Path:C:\Users\user\Desktop\dxEOMYaOtV.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\dxEOMYaOtV.exe"
            Imagebase:0x3b0000
            File size:95232 bytes
            MD5 hash:A20A44E2ADD8F2EE2434258A20AC815E
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Yara matches:
            • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000002.1182843286.00000000003B2000.00000002.00020000.sdmp, Author: Joe Security
            • Rule: Njrat, Description: detect njRAT in memory, Source: 00000000.00000002.1182843286.00000000003B2000.00000002.00020000.sdmp, Author: JPCERT/CC Incident Response Group
            • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.656185698.00000000003B2000.00000002.00020000.sdmp, Author: Joe Security
            • Rule: Njrat, Description: detect njRAT in memory, Source: 00000000.00000000.656185698.00000000003B2000.00000002.00020000.sdmp, Author: JPCERT/CC Incident Response Group
            • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000002.1183435675.00000000029B1000.00000004.00000001.sdmp, Author: Joe Security
            Reputation:low

            Chronological Activities

            Analysis Process: netsh.exe PID: 7096 Parent PID: 7008

            General

            Start time:00:30:20
            Start date:05/12/2021
            Path:C:\Windows\SysWOW64\netsh.exe
            Wow64 process (32bit):true
            Commandline:netsh firewall add allowedprogram "C:\Users\user\Desktop\dxEOMYaOtV.exe" "dxEOMYaOtV.exe" ENABLE
            Imagebase:0x9f0000
            File size:82944 bytes
            MD5 hash:A0AA3322BB46BBFC36AB9DC1DBBBB807
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            Chronological Activities

            Analysis Process: conhost.exe PID: 7108 Parent PID: 7096

            General

            Start time:00:30:21
            Start date:05/12/2021
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff724c50000
            File size:625664 bytes
            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            Chronological Activities

            Disassembly

            Code Analysis

            Reset < >

              Analysis Process: dxEOMYaOtV.exe PID: 7008 Parent PID: 5528 dxEOMYaOtV.exeCOMMON

              Executed Functions

              Function 04B64298, Relevance: 10.7, Strings: 7, Instructions: 1950COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq$:@pq$:@pq$:@pq$:@pq$:@pq$@
              • API String ID: 0-2973781450
              • Opcode ID: 50a66b957623c2fb48ec3049b9d54ce7dd6965510e04934ca148c723c2d3cf9f
              • Instruction ID: f8c91ea15747787594ca9bca3c1b5550efba5a17f8d535725dcd2080e54f6f1c
              • Opcode Fuzzy Hash: 50a66b957623c2fb48ec3049b9d54ce7dd6965510e04934ca148c723c2d3cf9f
              • Instruction Fuzzy Hash: E0236A70A05228CFDB25EF24D954BADB7B2FB48300F1045E9D50A6B3A9EB359E81DF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B6428F, Relevance: 10.5, Strings: 7, Instructions: 1745COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID: $:@pq$:@pq$:@pq$:@pq$:@pq$:@pq
              • API String ID: 0-2958286781
              • Opcode ID: 2d6590a4b3b638a7585b1d88c15023fe6324a6789ccdb4fd2232b83e64785a3c
              • Instruction ID: 96aaadf34ab6db88afef2eeb68cdf99aba3a252e04213337878454a32fee460c
              • Opcode Fuzzy Hash: 2d6590a4b3b638a7585b1d88c15023fe6324a6789ccdb4fd2232b83e64785a3c
              • Instruction Fuzzy Hash: 9D136B74A05228CFDB25EF24D954BADB7B2FB48300F1041E9D50A6B3A9EB359E81DF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B23A7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
              Download Yara Rule
              APIs
              • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 052B2427
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: AdjustPrivilegesToken
              • String ID:
              • API String ID: 2874748243-0
              • Opcode ID: c4567491ea277951f60c1a95aa109e58eb910ef998d34d6b82959f5465e3be63
              • Instruction ID: 1fa430d526316a0146a4c8051697fc041363d63518d9111db6ae84dd54a76884
              • Opcode Fuzzy Hash: c4567491ea277951f60c1a95aa109e58eb910ef998d34d6b82959f5465e3be63
              • Instruction Fuzzy Hash: 9E2191755097809FEB138F25DC44B92BFB4EF06310F0885DAE9858F563D2749908CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B23DE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
              Download Yara Rule
              APIs
              • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 052B2427
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: AdjustPrivilegesToken
              • String ID:
              • API String ID: 2874748243-0
              • Opcode ID: b54f5149afbd8df0cb7029f3c7dc8e4b12bcbcff29185f2081bcaaabdb951eb4
              • Instruction ID: d3363a68a189d0ce98217c8dd5f708e90e39d60b872e1fb90ef00174da030a35
              • Opcode Fuzzy Hash: b54f5149afbd8df0cb7029f3c7dc8e4b12bcbcff29185f2081bcaaabdb951eb4
              • Instruction Fuzzy Hash: F8115E75610300DFEB21CF55D884BA6FBE4EF04720F08C4AAED498BA56D3B5E418CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7A72E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
              Download Yara Rule
              APIs
              • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 00B7A77E
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: NameUser
              • String ID:
              • API String ID: 2645101109-0
              • Opcode ID: 658423f8088456b584a036562af392ef9586207749bdfdbb78dc7f9444c7c717
              • Instruction ID: 4e1774bd1bab74f12e5496387766eabcd051e255964e6dd0006e820132c9d7cf
              • Opcode Fuzzy Hash: 658423f8088456b584a036562af392ef9586207749bdfdbb78dc7f9444c7c717
              • Instruction Fuzzy Hash: C401A271500600ABD214DF1ADC82B36FBA8FB89B20F14815AED084B741E235F916CBE5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B72478, Relevance: .6, Instructions: 561COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1183083829.0000000000B72000.00000040.00000001.sdmp, Offset: 00B72000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af3681306fb0651e32d3a568e7c1ff5ccbd3410af2e93bbb94b4cd5cd1142edc
              • Instruction ID: 2990c158292ba5270e129d1bbf62701d65693dd726b2c96fa5798423608bda7b
              • Opcode Fuzzy Hash: af3681306fb0651e32d3a568e7c1ff5ccbd3410af2e93bbb94b4cd5cd1142edc
              • Instruction Fuzzy Hash: 1C12E16680E3C15FCB1747349929154BFB1AE23314B5EC2CBC5E9CF5A3D2168D0AC7A6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B675C9, Relevance: 5.0, Strings: 3, Instructions: 1241COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq$:@pq$xYVq
              • API String ID: 0-3294097456
              • Opcode ID: 12d7af0654ddf5a44220ca5c4f725969712eacb4c08f729f9e49d3f36916a89a
              • Instruction ID: 12d226c37097017ccccce49b2fb5ef790793dcac263f6b838ed941d87f1721f1
              • Opcode Fuzzy Hash: 12d7af0654ddf5a44220ca5c4f725969712eacb4c08f729f9e49d3f36916a89a
              • Instruction Fuzzy Hash: CBC2A534B08255CFDF21AB3AEA107697BF6EB49700F1440A6D8069B399EB35DE41DF24
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B67644, Relevance: 4.8, Strings: 3, Instructions: 1079COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq$:@pq$xYVq
              • API String ID: 0-3294097456
              • Opcode ID: 2a21c5a3ab668c81559b2e7e3a55991c970220e8bc11c6efdaca227634f2702c
              • Instruction ID: 4956fac96518e9b843caf0247a814e83dfc86b4c1ce56b4e8c99e060ef0c02d4
              • Opcode Fuzzy Hash: 2a21c5a3ab668c81559b2e7e3a55991c970220e8bc11c6efdaca227634f2702c
              • Instruction Fuzzy Hash: 8392C534B082509FDF216B39D9207697FF6EF49700F6440A69407A73A9EA39CE45EF24
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B6767E, Relevance: 4.8, Strings: 3, Instructions: 1076COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq$:@pq$xYVq
              • API String ID: 0-3294097456
              • Opcode ID: 1c0aefcf9768accf8fd69bc508d3e58baa0fa0fa1ada003441729cb149091799
              • Instruction ID: 4ff9b427a135e4ba5d26db28013d33088ca1413e1414bcb627097d3f9b73eb4d
              • Opcode Fuzzy Hash: 1c0aefcf9768accf8fd69bc508d3e58baa0fa0fa1ada003441729cb149091799
              • Instruction Fuzzy Hash: 1192C4347082509FDF216B39D9207697FF6EF89700F6440A69407A73A9EA39CE45EF24
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B676AD, Relevance: 4.8, Strings: 3, Instructions: 1075COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq$:@pq$xYVq
              • API String ID: 0-3294097456
              • Opcode ID: 1ae600b77359ea8011a400bad19fd51fdb329d7dffe3f47ae66cc2c1358b5ec8
              • Instruction ID: bf07ccdd53f9085f337f19033742045eb7637684a3ca7c9ac49937496c87c0eb
              • Opcode Fuzzy Hash: 1ae600b77359ea8011a400bad19fd51fdb329d7dffe3f47ae66cc2c1358b5ec8
              • Instruction Fuzzy Hash: 1592C5347082509FDF216B39D9207697FF6EF89700F6440A69407A73A9EA39CE45EF24
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B1E7A, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132registryCOMMON
              Download Yara Rule
              APIs
              • RegCreateKeyExW.KERNELBASE(?,00000E2C), ref: 052B1F75
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: Create
              • String ID: p8 r
              • API String ID: 2289755597-1267531546
              • Opcode ID: 8a255d1337d89361ddcef260eebd4a5b33f7348de66898169e740a3dd78fd8dd
              • Instruction ID: a10f85bf01438400e9bbfe5e72894f2ea0c9c462139e399290566830033deceb
              • Opcode Fuzzy Hash: 8a255d1337d89361ddcef260eebd4a5b33f7348de66898169e740a3dd78fd8dd
              • Instruction Fuzzy Hash: 94417C711093856FE7238B758C50FA6BFB8EF07210F0985DAE985CB163D264E819CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B1EDA, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 86registryCOMMON
              Download Yara Rule
              APIs
              • RegCreateKeyExW.KERNELBASE(?,00000E2C), ref: 052B1F75
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: Create
              • String ID: p8 r
              • API String ID: 2289755597-1267531546
              • Opcode ID: b51a7173532390ed6523a8167809bdab1cc5d26f37f08e4d8ce5f200327c0f7a
              • Instruction ID: 561552ec36deb2e10d37df8589eb5551a6683d81bb1ada011854a1edfe6a5591
              • Opcode Fuzzy Hash: b51a7173532390ed6523a8167809bdab1cc5d26f37f08e4d8ce5f200327c0f7a
              • Instruction Fuzzy Hash: F4219E72600304AFEB21DF55CC84FA7FBECEF08320F04856AE949CA641E364E515CA71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7B126, Relevance: 1.6, APIs: 1, Instructions: 97registryCOMMON
              Download Yara Rule
              APIs
              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00B7B1D1
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: Open
              • String ID:
              • API String ID: 71445658-0
              • Opcode ID: 4b1a781eeea78e282bcf428afca0e579777cc572ad0d28ea4feaf0d873ff596c
              • Instruction ID: dfa42d215ffe57686462aa9e7b731db225a14d2248fab88c0a58bac914a76706
              • Opcode Fuzzy Hash: 4b1a781eeea78e282bcf428afca0e579777cc572ad0d28ea4feaf0d873ff596c
              • Instruction Fuzzy Hash: 0A3192711093846FE7228B658C45FA6BFF8EF06310F0885DBE9849B153D224E909CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7B074, Relevance: 1.6, APIs: 1, Instructions: 95synchronizationCOMMON
              Download Yara Rule
              APIs
              • CreateMutexW.KERNELBASE(?,?), ref: 00B7B01D
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: CreateMutex
              • String ID:
              • API String ID: 1964310414-0
              • Opcode ID: 88930ba4b7df3690d857bd135c1fd56889cbc8ff8b84c8936f6e1044ac836d94
              • Instruction ID: d97b3d1614058bbd1e2add68da75f1e26ddf0ddafb7e1935f2ab3e3a4cf67680
              • Opcode Fuzzy Hash: 88930ba4b7df3690d857bd135c1fd56889cbc8ff8b84c8936f6e1044ac836d94
              • Instruction Fuzzy Hash: 4431C1755093809FD711CF29DC85B62BFE4EF16324F0881EAD9888F263D375A909CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7AA75, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00B7AB25
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: 1ea2ca2cdb4c283073d003c8d6fbd774cb009c3e74b202722c051d2e860f4c85
              • Instruction ID: 243b57734fba992526b7c750418b37c228473cd94d48fa346e28073e8a73b004
              • Opcode Fuzzy Hash: 1ea2ca2cdb4c283073d003c8d6fbd774cb009c3e74b202722c051d2e860f4c85
              • Instruction Fuzzy Hash: D6315E75504780AFE722CF65CC84B56BFF8EF05310F0885AAE9858B252D365E809CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B214D, Relevance: 1.6, APIs: 1, Instructions: 91windowCOMMON
              Download Yara Rule
              APIs
              • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 052B2206
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: FormatMessage
              • String ID:
              • API String ID: 1306739567-0
              • Opcode ID: 6f7365e5f3d3953095128e8bfcd2bd6dadaffccdbdda3c682806cf7e815ad30f
              • Instruction ID: e5d4b64228dc09805d3a3b7916deb411a407cc87ecfd9c1b3d886b0558334e04
              • Opcode Fuzzy Hash: 6f7365e5f3d3953095128e8bfcd2bd6dadaffccdbdda3c682806cf7e815ad30f
              • Instruction Fuzzy Hash: 23318D7150E3C46FD7139B258C51A66BFB8EF47610F0A80DBD984CF2A3E6246909C7A2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7B219, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 00B7B2D4
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: 5c7b50a017ef2acd1be8d0d423afebb7afd4c06bb22bc7b9c133509e5d8bdf58
              • Instruction ID: 45ccd4c3fea2b02e918c37219d22e89017ca8423b774f4fcd2667bb503337706
              • Opcode Fuzzy Hash: 5c7b50a017ef2acd1be8d0d423afebb7afd4c06bb22bc7b9c133509e5d8bdf58
              • Instruction Fuzzy Hash: 043181715093845FD722CF25CC84FA6BFF8EF06310F08849AE9858B153D364E949CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B09F8, Relevance: 1.6, APIs: 1, Instructions: 89COMMON
              Download Yara Rule
              APIs
              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 052B0A8F
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: DescriptorSecurity$ConvertString
              • String ID:
              • API String ID: 3907675253-0
              • Opcode ID: 56e6a625d6564ff9a6ac6b8f37c9f02b24118c1a9b5ce21449e919aa4c53519a
              • Instruction ID: 6a312006f4c2a9231a1199a398e720abb98ea261d13ccdc843f38772419d9482
              • Opcode Fuzzy Hash: 56e6a625d6564ff9a6ac6b8f37c9f02b24118c1a9b5ce21449e919aa4c53519a
              • Instruction Fuzzy Hash: 8C3191B25053456FE722CF65DC45FA7BFECEF05320F0888AAE985DB152D264E809CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B0C90, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: FileView
              • String ID:
              • API String ID: 3314676101-0
              • Opcode ID: e073feb58f927a0fd94f792a6da9450ad4448cfacc115efabd2e633d734aa074
              • Instruction ID: 085fabac3fc8c1ec741ac015191960c24031b61410cc107388ccb82065245755
              • Opcode Fuzzy Hash: e073feb58f927a0fd94f792a6da9450ad4448cfacc115efabd2e633d734aa074
              • Instruction Fuzzy Hash: BD3193B2404780AFE722CB55DC45F96FFF8EF05320F04859AE9848B152D365A549CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B68BF0, Relevance: 1.6, Strings: 1, Instructions: 335COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq
              • API String ID: 0-3329585733
              • Opcode ID: 6ae7fbd0381182435db7b8eba91c6b9550973a26689cb858d3838694518f1b6b
              • Instruction ID: 96d7d976489b3192f2e31ccc82cbd4cc5e9b97e76b4e921f21152397038ad079
              • Opcode Fuzzy Hash: 6ae7fbd0381182435db7b8eba91c6b9550973a26689cb858d3838694518f1b6b
              • Instruction Fuzzy Hash: 09D16030A04205EFCB19EFB5EA5096D77B3EF88344B148929D516AB3A8EF359C01DF90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7AF7E, Relevance: 1.6, APIs: 1, Instructions: 83synchronizationCOMMON
              Download Yara Rule
              APIs
              • CreateMutexW.KERNELBASE(?,?), ref: 00B7B01D
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: CreateMutex
              • String ID:
              • API String ID: 1964310414-0
              • Opcode ID: 532168223e4ec361e8e0ed7d75332a0d6d463cb0e8d56b111bef2d423ea8b2d8
              • Instruction ID: 229b191a1a80fbb5f7e801b820d9166fa5952d91c6ca9f5bc0bdf0997ba2dcb7
              • Opcode Fuzzy Hash: 532168223e4ec361e8e0ed7d75332a0d6d463cb0e8d56b111bef2d423ea8b2d8
              • Instruction Fuzzy Hash: 8F316FB1505780AFE721CB25DC84F66FFE8EF05314F0885AEED898B292D365E905CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7B408, Relevance: 1.6, APIs: 1, Instructions: 82windowtimeCOMMON
              Download Yara Rule
              APIs
              • SendMessageTimeoutA.USER32(?,00000E2C), ref: 00B7B4B1
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: MessageSendTimeout
              • String ID:
              • API String ID: 1599653421-0
              • Opcode ID: a35fb64a6dba4254705474c9e736c721715121ce9e46c244d12f7edeeb749dcf
              • Instruction ID: b38d16ebfd7c25a2452d9ed4a9bed5e871ad5d83f2f8513e600eeadb899563ef
              • Opcode Fuzzy Hash: a35fb64a6dba4254705474c9e736c721715121ce9e46c244d12f7edeeb749dcf
              • Instruction Fuzzy Hash: 3221A371104780AFEB228F65DC45FA6FFB8EF46310F18859AEE854F162D375A809CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B110C, Relevance: 1.6, APIs: 1, Instructions: 82timeCOMMON
              Download Yara Rule
              APIs
              • GetProcessTimes.KERNELBASE(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 052B1199
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: ProcessTimes
              • String ID:
              • API String ID: 1995159646-0
              • Opcode ID: f7d4d5b83707d364d4321b32029099135afee35bcd183ce1ff5ec37c578776b0
              • Instruction ID: 40fc3f01becf3f1afbde69b72605009187e580c868eafdac1aa09b1e5c466e7c
              • Opcode Fuzzy Hash: f7d4d5b83707d364d4321b32029099135afee35bcd183ce1ff5ec37c578776b0
              • Instruction Fuzzy Hash: 1C21A3721093806FEB228F65DC55FA6BFB8EF06310F0884ABE985DB152C265A448CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7A6D6, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
              Download Yara Rule
              APIs
              • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 00B7A77E
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: NameUser
              • String ID:
              • API String ID: 2645101109-0
              • Opcode ID: ce039fee4b1c79dac6d175c7aa408d3cf1ae53971e3d7f7b4c3543b72736bac7
              • Instruction ID: 814feed572476a77ca287356f46a0f09a9e37874e5b1a04afef5043990a3ede1
              • Opcode Fuzzy Hash: ce039fee4b1c79dac6d175c7aa408d3cf1ae53971e3d7f7b4c3543b72736bac7
              • Instruction Fuzzy Hash: 3E216B7154D3C06FD3138B259C55B62BFB8EF47620F0985DBEC848B593D229A81AC7B2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B28A1, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: select
              • String ID:
              • API String ID: 1274211008-0
              • Opcode ID: 7bb829907d2268f9c8ddea4a6697331ab1cede5ceb55f4de92cc1357b0102e60
              • Instruction ID: 0f54c1d37f05ac981e2016d2bff3cfdea70a86ccc2b68a5a16aba65113dfd3f1
              • Opcode Fuzzy Hash: 7bb829907d2268f9c8ddea4a6697331ab1cede5ceb55f4de92cc1357b0102e60
              • Instruction Fuzzy Hash: E5216F755097859FE712CF25DC84B92BFF8EF06310F0884DAED88CB162D274A948CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B2529, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
              Download Yara Rule
              APIs
              • GetExitCodeProcess.KERNELBASE(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 052B25B0
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: CodeExitProcess
              • String ID:
              • API String ID: 3861947596-0
              • Opcode ID: 275f6b2f31db3db0291be33693e606929d1f2ac41ba2d4beb32843a0abba8920
              • Instruction ID: c53acd831c39901c740d1858cc89a1d1d17ccb66ccd87d45a928875cd6548ee6
              • Opcode Fuzzy Hash: 275f6b2f31db3db0291be33693e606929d1f2ac41ba2d4beb32843a0abba8920
              • Instruction Fuzzy Hash: BF2174715093846FE712CB25DC45F96BFA8EF46310F1884EBE944DF193D264A908C761
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B048D, Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 052B052E
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: 25e82bf333aef703ca055f8dcfe2ac97e95e03fc53830a69c477af0edd80a21a
              • Instruction ID: 54c239f9765711c0f54b17aebf2064069752f418b212a5fa1531e9306295d856
              • Opcode Fuzzy Hash: 25e82bf333aef703ca055f8dcfe2ac97e95e03fc53830a69c477af0edd80a21a
              • Instruction Fuzzy Hash: B121C77550D3C06FD3138B258C51B72BFB4EF47620F0981DBE9848B593D165A819C7B2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B27C6, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
              Download Yara Rule
              APIs
              • ioctlsocket.WS2_32(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 052B2857
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: ioctlsocket
              • String ID:
              • API String ID: 3577187118-0
              • Opcode ID: 9501602ffa457335b530c17be6b48d9e7ef525eebb62648ddcb7d1dc8639a26e
              • Instruction ID: 0539eb0442dc0e9b19aaaf090f310fdf38b467cde6dcc0c5774fa8b2a0005aae
              • Opcode Fuzzy Hash: 9501602ffa457335b530c17be6b48d9e7ef525eebb62648ddcb7d1dc8639a26e
              • Instruction Fuzzy Hash: A0219FB1409784AFE7128B24DC45F96BFB8EF06310F0984EAE9849B153D274A909C771
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B0BAE, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
              Download Yara Rule
              APIs
              • OpenFileMappingW.KERNELBASE(?,?), ref: 052B0C39
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: FileMappingOpen
              • String ID:
              • API String ID: 1680863896-0
              • Opcode ID: 2d6020e6fe2d5b1edb264485fe02d7db63d9316c0b2717d95a3e061546cd9892
              • Instruction ID: 56501cfb74bc55df2fe394ba8f757566f4bd5b6d490f6d6263c244c62523ea52
              • Opcode Fuzzy Hash: 2d6020e6fe2d5b1edb264485fe02d7db63d9316c0b2717d95a3e061546cd9892
              • Instruction Fuzzy Hash: 36219FB1509380AFE722CF25CC45F66FFE8EF05310F0884AAE9858B252D375E908CB65
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7B32A, Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
              Download Yara Rule
              APIs
              • RegSetValueExW.KERNELBASE(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 00B7B3C0
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: Value
              • String ID:
              • API String ID: 3702945584-0
              • Opcode ID: c658137f06e21878a0932bfe20f6c35c578715c80f7dcec1b938396a41010b51
              • Instruction ID: 7bc33cf766181f51a028c9f4b833b383f0faaa1aefec7bd421158b300f6fa67e
              • Opcode Fuzzy Hash: c658137f06e21878a0932bfe20f6c35c578715c80f7dcec1b938396a41010b51
              • Instruction Fuzzy Hash: 4F2181725087806FE7228F15DC44F57BFB8EF46310F08849AE9859B152D364E848CB75
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B055A, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
              Download Yara Rule
              APIs
              • WSASocketW.WS2_32(?,?,?,?,?), ref: 052B05E6
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: Socket
              • String ID:
              • API String ID: 38366605-0
              • Opcode ID: e35333df84366911f88f51cdd119f8408abce09fbe0c7bbf7faa03ccf840f4d2
              • Instruction ID: 2a1543dbfecf79002cd6fe5a16a4d39380dbc8e4aa3e179a06c02b96ff2d7f80
              • Opcode Fuzzy Hash: e35333df84366911f88f51cdd119f8408abce09fbe0c7bbf7faa03ccf840f4d2
              • Instruction Fuzzy Hash: 24218071505780AFE722CF65DC45FA6FFB8EF05310F08859EE9858B652D375A408CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7AAA6, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00B7AB25
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: caf52d5c4fc390f6f1d9d7b34aa2e79f30b0f99b0d77388f5a367848973e02cd
              • Instruction ID: c6957afa68c786f02333419bb411574d02d8458b6f8931e73fa2d7fcaa57b7f9
              • Opcode Fuzzy Hash: caf52d5c4fc390f6f1d9d7b34aa2e79f30b0f99b0d77388f5a367848973e02cd
              • Instruction Fuzzy Hash: 4721A171600700AFE761CF65CC84B6AFBE8EF04310F0485AAED498B651E375E804CB72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B0906, Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 052B09A4
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: 3391fc1e35f88ab9bc1cacca85106e174129b1bf2fb6949b36f51904eecca17e
              • Instruction ID: ecfb093dec9db46a60d1e66dc0a2469dc9268b8adbee877d7a6a47692519a43c
              • Opcode Fuzzy Hash: 3391fc1e35f88ab9bc1cacca85106e174129b1bf2fb6949b36f51904eecca17e
              • Instruction Fuzzy Hash: 49217172508744AFE722CF55CC84F97BFB8EF45710F08859AE9859B192D364E408CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B0A1E, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
              Download Yara Rule
              APIs
              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 052B0A8F
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: DescriptorSecurity$ConvertString
              • String ID:
              • API String ID: 3907675253-0
              • Opcode ID: 76d03d884c60bb2ad85fc1b43afb619d18398f677daae2a394d35e8ffd01a0e0
              • Instruction ID: ee5c5380b8a017270eb817b5da9e182a03e094aacafd9e2870545b5d82fb568d
              • Opcode Fuzzy Hash: 76d03d884c60bb2ad85fc1b43afb619d18398f677daae2a394d35e8ffd01a0e0
              • Instruction Fuzzy Hash: E52195B1600305AFE721DF69DC45FABBB9CEF04710F14886AED45DB141D674E4058A71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7B152, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
              Download Yara Rule
              APIs
              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00B7B1D1
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: Open
              • String ID:
              • API String ID: 71445658-0
              • Opcode ID: 116b499eaf598f065f8708fe64dda4c2af5e061b224246dc1b12ce22c0044d9c
              • Instruction ID: 9abd6e26ed7f650a9f37fb363a65373d31145cff7a96f1a3b6ca11e8dbd82865
              • Opcode Fuzzy Hash: 116b499eaf598f065f8708fe64dda4c2af5e061b224246dc1b12ce22c0044d9c
              • Instruction Fuzzy Hash: 6B219FB2500704AEE7219F55CC85FABFBECEF08720F14845AED459A646D724E9098BB1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7A9BF, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
              Download Yara Rule
              APIs
              • SetErrorMode.KERNELBASE(?), ref: 00B7AA44
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: ErrorMode
              • String ID:
              • API String ID: 2340568224-0
              • Opcode ID: e79f42a37333af10f9ae55b1930a7f988ec22a48a47b48f8fd838e61b3328692
              • Instruction ID: 7812b1bae4cd1235f7aa074201cd5f32535f43a59afb45f5d70a8c7f8a4a6b47
              • Opcode Fuzzy Hash: e79f42a37333af10f9ae55b1930a7f988ec22a48a47b48f8fd838e61b3328692
              • Instruction Fuzzy Hash: 8B21486540E3C09FD7138B258C60A51BFB4EF57624F0E81DBE9848F5A3D2689849CB72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7ADCE, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
              Download Yara Rule
              APIs
              • setsockopt.WS2_32(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 00B7AE4D
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: setsockopt
              • String ID:
              • API String ID: 3981526788-0
              • Opcode ID: dc5aba2f855ad24fb3d9c25d410a407986c74b5715b25d457836681028013e96
              • Instruction ID: dbf60447580ab64593d9a1f06d99b792565b72bfd62053601a3abfb5a04bcc4d
              • Opcode Fuzzy Hash: dc5aba2f855ad24fb3d9c25d410a407986c74b5715b25d457836681028013e96
              • Instruction Fuzzy Hash: 5421A1B2404340AFEB228F55DC44FA7BFA8EF45720F0484AAFD449B152D274A809CBB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B2613, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
              Download Yara Rule
              APIs
              • GetProcessWorkingSetSize.KERNEL32(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 052B268F
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: ProcessSizeWorking
              • String ID:
              • API String ID: 3584180929-0
              • Opcode ID: 9e2f79b3352e44532260baac3a8470478e41807dc437f11940578a3b458227b0
              • Instruction ID: 99a8d70af0fc62c5850e493bae9160fc9278cbd74eb33ed237fb1b5a68cb3655
              • Opcode Fuzzy Hash: 9e2f79b3352e44532260baac3a8470478e41807dc437f11940578a3b458227b0
              • Instruction Fuzzy Hash: 2A21A4B1509384AFEB22CF25DC45FA6BFA8EF45320F0884ABE944DF152D274E844CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B26F7, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
              Download Yara Rule
              APIs
              • SetProcessWorkingSetSize.KERNEL32(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 052B2773
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: ProcessSizeWorking
              • String ID:
              • API String ID: 3584180929-0
              • Opcode ID: 9e2f79b3352e44532260baac3a8470478e41807dc437f11940578a3b458227b0
              • Instruction ID: e0523ba5f7713cde73f1b5f23b9eb23d48869a59360167d502a47c77d51b78a7
              • Opcode Fuzzy Hash: 9e2f79b3352e44532260baac3a8470478e41807dc437f11940578a3b458227b0
              • Instruction Fuzzy Hash: E821A4B1509384AFE722CF25DC45FAABFA8EF45320F0884ABE944DB152D274E904CB65
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7AFAA, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
              Download Yara Rule
              APIs
              • CreateMutexW.KERNELBASE(?,?), ref: 00B7B01D
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: CreateMutex
              • String ID:
              • API String ID: 1964310414-0
              • Opcode ID: 037b50b3338b0518903ab6b8ca98444b5df5027c04ff425a7fe4385d24a84abd
              • Instruction ID: 98fbf576b2bde625502fe6c8f766020966b92623ffe0b68f1ed7f46d2dba3d08
              • Opcode Fuzzy Hash: 037b50b3338b0518903ab6b8ca98444b5df5027c04ff425a7fe4385d24a84abd
              • Instruction Fuzzy Hash: 3D217FB1600240AFE720DF65DC85F66FBE8EF04310F1484AAED598B241D775E904CA71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B0F45, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
              Download Yara Rule
              APIs
              • shutdown.WS2_32(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 052B0FC8
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: shutdown
              • String ID:
              • API String ID: 2510479042-0
              • Opcode ID: d6044d511ce02e24891fbe354def8fd7d8cf45fcc95e723697ee3b63c0b464d9
              • Instruction ID: daae98fc2deb290593e9c1298995afc40cddae0e0991f83e548a4b05e66babf6
              • Opcode Fuzzy Hash: d6044d511ce02e24891fbe354def8fd7d8cf45fcc95e723697ee3b63c0b464d9
              • Instruction Fuzzy Hash: D92195B1409384AFE7128F25DC45F56FFB8EF46320F0885EBE9849F153D268A544CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7AB7C, Relevance: 1.6, APIs: 1, Instructions: 70COMMON
              Download Yara Rule
              APIs
              • FindCloseChangeNotification.KERNELBASE(?), ref: 00B7ABF0
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: 0262587fe49b056221862708c21c60aa23347f1c5013605e7f7e393f1a711915
              • Instruction ID: f70acc55fabd2eee530f1d7c6a9d6ed66f9e6369854dc671e4297e77b37cdc6b
              • Opcode Fuzzy Hash: 0262587fe49b056221862708c21c60aa23347f1c5013605e7f7e393f1a711915
              • Instruction Fuzzy Hash: 9021AF755093C09FD7138B25DC95796BFA4EF02220F0984EBEC858B1A3D2249808C772
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7AC3F, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
              Download Yara Rule
              APIs
              • GetFileType.KERNELBASE(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 00B7ACBD
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: FileType
              • String ID:
              • API String ID: 3081899298-0
              • Opcode ID: 2add00d5d66d4b7c09aaa29128db3e9e73d416139ac6179ae270d8b3932c6908
              • Instruction ID: 25a6af9aaf32601fcebfbfd12bb9535aae85f6f8dcd99ed9f6185e9ccb6a2850
              • Opcode Fuzzy Hash: 2add00d5d66d4b7c09aaa29128db3e9e73d416139ac6179ae270d8b3932c6908
              • Instruction Fuzzy Hash: E011D6B15043806FE7128F25DC44FA6BFACEF46720F0884DAFD449B153C264A949CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7B25A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 00B7B2D4
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: 6688f7456eefe19a1dbd1450d3784ea2fa4304fe26a97b8b6791a41a19612839
              • Instruction ID: cce8367675d2f500816ab1b6d3b2d5988808ed74f2040c38ec4209063fa83f2c
              • Opcode Fuzzy Hash: 6688f7456eefe19a1dbd1450d3784ea2fa4304fe26a97b8b6791a41a19612839
              • Instruction Fuzzy Hash: D2216D71600704AFEB21CF15DC84F6ABBE8EF08710F0884AAED499B256D764E848CA71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B2087, Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON
              Download Yara Rule
              APIs
              • WSAEventSelect.WS2_32(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 052B2103
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: EventSelect
              • String ID:
              • API String ID: 31538577-0
              • Opcode ID: 1e5f252ede9d4b72bfd31f0cc43f00e42b96f41dcf630a6097a5926962c80ce4
              • Instruction ID: 8da345673555b438d2beef48e8252930952b24b3b41111aa5c9c31cf379fdb46
              • Opcode Fuzzy Hash: 1e5f252ede9d4b72bfd31f0cc43f00e42b96f41dcf630a6097a5926962c80ce4
              • Instruction Fuzzy Hash: 1D219671509384AFE722CF55DC84F96FFB8EF45310F0884ABE9449F152D274A504CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B2474, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
              Download Yara Rule
              APIs
              • FindCloseChangeNotification.KERNELBASE(?), ref: 052B24E0
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: 44cb527c0d1d83f5f45bd5652ec3e9f056b9d43448d0b42599b1c13c5f1505c3
              • Instruction ID: 2ade3df71dde6e6255e2df3ed5f64a23a74a6d3251a9a628130cd3a3f6e9eead
              • Opcode Fuzzy Hash: 44cb527c0d1d83f5f45bd5652ec3e9f056b9d43448d0b42599b1c13c5f1505c3
              • Instruction Fuzzy Hash: 182184755093C05FDB128B25DC94B92BFA4AF07724F0984DAED858F653D2649908C761
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B0BCE, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
              Download Yara Rule
              APIs
              • OpenFileMappingW.KERNELBASE(?,?), ref: 052B0C39
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: FileMappingOpen
              • String ID:
              • API String ID: 1680863896-0
              • Opcode ID: c72d548a7e28c448838ab2d8b7287d8bc4e90be4c3a772eb79aaf994c6aa88ea
              • Instruction ID: 2f73775775ee9872546c2f5eba103a906f309cf1494df266ee474e7fde339136
              • Opcode Fuzzy Hash: c72d548a7e28c448838ab2d8b7287d8bc4e90be4c3a772eb79aaf994c6aa88ea
              • Instruction Fuzzy Hash: F821A1B1500340AFF721DF65CC49BA6FBE8EF04320F04846AED858B242D7B5E405CA75
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B057A, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
              Download Yara Rule
              APIs
              • WSASocketW.WS2_32(?,?,?,?,?), ref: 052B05E6
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: Socket
              • String ID:
              • API String ID: 38366605-0
              • Opcode ID: 3d26ea7158303c5bf4fb0dcf71b83e216bfe0d42bb89c403e794c887b608634a
              • Instruction ID: 01f82d88f7cf8c9b157a7fd5197050e6e033de4bad8e522403992414bc5d9a20
              • Opcode Fuzzy Hash: 3d26ea7158303c5bf4fb0dcf71b83e216bfe0d42bb89c403e794c887b608634a
              • Instruction Fuzzy Hash: 40219F71500740AFE722DF56DC85BA6FBA9FF08310F04856AED858A651D3B5A404CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B0CCE, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: FileView
              • String ID:
              • API String ID: 3314676101-0
              • Opcode ID: b1b87854ca7fffe2feb166314ed98630c514a633be322931c1d28bdf61e544fd
              • Instruction ID: 89f4fbe3bdac5fc9921efe9ef3efeb7b254e52d1c3ffb01cd20ea9c4ab44ac89
              • Opcode Fuzzy Hash: b1b87854ca7fffe2feb166314ed98630c514a633be322931c1d28bdf61e544fd
              • Instruction Fuzzy Hash: 9121CF71500340AFE722CF55CC49FAAFBE8EF08320F04855EE9858B255D3B5B408CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7B436, Relevance: 1.6, APIs: 1, Instructions: 66windowtimeCOMMON
              Download Yara Rule
              APIs
              • SendMessageTimeoutA.USER32(?,00000E2C), ref: 00B7B4B1
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: MessageSendTimeout
              • String ID:
              • API String ID: 1599653421-0
              • Opcode ID: 7d7a438be67c2bdae2615ed4b5b3a7e16bd5786494d1d54fb3450caf311f0607
              • Instruction ID: dc45a5cb01b1dfb88f2d8361c5fcd37c92338a333fb2ed97ca7d203a18dde40b
              • Opcode Fuzzy Hash: 7d7a438be67c2bdae2615ed4b5b3a7e16bd5786494d1d54fb3450caf311f0607
              • Instruction Fuzzy Hash: F321AF71500300AFEB319F55DC81F66FBA8EF04720F18C9AAEE494A696D375A408CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7A08D, Relevance: 1.6, APIs: 1, Instructions: 66networkCOMMON
              Download Yara Rule
              APIs
              • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 00B7A10E
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: Startup
              • String ID:
              • API String ID: 724789610-0
              • Opcode ID: afc40e105564678f67dce1731e5d4afc915a748cf42ea98127f469d46befec17
              • Instruction ID: 1e2bb97348feb56e4f26bccef3533036e6128d21dea9b0ce8fac557517747f48
              • Opcode Fuzzy Hash: afc40e105564678f67dce1731e5d4afc915a748cf42ea98127f469d46befec17
              • Instruction Fuzzy Hash: 811103B15087806FD711CF25DC41F66BFB8EF8A620F04819AED448B642D230B915CBA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B1596, Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 052B161F
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: LibraryLoad
              • String ID:
              • API String ID: 1029625771-0
              • Opcode ID: c67214559c4001b82673d6eef4b3ebb4af5beb9e81170e546ca36d7886337a95
              • Instruction ID: 398d5c21859320016e07e245ef542212c7c85c012a060e749bbe3d46f38c71c8
              • Opcode Fuzzy Hash: c67214559c4001b82673d6eef4b3ebb4af5beb9e81170e546ca36d7886337a95
              • Instruction Fuzzy Hash: 2F11D3711043446FE722CB15DC85FA6FFA8EF45720F18809AFE449F292D2B4A948CB66
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7B34E, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
              Download Yara Rule
              APIs
              • RegSetValueExW.KERNELBASE(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 00B7B3C0
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: Value
              • String ID:
              • API String ID: 3702945584-0
              • Opcode ID: 2e59da8b47573db8e91d5b59996935b2d282dd87e30e3f571c1f5d51fb8b7404
              • Instruction ID: 16e6be219b1084dfc2519eacc3349ecbca1b9fe7d39bdfaff61cb4eeede9f762
              • Opcode Fuzzy Hash: 2e59da8b47573db8e91d5b59996935b2d282dd87e30e3f571c1f5d51fb8b7404
              • Instruction Fuzzy Hash: A5118171600704AFE7219F16DC81F67FBE8EF04720F14C49AED499A646D774E844CA75
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B0932, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 052B09A4
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: 66631a17f4decf36a454f51432e2ea325bb24fb10ec59ce6e8e04ed9f50bf694
              • Instruction ID: 3541ccd9bb77552ad654f42abfb1f096d7aefad601fbc01ee4345ab30d6552bd
              • Opcode Fuzzy Hash: 66631a17f4decf36a454f51432e2ea325bb24fb10ec59ce6e8e04ed9f50bf694
              • Instruction Fuzzy Hash: 08117F72600704AFF722CF55CC84FA7FBA8EF04760F04856AE9499B656D7A4E408CAB1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B113A, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
              Download Yara Rule
              APIs
              • GetProcessTimes.KERNELBASE(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 052B1199
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: ProcessTimes
              • String ID:
              • API String ID: 1995159646-0
              • Opcode ID: 487361968451ad295c164dbe84483de4e35b44a59d4380a95daf42c1ae6563a8
              • Instruction ID: 2396fdcb4fb3159816444cca05efcd834ca9f7714d3a985d2e22e22bdeb3ec6f
              • Opcode Fuzzy Hash: 487361968451ad295c164dbe84483de4e35b44a59d4380a95daf42c1ae6563a8
              • Instruction Fuzzy Hash: E211C872510304AFEB21CF65DC45FABFBA8EF04320F04846AED458B555D6B4E415CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B12DF, Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON
              Download Yara Rule
              APIs
              • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 052B1356
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: Connect
              • String ID:
              • API String ID: 3144859779-0
              • Opcode ID: 6f0e678631fb5a2d05f409081b1eb329c33ac40282c451af14cd3ed2d86481b7
              • Instruction ID: 8504d0f3fc3ba74e6c6177e3871fcdccc1b81094350e1dea1c4a9a5c18e3daed
              • Opcode Fuzzy Hash: 6f0e678631fb5a2d05f409081b1eb329c33ac40282c451af14cd3ed2d86481b7
              • Instruction Fuzzy Hash: AE219071404384AFEB228F55DC44BA2FFF8FF05310F08859AED898B512D375A859DB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B2636, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
              Download Yara Rule
              APIs
              • GetProcessWorkingSetSize.KERNEL32(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 052B268F
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: ProcessSizeWorking
              • String ID:
              • API String ID: 3584180929-0
              • Opcode ID: 027cb9250752276a39df5e897ede71c1a8e012190fe880087da8ff299dd8cbd9
              • Instruction ID: 5d806ba065a9653f3e769488f2324b85577388e9666d700269c58fc8c6e16c34
              • Opcode Fuzzy Hash: 027cb9250752276a39df5e897ede71c1a8e012190fe880087da8ff299dd8cbd9
              • Instruction Fuzzy Hash: 381194B5500344AFEB21CF65DD85BAAFB98EF04320F14846AED459B245D6B4E444CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B271A, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
              Download Yara Rule
              APIs
              • SetProcessWorkingSetSize.KERNEL32(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 052B2773
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: ProcessSizeWorking
              • String ID:
              • API String ID: 3584180929-0
              • Opcode ID: 027cb9250752276a39df5e897ede71c1a8e012190fe880087da8ff299dd8cbd9
              • Instruction ID: c8005189290262fc77aa442c4c1ffa817b870940f8da736747091efc9db9be20
              • Opcode Fuzzy Hash: 027cb9250752276a39df5e897ede71c1a8e012190fe880087da8ff299dd8cbd9
              • Instruction Fuzzy Hash: F511A775600304AFEB21CF65DC85FAAFB98EF04720F14846AED45DB245D6B4E404CBB5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7A573, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B7A5DE
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 8ae0d876114777267a749070d38943d1e10334dc04a8451e6b624348557aa59b
              • Instruction ID: 88078f42eb8709d3b5d4a276b3de876f584ef952b37a9288925f7a35d04873e4
              • Opcode Fuzzy Hash: 8ae0d876114777267a749070d38943d1e10334dc04a8451e6b624348557aa59b
              • Instruction Fuzzy Hash: C5118471409380AFDB228F55DC44B62FFF4EF4A310F0889DEED858B552D275A818DB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B255A, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
              Download Yara Rule
              APIs
              • GetExitCodeProcess.KERNELBASE(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 052B25B0
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: CodeExitProcess
              • String ID:
              • API String ID: 3861947596-0
              • Opcode ID: 8f76544dae0565cd067cc6bfcb85c6fe7d49d2aad7e54c42d4212b9b9f9afd9d
              • Instruction ID: 10ee38b6e1a8862c5b5c97901daf05595e024760e023d24edb3d5479cbb211f7
              • Opcode Fuzzy Hash: 8f76544dae0565cd067cc6bfcb85c6fe7d49d2aad7e54c42d4212b9b9f9afd9d
              • Instruction Fuzzy Hash: 2011C6B5600345AFFB21CF69DC85BAAFB98EF04320F14846AED45DB245D6B8E504CBB1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7ADEE, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
              Download Yara Rule
              APIs
              • setsockopt.WS2_32(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 00B7AE4D
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: setsockopt
              • String ID:
              • API String ID: 3981526788-0
              • Opcode ID: 701deb632c4ee071821669e19caa9a719b08be50e5b06c05a7ecdffffe69dcc5
              • Instruction ID: 17f2cd3fca8b228caf48d9300af072d3cd9b0373c4b87aff730120cae134668e
              • Opcode Fuzzy Hash: 701deb632c4ee071821669e19caa9a719b08be50e5b06c05a7ecdffffe69dcc5
              • Instruction Fuzzy Hash: F1118F71500304AFEB61CF55DC85BAAFBE8EF44720F1488AAED499B656D274A404CBB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7A155, Relevance: 1.6, APIs: 1, Instructions: 60networkCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: send
              • String ID:
              • API String ID: 2809346765-0
              • Opcode ID: 85a7b0bb278d160f6accdbb85cb7985c1903778dcf6947ab4da82348ad52419b
              • Instruction ID: 7761673d476dd180a94ff592ae2df35cfc1c0b5f56c1166f8eb72e58884edcb0
              • Opcode Fuzzy Hash: 85a7b0bb278d160f6accdbb85cb7985c1903778dcf6947ab4da82348ad52419b
              • Instruction Fuzzy Hash: 4F11AF75409380AFDB22CF25DC44B56FFB4EF56310F0885EAED848B552D375A818CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7A629, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: closesocket
              • String ID:
              • API String ID: 2781271927-0
              • Opcode ID: 9d0dee7df539aa8878cfb790d517adabcfbea62e7d169be08182a10129b7e08f
              • Instruction ID: bdf9e549083f2d8f3fb9c37107b53d5cb63403fb008029e9e38af3144abf305a
              • Opcode Fuzzy Hash: 9d0dee7df539aa8878cfb790d517adabcfbea62e7d169be08182a10129b7e08f
              • Instruction Fuzzy Hash: 69117C714093C09FDB128F25D884B56BFB4DF46220F0884EBED848F253D269A908CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B20AA, Relevance: 1.6, APIs: 1, Instructions: 58networkCOMMON
              Download Yara Rule
              APIs
              • WSAEventSelect.WS2_32(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 052B2103
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: EventSelect
              • String ID:
              • API String ID: 31538577-0
              • Opcode ID: 9fc881c5cf2b87fea0fde32235924bfa020767202c6cbe8c1f811fb3703fd640
              • Instruction ID: 8c77a6071b0055350e416118f23d7b9b3c5bcf8f1f1125f3dbf3bba16d22bc14
              • Opcode Fuzzy Hash: 9fc881c5cf2b87fea0fde32235924bfa020767202c6cbe8c1f811fb3703fd640
              • Instruction Fuzzy Hash: 4611C675510344AFEB21DF55DC85FAAFBA8EF04320F14846AEE499B246D6B4E404CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B27FE, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
              Download Yara Rule
              APIs
              • ioctlsocket.WS2_32(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 052B2857
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: ioctlsocket
              • String ID:
              • API String ID: 3577187118-0
              • Opcode ID: 9fc881c5cf2b87fea0fde32235924bfa020767202c6cbe8c1f811fb3703fd640
              • Instruction ID: 8aa7407487456322a72931bdd6bdc6f631ea8d504b456a1044b6f7a29600d54f
              • Opcode Fuzzy Hash: 9fc881c5cf2b87fea0fde32235924bfa020767202c6cbe8c1f811fb3703fd640
              • Instruction Fuzzy Hash: 4111C675900304AFEB21DF55DC84FA6FBA8EF44320F14846AEE499B246D2B4E404CBB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B0F72, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
              Download Yara Rule
              APIs
              • shutdown.WS2_32(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 052B0FC8
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: shutdown
              • String ID:
              • API String ID: 2510479042-0
              • Opcode ID: 22738c6739aa71df470293bbabf5d9f1f601743a42aded03cd91cb87abecd292
              • Instruction ID: bfdf50ce058cf65ebec92b8ffd4a270b8456b13cd818a3964c17c65e927bb42f
              • Opcode Fuzzy Hash: 22738c6739aa71df470293bbabf5d9f1f601743a42aded03cd91cb87abecd292
              • Instruction Fuzzy Hash: 0A11C671500344AFEB21DF55DC85FAAFB98EF04320F14846AED489B246D6B8A504CBB1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B15B6, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 052B161F
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: LibraryLoad
              • String ID:
              • API String ID: 1029625771-0
              • Opcode ID: ded39425b98c2f4a405ab89527f75ae6bb1289c39fc355b4c7c66de55688aa81
              • Instruction ID: b98d2644595026ce2c452ee1a137dabce2b38177f34f3a258bbdebfedafdde60
              • Opcode Fuzzy Hash: ded39425b98c2f4a405ab89527f75ae6bb1289c39fc355b4c7c66de55688aa81
              • Instruction Fuzzy Hash: DD11E571600304AFF720DB15DC85FB6FB98EF04720F18C46AEE445A286D6B8A544CAB5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B28DA, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: select
              • String ID:
              • API String ID: 1274211008-0
              • Opcode ID: 60fd63b3402e71d0a00395a5d75d7d1b162eda34130d1676342ee195ec1198d8
              • Instruction ID: 11c245cef0ba230d8ffc08813aa2b5e17b41c8df01ba6a7c8ae5602c5e1d41a8
              • Opcode Fuzzy Hash: 60fd63b3402e71d0a00395a5d75d7d1b162eda34130d1676342ee195ec1198d8
              • Instruction Fuzzy Hash: 52117C75600700DFE720CF56D884BA2FBE8EF04350F5884AADD4D8B211D3B4E444CA61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7AC6A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
              Download Yara Rule
              APIs
              • GetFileType.KERNELBASE(?,00000E2C,2AFAC120,00000000,00000000,00000000,00000000), ref: 00B7ACBD
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: FileType
              • String ID:
              • API String ID: 3081899298-0
              • Opcode ID: 6a24350fab89c920ac496c086e1f607c4c6ae9e01a3f0eb904ea1ff81181ddd8
              • Instruction ID: b8317119c4cbeeb867898362f3c77f1dfd07168891d838734564429a67e96ef7
              • Opcode Fuzzy Hash: 6a24350fab89c920ac496c086e1f607c4c6ae9e01a3f0eb904ea1ff81181ddd8
              • Instruction Fuzzy Hash: BE01F971504304AFE761CF25DC85B6AFBD8DF44720F14C096ED089B246D678E444CA72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B130A, Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
              Download Yara Rule
              APIs
              • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 052B1356
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: Connect
              • String ID:
              • API String ID: 3144859779-0
              • Opcode ID: d33cb8e08d3881cef39c5ceb413b6f67dae8f5fb512be2ce671c245fa6e55375
              • Instruction ID: 66f78b880a4b25f41dfdc2072c68c74cc06b1987473cc71676b0e33f3fecca47
              • Opcode Fuzzy Hash: d33cb8e08d3881cef39c5ceb413b6f67dae8f5fb512be2ce671c245fa6e55375
              • Instruction Fuzzy Hash: 5E1170319103009FEB20CF55D884BA6FBE5FF08350F0885AADD498BA16E375E414CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7A0BE, Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON
              Download Yara Rule
              APIs
              • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 00B7A10E
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: Startup
              • String ID:
              • API String ID: 724789610-0
              • Opcode ID: 301215ef4501fe154da8b23fd918b99eec68bb2dc89ab4f2b5a3ffb12256b22a
              • Instruction ID: cd800f0aecf652236496f0ffe194cf1e072f1bf971c6fa1e133f25a334ef5c3f
              • Opcode Fuzzy Hash: 301215ef4501fe154da8b23fd918b99eec68bb2dc89ab4f2b5a3ffb12256b22a
              • Instruction Fuzzy Hash: 6701B171500600ABD710DF1ADC81B36FBA8FB88B20F14816AED088B641E235B916CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B21B6, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
              Download Yara Rule
              APIs
              • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 052B2206
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: FormatMessage
              • String ID:
              • API String ID: 1306739567-0
              • Opcode ID: 84a9e2d69079e84dac8743129000b28c518246342986ef88f2e9c9632cf8663a
              • Instruction ID: c218ddaed703e74108f4a2bedabeffbdad8b49ba33b9fa2707d38eb2370ab1a1
              • Opcode Fuzzy Hash: 84a9e2d69079e84dac8743129000b28c518246342986ef88f2e9c9632cf8663a
              • Instruction Fuzzy Hash: BF01B171500600ABD310DF1ADC81B36FBA8FB88B20F14812AED088B641E231B916CBE1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7A59A, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B7A5DE
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 653183ed15a94d194f8b3ec41b2ec4b5406014b16871b406677061a5ccf0eb01
              • Instruction ID: ea039dfd4b12d99eb6f65954d1d66bd587db2e3742e34bc9fb43ddb4908aa2ce
              • Opcode Fuzzy Hash: 653183ed15a94d194f8b3ec41b2ec4b5406014b16871b406677061a5ccf0eb01
              • Instruction Fuzzy Hash: 87016D715007009FDB618F95D884B56FFE0EF48320F18C9AAEE494B616D375E414DF62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7ABBE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
              Download Yara Rule
              APIs
              • FindCloseChangeNotification.KERNELBASE(?), ref: 00B7ABF0
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: 1f08e2354a4a6a242c9d968bbed5afa3f466a8f847e9a33e35a1a84905baadd7
              • Instruction ID: b0c8fb8e79c763e0dbb3ee45887dd14467aa585e8977c53d35a87c9c35719bba
              • Opcode Fuzzy Hash: 1f08e2354a4a6a242c9d968bbed5afa3f466a8f847e9a33e35a1a84905baadd7
              • Instruction Fuzzy Hash: A001DF716043009FDB508F6AEC8476AFBD4DF44320F08C4EBDD098F646D278E804CA62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B24AE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
              Download Yara Rule
              APIs
              • FindCloseChangeNotification.KERNELBASE(?), ref: 052B24E0
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: 43d47365f066889c73adf0ebd35cae0948f8c4769d1a34f989de769232948f51
              • Instruction ID: b9c763d1a2ff3bb6cedd30201a162ccf47e9461001b6b5cca4e5dbedf799c849
              • Opcode Fuzzy Hash: 43d47365f066889c73adf0ebd35cae0948f8c4769d1a34f989de769232948f51
              • Instruction Fuzzy Hash: 1F018475510340CFE750CF59D8847A6FBA4EF44720F08C4AADD498FA56D2B4E448CB72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 052B04DE, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 052B052E
              Memory Dump Source
              • Source File: 00000000.00000002.1184208945.00000000052B0000.00000040.00000001.sdmp, Offset: 052B0000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: 4e547f7d9aafaca48cb8f922c826d5a7e3740b5bb8564a85aae3cc677e271a18
              • Instruction ID: d2102f1b8eccd9883e6510501838ffa33bda9cb9be7450fa4706094dd2826891
              • Opcode Fuzzy Hash: 4e547f7d9aafaca48cb8f922c826d5a7e3740b5bb8564a85aae3cc677e271a18
              • Instruction Fuzzy Hash: E101A271500604ABD214DF1ADC82B36FBA8FB89B20F14C11AED084B741E271F916CBE5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7A186, Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: send
              • String ID:
              • API String ID: 2809346765-0
              • Opcode ID: 0011de5d15a381f1da68ea83f55817c4e4574b0d1e742c0c0f53b41d9cb61df7
              • Instruction ID: dd86e606189bd34b8a75fc217dfe2065747c36e6300287aca9982914041f8299
              • Opcode Fuzzy Hash: 0011de5d15a381f1da68ea83f55817c4e4574b0d1e742c0c0f53b41d9cb61df7
              • Instruction Fuzzy Hash: 7C01B131504340DFEB60CF59D884B6AFBE0EF45320F08C4AADD494BA16D379A808DBB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7A65E, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: closesocket
              • String ID:
              • API String ID: 2781271927-0
              • Opcode ID: f0a1dcfae0f0141e27716d2870b976d371d227beb7ad442f485430893e749d1c
              • Instruction ID: c50c18dda5e6be5601a0cb2b662d865795a028f4c6ab321f9ccfc7d87466cfbe
              • Opcode Fuzzy Hash: f0a1dcfae0f0141e27716d2870b976d371d227beb7ad442f485430893e749d1c
              • Instruction Fuzzy Hash: 3B01AD709043408FDB60CF5AD88476AFBE4EF44320F18C4EADD488F656D279E804CEA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B7AA12, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
              Download Yara Rule
              APIs
              • SetErrorMode.KERNELBASE(?), ref: 00B7AA44
              Memory Dump Source
              • Source File: 00000000.00000002.1183090360.0000000000B7A000.00000040.00000001.sdmp, Offset: 00B7A000, based on PE: false
              Similarity
              • API ID: ErrorMode
              • String ID:
              • API String ID: 2340568224-0
              • Opcode ID: 4c58c11ae61fd609df5314a466ecca0bee3c0c8d17b40cc8d273acf1e638b0f6
              • Instruction ID: 45df1ede92285dbb92bbb90428816ae53f288d44bcefad61a6f05352e89a85e5
              • Opcode Fuzzy Hash: 4c58c11ae61fd609df5314a466ecca0bee3c0c8d17b40cc8d273acf1e638b0f6
              • Instruction Fuzzy Hash: 2DF0A935900340DFDB608F1AD984769FBE0EF84720F18C0EADD494B656E279A908CFB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B68CF5, Relevance: 1.5, Strings: 1, Instructions: 232COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq
              • API String ID: 0-3329585733
              • Opcode ID: f7cc550946329efbcec385f17e861c03d606435329f28206dccdb31c036257cb
              • Instruction ID: 9992f71a64bc9c8f3203d622a8325b687288024a6172efcda12b0924ec4e22b1
              • Opcode Fuzzy Hash: f7cc550946329efbcec385f17e861c03d606435329f28206dccdb31c036257cb
              • Instruction Fuzzy Hash: 77915030A04205DFCB19AF75E660A6D77B3FF88304B248969E5169B3A9EF35D801DF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B68D53, Relevance: 1.5, Strings: 1, Instructions: 221COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq
              • API String ID: 0-3329585733
              • Opcode ID: 4d81f24730c94dc755cf0687f804614186c8374d398e659ccabcff1b8e3f6cc1
              • Instruction ID: 1e815705785713f00e6e9e96ed8039097dc33cb4032e672e34f64549548d9450
              • Opcode Fuzzy Hash: 4d81f24730c94dc755cf0687f804614186c8374d398e659ccabcff1b8e3f6cc1
              • Instruction Fuzzy Hash: 6F914C30A04205DFCB19AB75E660A6D77B3FF88304B248969E5169B3A9EF35D802DF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B68DA3, Relevance: 1.5, Strings: 1, Instructions: 214COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq
              • API String ID: 0-3329585733
              • Opcode ID: 98ceceb70c83cbdfc41396740608ed7fcac91e4d06bc87394da7bff468181253
              • Instruction ID: ffaca59eedc3666daff0cf37f6520fffba393fe93aee67ae38843aafe2a02c38
              • Opcode Fuzzy Hash: 98ceceb70c83cbdfc41396740608ed7fcac91e4d06bc87394da7bff468181253
              • Instruction Fuzzy Hash: 54814E30A04205DFCB19EB75E660A6D77B3FF88304B248969E5169B3A9EF35D802DF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B68E25, Relevance: 1.4, Strings: 1, Instructions: 193COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq
              • API String ID: 0-3329585733
              • Opcode ID: 4d235821125cffb03ddce8936fed9dd8dc1438e36ee831c5e9b348ec593e5ae6
              • Instruction ID: cbb3a5d7ccc7779a64a94fb45af0042be931f92c44961e66cc13235dc819794a
              • Opcode Fuzzy Hash: 4d235821125cffb03ddce8936fed9dd8dc1438e36ee831c5e9b348ec593e5ae6
              • Instruction Fuzzy Hash: A8716D30B04201DFCB19AB75E660A6D77A3EF88304B24C929E5169B3A9EF35DC02DF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B68F15, Relevance: 1.4, Strings: 1, Instructions: 146COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq
              • API String ID: 0-3329585733
              • Opcode ID: 38bc82c4e8a91ed59693de755faed59604c9f3511a9ea2c2b4093a64105cd26f
              • Instruction ID: 9e450566ed66a7f2ce979d9d34545ace4b9457f6e3c92732138e5d7f770a1a5a
              • Opcode Fuzzy Hash: 38bc82c4e8a91ed59693de755faed59604c9f3511a9ea2c2b4093a64105cd26f
              • Instruction Fuzzy Hash: A2518130B042019FDB18AB75E56066D73E3EF88704B208929E5169B3A9EF35DC01CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B63520, Relevance: 1.4, Strings: 1, Instructions: 109COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq
              • API String ID: 0-3329585733
              • Opcode ID: 74990376b91fccfdc52f73900e7b6cdf2b62552c21c4855ff50f91d31ffa0a28
              • Instruction ID: 802064ba108e48ff08a95151b4b068573f0b2efac8c0dcb62bea960d3bc937b3
              • Opcode Fuzzy Hash: 74990376b91fccfdc52f73900e7b6cdf2b62552c21c4855ff50f91d31ffa0a28
              • Instruction Fuzzy Hash: 4A31E3307002158FDB14BBB9D81076E36EBEF84708F604469D5069B3A9EF79DD069B91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B600B8, Relevance: 1.3, Strings: 1, Instructions: 96COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID: %]=q^
              • API String ID: 0-3921273546
              • Opcode ID: 844bb57056292c36c24a2cb46527f39d116777fb9aac33376e195574c500ec8f
              • Instruction ID: 7029fdc332da59c4de71d040995ec7adc6ee0b6ea7c5e325484d570e5c00448f
              • Opcode Fuzzy Hash: 844bb57056292c36c24a2cb46527f39d116777fb9aac33376e195574c500ec8f
              • Instruction Fuzzy Hash: 91310530B053449FD715EB759821B6D3BA7AFC2754F1484AAD006DF2D6DE798C02C791
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B6904C, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq
              • API String ID: 0-3329585733
              • Opcode ID: d289cb71896fe296c2bcb296f90463bd30188be57345de38c5df68ba7227583f
              • Instruction ID: 3f212c21ad78773260285ca4be5c593496c8586a1008c81c0b184bd434609397
              • Opcode Fuzzy Hash: d289cb71896fe296c2bcb296f90463bd30188be57345de38c5df68ba7227583f
              • Instruction Fuzzy Hash: B9317234B042109FDF29ABB8D62076D77E7EF88744B208429D4069B3A9EF35DC11CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B60118, Relevance: 1.3, Strings: 1, Instructions: 59COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID: %]=q^
              • API String ID: 0-3921273546
              • Opcode ID: 45d6ade2f3f7635b7b2a3f388c9dcbc49472f863605b022178f62549ef062938
              • Instruction ID: af1094c55f42d5e376b0602a9852d3207f49bb31d7da5180a28d8725c523e8f4
              • Opcode Fuzzy Hash: 45d6ade2f3f7635b7b2a3f388c9dcbc49472f863605b022178f62549ef062938
              • Instruction Fuzzy Hash: 0011C230B053598FD315E77AA421A793B67BBC2784B54406AE006DF38ADE798D07C7A2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B63441, Relevance: 1.3, Strings: 1, Instructions: 41COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID: pP
              • API String ID: 0-2161046187
              • Opcode ID: c058f065c8093ef8137ab2a51346822eecefd0521a162fc8d8f744e06e65b211
              • Instruction ID: 7e3c6abda429638680cfda27b8092e293d9ce3831a6f2c29921bdeffa84f8421
              • Opcode Fuzzy Hash: c058f065c8093ef8137ab2a51346822eecefd0521a162fc8d8f744e06e65b211
              • Instruction Fuzzy Hash: CF014070604305CFDB04FBB8D56951D7BE1FF80304F05C96DE85A8B259EE709808CB52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B63803, Relevance: .5, Instructions: 497COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d2b393dd5e6165ed6405ce2a1fed41d3780375002e5eb75c26092478cac9844e
              • Instruction ID: d6a2a470d56a1cd54ed03ce9572d2e24620e84e89d012f20ad420762757b496d
              • Opcode Fuzzy Hash: d2b393dd5e6165ed6405ce2a1fed41d3780375002e5eb75c26092478cac9844e
              • Instruction Fuzzy Hash: A1320830A04219CFCB24EFB4D954BADBBB2FB49304F1045A9D50AAB395EB759D81CF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B67190, Relevance: .3, Instructions: 287COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d7cd6c7f1f8043adafb3b6e17590265a0dbbb23eab4337162c341382478b0871
              • Instruction ID: d1d19c6923a63298324f325afe09ce1129f0e125653f9c8281e5d13cb619e4c8
              • Opcode Fuzzy Hash: d7cd6c7f1f8043adafb3b6e17590265a0dbbb23eab4337162c341382478b0871
              • Instruction Fuzzy Hash: E6A1C4307042118BDB14EB39D958B6D37E2FB84354F1446A9E8279B2E9EF38ED01CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B639BF, Relevance: .2, Instructions: 182COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 887f65ad7f636866b7e52e29ef54597a7fc7e65a0c153a7e68fd190834c1c9cb
              • Instruction ID: 1b1315ad5f86df78a7b9fb0e0037134570e09a61a58d46dfef37b5518520a4f9
              • Opcode Fuzzy Hash: 887f65ad7f636866b7e52e29ef54597a7fc7e65a0c153a7e68fd190834c1c9cb
              • Instruction Fuzzy Hash: 57814D30A002188FDB14DFB9C954BEDB7B2FF85304F1085AAD50AAB298EB759D85CF51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B6756E, Relevance: .1, Instructions: 137COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b9b528922912cd80b4f0d0b4eff0407d299b9c457ffda743febbb2a495fefb22
              • Instruction ID: d7cc711334589daf703ed12c28c8df5a8b29f4f4f3b996c1790222444f63b58d
              • Opcode Fuzzy Hash: b9b528922912cd80b4f0d0b4eff0407d299b9c457ffda743febbb2a495fefb22
              • Instruction Fuzzy Hash: E0419030604202CBDB29DF36D9117AD37E2FB85358F5446A9E462DB1D9EF38E906CB60
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B694F0, Relevance: .1, Instructions: 107COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5aa044b1ec717db64264f8ae6c922efdac26a75324c0fb3f93903879e71d4027
              • Instruction ID: 4b2ccb029a8966b6d92697495da5cc05899b2a176d3dddc478495f91ef6a69a5
              • Opcode Fuzzy Hash: 5aa044b1ec717db64264f8ae6c922efdac26a75324c0fb3f93903879e71d4027
              • Instruction Fuzzy Hash: 8A319E70B003059FDB14DF79D950BAEBBE6BF88310F148169E406AB3A4DB74A805CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B60006, Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 019ac3cbc5c39dd0576853227b56468e50ee3ab02100a4f3151c12fbddcda59e
              • Instruction ID: f9ea1f1ed3bea4cf0944078b1e82e0cf127db85a3b3001e03418c8a3dbdbf77e
              • Opcode Fuzzy Hash: 019ac3cbc5c39dd0576853227b56468e50ee3ab02100a4f3151c12fbddcda59e
              • Instruction Fuzzy Hash: 6611B36144E3C18FD3139B74D8697843FB1AF13614B0A45DBC0C1CF1A7D659AE0ADB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05301FE0, Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184247098.0000000005300000.00000040.00000001.sdmp, Offset: 05300000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e2ab23f752aafdd5e3909eb768f52d4d585667d4c85813cc8603a13280ac5741
              • Instruction ID: cd9015a461b2659998884ad11c2baf6ba3b27627a22f58f259ccbb40eb254d80
              • Opcode Fuzzy Hash: e2ab23f752aafdd5e3909eb768f52d4d585667d4c85813cc8603a13280ac5741
              • Instruction Fuzzy Hash: 9E11BAB5608301AFD350CF19D880A5BFBE4FB88664F14896EF998D7311E235E9048FA6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02660804, Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1183426630.0000000002660000.00000040.00000040.sdmp, Offset: 02660000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 472610f93906b71a1efcdb72076f203f7e9c61feeaf48f5657e3350bcdd9b3f6
              • Instruction ID: 7a158a5c1bc2dbb8a6f83e97be36e0596d29994ee35efa146dc5f99696d07ecf
              • Opcode Fuzzy Hash: 472610f93906b71a1efcdb72076f203f7e9c61feeaf48f5657e3350bcdd9b3f6
              • Instruction Fuzzy Hash: 4D11AF302443449FDB19CB15C948B36BBA5BB88708F28CABDE9490B743C77BD803CA91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 026607CB, Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1183426630.0000000002660000.00000040.00000040.sdmp, Offset: 02660000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 86253257f2101799ccfdbe58044aa339c9ae4edd08d373a2f104482a5a29a86e
              • Instruction ID: eda7d14e88eecd32675dbd58e8a66043942b562290336834210bd68322959cdd
              • Opcode Fuzzy Hash: 86253257f2101799ccfdbe58044aa339c9ae4edd08d373a2f104482a5a29a86e
              • Instruction Fuzzy Hash: D9213D3150D3C09FD703CB20C950B65BFB1AF47208F1985EED8895B663C73A9816DB92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B69210, Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4849648a57f596e21ce6d03c4d153058e96425e5e57ae6ecac1b4f534f5d5d6a
              • Instruction ID: 13e7dbc215f0c3baae3e71f88bfad452b517fb89dfe5500be17ba9321e542d02
              • Opcode Fuzzy Hash: 4849648a57f596e21ce6d03c4d153058e96425e5e57ae6ecac1b4f534f5d5d6a
              • Instruction Fuzzy Hash: CF119E35E043458FCB94EFBC85106AEBBF2EF9930476044BAC009EB304EA358D02CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E2B128, Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1183188198.0000000000E2A000.00000040.00000001.sdmp, Offset: 00E2A000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: edaa9778457aba5359366d97794f93a85b1966b7e4417d1a2bd558d8c4fb27d9
              • Instruction ID: 0bf884c0fe5ed01bd636b60972e3aabef41a0c9c6dd3da61404f03adaf998e4a
              • Opcode Fuzzy Hash: edaa9778457aba5359366d97794f93a85b1966b7e4417d1a2bd558d8c4fb27d9
              • Instruction Fuzzy Hash: C311FEB5608301AFD350CF49DC80A5BFBE8EB88660F14892EFD5997311D235E904CFA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05301E84, Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184247098.0000000005300000.00000040.00000001.sdmp, Offset: 05300000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 74223a2dae871d14efe9df68222058330d1031dfd2f47abc518011d232e44dad
              • Instruction ID: 94f0304811b1029ce99f2f50ff2b188434d0f561bacf5919de9e301d7533d4bf
              • Opcode Fuzzy Hash: 74223a2dae871d14efe9df68222058330d1031dfd2f47abc518011d232e44dad
              • Instruction Fuzzy Hash: E011FEB5608301AFD350CF49DC80A5BFBE8EB88660F14892EFD5997311D235E9048FA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B693B8, Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5fd1e582085ee14d74efaef2d502387ff2c2d34c595c7218c4b8fb4773857c86
              • Instruction ID: 2497661a66ef95a82d1698290488eeb4f444553cf5276030bd12f694a28467ce
              • Opcode Fuzzy Hash: 5fd1e582085ee14d74efaef2d502387ff2c2d34c595c7218c4b8fb4773857c86
              • Instruction Fuzzy Hash: C201D462D102254AEF21ABFC98411EFBBE4AF80208B510576CA09E3141E734D95583E2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 026605CF, Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1183426630.0000000002660000.00000040.00000040.sdmp, Offset: 02660000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8f2c709c9ecd4b6d7ae50d7121e83c5f6dbfae6ab2fba563dc239c3f8e05b346
              • Instruction ID: fec0c4aa005c64043494fb03cb193801e5f1d2e73012ad2d1e54116158fe8ece
              • Opcode Fuzzy Hash: 8f2c709c9ecd4b6d7ae50d7121e83c5f6dbfae6ab2fba563dc239c3f8e05b346
              • Instruction Fuzzy Hash: C201A2755497806FC3518B1AEC408A3BFE8EF4623070984ABEC88CB212D129B909DB75
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B600A8, Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 62952a638e3a26d1c1f97b22b3e8d235000e20ce20069ad08c89163da0ecfacb
              • Instruction ID: a6c10e960a1f7c67a7a99c49fe69e7d05ec9733eb5ea44a857323c41a72c3f3e
              • Opcode Fuzzy Hash: 62952a638e3a26d1c1f97b22b3e8d235000e20ce20069ad08c89163da0ecfacb
              • Instruction Fuzzy Hash: 28F0F631A04304ABEB04EF71DC12B9E7BB6EF81714F1085AEE545AB1D4EA326841C780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 026608C0, Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1183426630.0000000002660000.00000040.00000040.sdmp, Offset: 02660000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
              • Instruction ID: 8579ac347bf460c04f7cb40946283b2fb13c5f59c5014cc21524125140904fc9
              • Opcode Fuzzy Hash: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
              • Instruction Fuzzy Hash: F6F01935248645DFC706CF04D944B25FBA2FB89718F24C6ADE9491B762C73BE813DA81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 026605F6, Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1183426630.0000000002660000.00000040.00000040.sdmp, Offset: 02660000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1291c2a81a22b0f4f0f143e044c065e462630d9eb651446ef140c060786a0137
              • Instruction ID: e75969217bcaae0a29c440bbf89b0ab7ed896fb9ece8091645fd11c508ce3db2
              • Opcode Fuzzy Hash: 1291c2a81a22b0f4f0f143e044c065e462630d9eb651446ef140c060786a0137
              • Instruction Fuzzy Hash: 3EE092766007005BD650DF0AEC81466FBD8EB88630718C07FDC0D8B701E539F505CEA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B69634, Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6697a4c29370bd93e8ce113b657ea6d881585f3ef5612eb59ede34ad1d1d3603
              • Instruction ID: 0e0089b851f79fe4f335a709bf46da90c4dbb53107da9ec96028510c1ec8c93f
              • Opcode Fuzzy Hash: 6697a4c29370bd93e8ce113b657ea6d881585f3ef5612eb59ede34ad1d1d3603
              • Instruction Fuzzy Hash: 10F09B707042558EDF25A7F5A410AEC7BA4BBC4118B040D95C112A7151DB39DA16CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E2B177, Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1183188198.0000000000E2A000.00000040.00000001.sdmp, Offset: 00E2A000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ed450d6e4b07a99c6e9f789b17824196e326369806fd4793dc411f640a1d6d4f
              • Instruction ID: 6d6e58b554f15c68b733c0a41121a3db3a2201d336dbf7b739ca849fc4e52336
              • Opcode Fuzzy Hash: ed450d6e4b07a99c6e9f789b17824196e326369806fd4793dc411f640a1d6d4f
              • Instruction Fuzzy Hash: 2DE0D87264030467D2209F469C81B62FB98DB44A30F04C567ED081B302E175B504CAF5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0530204B, Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184247098.0000000005300000.00000040.00000001.sdmp, Offset: 05300000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 07df4bc3f225c002035971384fe4504054d55ca832c44c781e07f85de4ff1003
              • Instruction ID: 161d0197f11d4e337f300787a322bc7ea6c4c3745d1828f7669e0fc9ce86a543
              • Opcode Fuzzy Hash: 07df4bc3f225c002035971384fe4504054d55ca832c44c781e07f85de4ff1003
              • Instruction Fuzzy Hash: 3FE0D8B26403006BD3209F06DC81B62FB98DB44A30F04C567ED085B302E075B5148AE5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 053018F7, Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184247098.0000000005300000.00000040.00000001.sdmp, Offset: 05300000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 74a8c78c7486ecfe5108e46cbe080fffbd9901745984146134ea7ff971ef7ef5
              • Instruction ID: f765d654449c12fb6665c540b8c81d1bb23b1ccf3a3ad5a0971d961043bdbb40
              • Opcode Fuzzy Hash: 74a8c78c7486ecfe5108e46cbe080fffbd9901745984146134ea7ff971ef7ef5
              • Instruction Fuzzy Hash: 58E0D87261030067D2209F069C81B63FB98DB44A30F04C567ED081B306E076B514CEE5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05301ED3, Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184247098.0000000005300000.00000040.00000001.sdmp, Offset: 05300000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f6d97cd9ae0af9f97806881d98d2108bc84ef1a9a3fa1ce3a0429c1c26981755
              • Instruction ID: 8f4a260ef06efbbdb73a902c13873afd8ee7c4ac0d07099f6d3f37a8661e25f4
              • Opcode Fuzzy Hash: f6d97cd9ae0af9f97806881d98d2108bc84ef1a9a3fa1ce3a0429c1c26981755
              • Instruction Fuzzy Hash: B2E0D87260030467D2609F069C81B63FB98DB44A70F04C567ED091B302E176B5048EF5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B636A8, Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5f0554f80676f69a8dbf1df8fceff48d66b0c744e913656ec5b987f792139f8c
              • Instruction ID: 41ca1e2a504caa932960d798bb85da5bfed9012de4467d51c730a406b511e883
              • Opcode Fuzzy Hash: 5f0554f80676f69a8dbf1df8fceff48d66b0c744e913656ec5b987f792139f8c
              • Instruction Fuzzy Hash: EAE08C3010A384CFC7062BB8801405837B8BB8730979008FEC5028F362EA7AA886CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B64200, Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6cd0774216ff0d2f441617ec2223b71411ded0e8a8cb2a2f9912f5a8ffe98a48
              • Instruction ID: 3fd8e2976bbc74cba0ab14848d1c4e0d1e997438b5de2b505459f990dff6f036
              • Opcode Fuzzy Hash: 6cd0774216ff0d2f441617ec2223b71411ded0e8a8cb2a2f9912f5a8ffe98a48
              • Instruction Fuzzy Hash: 32E086305493449FC701CF69D9518497BB4EB07300B1005E6E445DB292E9342E05DB96
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B694B1, Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 91a8ee2be3a6c82f09c57bc2449303bf54b27de84ed41ca5dccd44b5c0bbf068
              • Instruction ID: 6f561a3c4a27d0e500a26a016930c28af3250955af0cbb14254b6eb2cfe7c750
              • Opcode Fuzzy Hash: 91a8ee2be3a6c82f09c57bc2449303bf54b27de84ed41ca5dccd44b5c0bbf068
              • Instruction Fuzzy Hash: 7ED05E70409388EFE716AFB0EC155ACBB38EE53200F5001EBD806DB2A1E6345E058351
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B723F4, Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1183083829.0000000000B72000.00000040.00000001.sdmp, Offset: 00B72000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7ec0754a786f6b3472513ec238f8a5dbec7d8391a9a5bb41fc1792a3361316af
              • Instruction ID: 6a1d349f61284d62d3ad7e4ab140ad523114fde410e69e1a9cbadd606dff4c2f
              • Opcode Fuzzy Hash: 7ec0754a786f6b3472513ec238f8a5dbec7d8391a9a5bb41fc1792a3361316af
              • Instruction Fuzzy Hash: 08D05E79205A918FD3268B1CC1A9B953BD4EB51B04F4684F9E8008B767C369DA81D200
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B723BC, Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1183083829.0000000000B72000.00000040.00000001.sdmp, Offset: 00B72000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6ccd4b1b5731bf84fd0a53f88be7617247632a9b271d5004740439356c6d6d1a
              • Instruction ID: f4a100e6a53276be579cbf871b66297cfee2f1dacb57dc3ab9452a03db9967c6
              • Opcode Fuzzy Hash: 6ccd4b1b5731bf84fd0a53f88be7617247632a9b271d5004740439356c6d6d1a
              • Instruction Fuzzy Hash: 44D05E342006814FC715DB0CC194F5937D4EB41B00F0684ECAC108B266C7A8DC81D600
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B64210, Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fb90ab9217687f9bd2cfddf9493a47ad342fc2507b11cb7f08e4948d194c19b6
              • Instruction ID: dac41d692394226804e4ea8944a20c926442b10e3e19b7dbf7b421d2842a23a3
              • Opcode Fuzzy Hash: fb90ab9217687f9bd2cfddf9493a47ad342fc2507b11cb7f08e4948d194c19b6
              • Instruction Fuzzy Hash: 4ED0C971A05208EF8704DFA9E94589DBBF9EB09200B1041A9E809D3290FE315E04DB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B69361, Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7e6255d7ad884f388b5a620360773cde37ab5258a79a39ce4382fdf1437e0afc
              • Instruction ID: f63a60400b15b83e1ec128e1d2efa5569d7893ada366a0a97078729c2f0a92c5
              • Opcode Fuzzy Hash: 7e6255d7ad884f388b5a620360773cde37ab5258a79a39ce4382fdf1437e0afc
              • Instruction Fuzzy Hash: 85D080900597C54FC70227B55C152453B7E59471007C400D7DC47CB193D52D7855C3ED
              Uniqueness

              Uniqueness Score: -1.00%

              Function 04B69398, Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1184064606.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fdd6ac1d06f078a360659bd2e972064a5f349e476c092bec4ceea506e9ad4887
              • Instruction ID: f1b4316034584274a40c0894b6f0ad82d6ad8c9f6aa8310623a8af75bb0cafe8
              • Opcode Fuzzy Hash: fdd6ac1d06f078a360659bd2e972064a5f349e476c092bec4ceea506e9ad4887
              • Instruction Fuzzy Hash: B1C08C312001188FC620EB6CD404DA6B3EDEF49220B1080BAE148C7312CE76EC0047E0
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions